diff --git a/config/config.yaml b/config/config.yaml index 7c6c28980..9ca3672a7 100644 --- a/config/config.yaml +++ b/config/config.yaml @@ -44,6 +44,11 @@ defaults: maestroRestrictIstioIngress: true maestroConsumerName: hcp-underlay-{{ .ctx.region }}-{{ .ctx.regionStamp }}-mgmt-{{ .ctx.cxStamp }} + # Hypershift + hypershiftNamespace: hypershift + externalDNSManagedIdentityName: external-dns + externalDNSServiceAccountName: external-dns + # Cluster Service clusterServicePostgresName: {{ azurePostgresName "cs" 5 .ctx.region .ctx.regionStamp }} clusterServicePostgresDeploy: true @@ -106,7 +111,7 @@ clouds: clusterServiceImageTag: a23276d clusterServiceImageRepo: app-sre/uhc-clusters-service # Hypershift Operator - hypershiftOperatorImageTag: 99a256f + hypershiftOperatorImageTag: a95fc46 externalDNSImageTag: v0.14.2 # Shared SVC KV serviceKeyVaultName: 'aro-hcp-dev-svc-kv' diff --git a/config/public-cloud-cs-pr.json b/config/public-cloud-cs-pr.json index d53a3f032..08112d1bd 100644 --- a/config/public-cloud-cs-pr.json +++ b/config/public-cloud-cs-pr.json @@ -14,6 +14,8 @@ "cxKeyVaultPrivate": false, "cxKeyVaultSoftDelete": false, "externalDNSImageTag": "v0.14.2", + "externalDNSManagedIdentityName": "external-dns", + "externalDNSServiceAccountName": "external-dns", "firstPartyAppClientId": "57e54810-3138-4f38-bd3b-29cb33f4c358", "frontendCosmosDBDeploy": true, "frontendCosmosDBDisableLocalAuth": true, @@ -21,7 +23,8 @@ "globalRG": "global", "grafanaAdminGroupPrincipalId": "6b6d3adf-8476-4727-9812-20ffdef2b85c", "grafanaName": "aro-hcp-grafana-9c782", - "hypershiftOperatorImageTag": "99a256f", + "hypershiftNamespace": "hypershift", + "hypershiftOperatorImageTag": "a95fc46", "imageSyncAcrRG": "global", "imageSyncEnvironmentName": "aro-hcp-image-sync", "imageSyncImageRepo": "image-sync/component-sync", diff --git a/config/public-cloud-dev.json b/config/public-cloud-dev.json index c318621ba..8be29a0f2 100644 --- a/config/public-cloud-dev.json +++ b/config/public-cloud-dev.json @@ -14,6 +14,8 @@ "cxKeyVaultPrivate": false, "cxKeyVaultSoftDelete": false, "externalDNSImageTag": "v0.14.2", + "externalDNSManagedIdentityName": "external-dns", + "externalDNSServiceAccountName": "external-dns", "firstPartyAppClientId": "57e54810-3138-4f38-bd3b-29cb33f4c358", "frontendCosmosDBDeploy": true, "frontendCosmosDBDisableLocalAuth": true, @@ -21,7 +23,8 @@ "globalRG": "global", "grafanaAdminGroupPrincipalId": "6b6d3adf-8476-4727-9812-20ffdef2b85c", "grafanaName": "aro-hcp-grafana-157ff", - "hypershiftOperatorImageTag": "99a256f", + "hypershiftNamespace": "hypershift", + "hypershiftOperatorImageTag": "a95fc46", "imageSyncAcrRG": "global", "imageSyncEnvironmentName": "aro-hcp-image-sync", "imageSyncImageRepo": "image-sync/component-sync", diff --git a/config/public-cloud-personal-dev.json b/config/public-cloud-personal-dev.json index fd89f0cf1..570c91601 100644 --- a/config/public-cloud-personal-dev.json +++ b/config/public-cloud-personal-dev.json @@ -14,6 +14,8 @@ "cxKeyVaultPrivate": false, "cxKeyVaultSoftDelete": false, "externalDNSImageTag": "v0.14.2", + "externalDNSManagedIdentityName": "external-dns", + "externalDNSServiceAccountName": "external-dns", "firstPartyAppClientId": "57e54810-3138-4f38-bd3b-29cb33f4c358", "frontendCosmosDBDeploy": true, "frontendCosmosDBDisableLocalAuth": true, @@ -21,7 +23,8 @@ "globalRG": "global", "grafanaAdminGroupPrincipalId": "6b6d3adf-8476-4727-9812-20ffdef2b85c", "grafanaName": "aro-hcp-grafana-76fc6", - "hypershiftOperatorImageTag": "99a256f", + "hypershiftNamespace": "hypershift", + "hypershiftOperatorImageTag": "a95fc46", "imageSyncAcrRG": "global", "imageSyncEnvironmentName": "aro-hcp-image-sync", "imageSyncImageRepo": "image-sync/component-sync", diff --git a/dev-infrastructure/configurations/mgmt-cluster.tmpl.bicepparam b/dev-infrastructure/configurations/mgmt-cluster.tmpl.bicepparam index fa7e12463..4a790b889 100644 --- a/dev-infrastructure/configurations/mgmt-cluster.tmpl.bicepparam +++ b/dev-infrastructure/configurations/mgmt-cluster.tmpl.bicepparam @@ -24,6 +24,11 @@ param maestroKeyVaultName = '{{ .maestroKeyVaultName }}' param maestroEventGridNamespacesName = '{{ .maestroEventgridName }}' param maestroCertDomain = '{{ .maestroCertDomain }}' +// Hypershift +param hypershiftNamespace = '{{ .hypershiftNamespace }}' +param externalDNSManagedIdentityName = '{{ .externalDNSManagedIdentityName }}' +param externalDNSServiceAccountName = '{{ .externalDNSServiceAccountName }}' + // DNS param regionalDNSZoneName = '{{ .regionalDNSSubdomain}}.{{ .baseDnsZoneName }}' diff --git a/dev-infrastructure/templates/mgmt-cluster.bicep b/dev-infrastructure/templates/mgmt-cluster.bicep index b746713df..c1b9ab78f 100644 --- a/dev-infrastructure/templates/mgmt-cluster.bicep +++ b/dev-infrastructure/templates/mgmt-cluster.bicep @@ -59,6 +59,15 @@ param aksKeyVaultName string @description('Manage soft delete setting for AKS etcd key-value store') param aksEtcdKVEnableSoftDelete bool = true +@description('The name of the hypershift namespace.') +param hypershiftNamespace string + +@description('The name of the external DNS managed identity.') +param externalDNSManagedIdentityName string + +@description('The name of the external DNS service account.') +param externalDNSServiceAccountName string + @description('The name of the maestro consumer.') param maestroConsumerName string @@ -140,9 +149,9 @@ module mgmtCluster '../modules/aks-cluster-base.bicep' = { serviceAccountName: 'maestro' } external_dns_wi: { - uamiName: 'external-dns' - namespace: 'hypershift' - serviceAccountName: 'external-dns' + uamiName: externalDNSManagedIdentityName + namespace: hypershiftNamespace + serviceAccountName: externalDNSServiceAccountName } }) aksKeyVaultName: aksKeyVaultName @@ -188,11 +197,11 @@ module maestroConsumer '../modules/maestro/maestro-consumer.bicep' = { var externalDnsManagedIdentityPrincipalId = filter( mgmtCluster.outputs.userAssignedIdentities, - id => id.uamiName == 'external-dns' + id => id.uamiName == externalDNSManagedIdentityName )[0].uamiPrincipalID module dnsZoneContributor '../modules/dns/zone-contributor.bicep' = { - name: guid(regionalDNSZoneName, mgmtCluster.name, 'external-dns') + name: guid(regionalDNSZoneName, mgmtCluster.name, externalDNSManagedIdentityName) scope: resourceGroup(regionalResourceGroup) params: { zoneName: regionalDNSZoneName diff --git a/hypershiftoperator/.gitignore b/hypershiftoperator/.gitignore index eb4d062d7..aee2e4ce1 100644 --- a/hypershiftoperator/.gitignore +++ b/hypershiftoperator/.gitignore @@ -1,7 +1 @@ -kubectl-slice -edo-azure-credentials.json -domain.txt -patch-serviceaccount-external-dns.json -test -deploy/overlays/dev/txt_owner_id.txt config.mk diff --git a/hypershiftoperator/Makefile b/hypershiftoperator/Makefile index 4cb127842..53af3abf5 100644 --- a/hypershiftoperator/Makefile +++ b/hypershiftoperator/Makefile @@ -3,69 +3,24 @@ DEPLOY_ENV ?= personal-dev $(shell ../templatize.sh $(DEPLOY_ENV) config.tmpl.mk config.mk) include config.mk -HO_IMAGE ?= ${ARO_HCP_IMAGE_ACR}.azurecr.io/acm-d/rhtap-hypershift-operator:${HO_IMAGE_TAG} -EDO_IMAGE ?= ${ARO_HCP_IMAGE_ACR}.azurecr.io/external-dns/external-dns:${ED_IMAGE_TAG} - -create-edo-azure-creds: - @echo '{' > deploy/overlays/dev/edo-azure-credentials.json - @AZURE_TENANT_ID=$(shell az account show --query tenantId --output tsv) && \ - echo " \"tenantId\": \"$$AZURE_TENANT_ID\"," >> deploy/overlays/dev/edo-azure-credentials.json - @AZURE_SUBSCRIPTION_ID=$(shell az account show --query id --output tsv) && \ - echo " \"subscriptionId\": \"$$AZURE_SUBSCRIPTION_ID\"," >> deploy/overlays/dev/edo-azure-credentials.json - @echo ' "resourceGroup": "${REGIONAL_RESOURCEGROUP}",' >> deploy/overlays/dev/edo-azure-credentials.json - @echo ' "useWorkloadIdentityExtension": true,' >> deploy/overlays/dev/edo-azure-credentials.json - @EXTERNAL_DNS_OPERATOR_MI_CLIENT_ID=$(shell az identity show -g ${RESOURCEGROUP} -n external-dns --query clientId -o tsv) && \ - echo " \"userAssignedIdentityID\": \"$$EXTERNAL_DNS_OPERATOR_MI_CLIENT_ID\"" >> deploy/overlays/dev/edo-azure-credentials.json - @echo '}' >> deploy/overlays/dev/edo-azure-credentials.json - -create-edo-sa-patch: - @EXTERNAL_DNS_OPERATOR_MI_CLIENT_ID=$(shell az identity show -g ${RESOURCEGROUP} -n external-dns --query clientId -o tsv) && \ - echo "[{\"op\": \"add\", \"path\": \"/metadata/annotations/azure.workload.identity~1client-id\", \"value\": \"$$EXTERNAL_DNS_OPERATOR_MI_CLIENT_ID\"}]" > deploy/overlays/dev/patch-serviceaccount-external-dns.json - -create-domain-file: - @echo "${ZONE_NAME}" > deploy/overlays/dev/domain.txt - -create-txt-owner-id-file: - @echo "${RESOURCEGROUP}" > deploy/overlays/dev/txt_owner_id.txt - -deploy: create-edo-azure-creds create-edo-sa-patch create-domain-file create-txt-owner-id-file - kubectl apply --server-side --force-conflicts -k deploy/crds - kubectl apply --server-side --force-conflicts -k deploy/overlays/dev - -# run this task whenever HO_IMAGE or EDO_IMAGE is updated -# commit the changes to deploy/base to the repo since we don't have podman or docker in CI -prepare-ho-manifests: - @curl -sfLo - "https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.3.1/kubectl-slice_${shell uname -s | tr '[:upper:]' '[:lower:]'}_${shell uname -m}.tar.gz" | tar xzf - kubectl-slice - @rm deploy/base/* - curl https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/main/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -o deploy/base/customresourcedefinition-monitoring.coreos.com_servicemonitors.yaml - curl https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/main/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -o deploy/base/customresourcedefinition-monitoring.coreos.com_prometheusrules.yaml - curl https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/main/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -o deploy/base/customresourcedefinition-monitoring.coreos.com_podmonitors.yaml - curl https://raw.githubusercontent.com/openshift/api/master/route/v1/zz_generated.crd-manifests/routes-Default.crd.yaml -o deploy/base/customresourcedefinition-routes-default.crd.yaml - # Currently the hypershift install render command prints an error out to stdout if there is no available kubeconfig - # TODO: Get a fix into the hypershift install render command so we don't have to do this - @podman run -it --rm ${HO_IMAGE} install render \ - --hypershift-image ${HO_IMAGE} \ - --enable-conversion-webhook=false \ - --external-dns-provider azure \ - --external-dns-secret external-dns-azure \ - --external-dns-domain-filter \$$\(DOMAIN\) \ - --external-dns-image ${EDO_IMAGE} \ - --external-dns-txt-owner-id \$$\(TXT_OWNER_ID\) \ - --managed-service ARO-HCP \ - | tail -n +2 \ - | ./kubectl-slice -f - -o deploy/base - @rm deploy/crds/* - @mkdir -p deploy/crds - @mv deploy/base/customresourcedefinition*.yaml deploy/crds - - @echo "apiVersion: kustomize.config.k8s.io/v1beta1" > deploy/crds/kustomization.yml - @echo "kind: Kustomization" >> deploy/crds/kustomization.yml - @echo "resources:" >> deploy/crds/kustomization.yml - @find deploy/crds -type f -name "customresourcedefinition*.yaml" ! -name "kustomization.yml" | sed 's/^deploy\/crds\// - /' >> deploy/crds/kustomization.yml - - @echo "apiVersion: kustomize.config.k8s.io/v1beta1" > deploy/base/kustomization.yml - @echo "kind: Kustomization" >> deploy/base/kustomization.yml - @echo "resources:" >> deploy/base/kustomization.yml - @find deploy/base -type f -name "*.yaml" ! -name "kustomization.yml" | sed 's/^deploy\/base\// - /' >> deploy/base/kustomization.yml - -.PHONY: create-edo-azure-creds create-edo-sa-patch create-domain-file create-txt-owner-id-file deploy unpack-ho-manifests +deploy: + @EXTERNAL_DNS_OPERATOR_MI_CLIENT_ID=$(shell az identity show -g ${RESOURCEGROUP} -n ${EXTERNAL_DNS_MI_NAME} --query clientId -o tsv) && \ + AZURE_TENANT_ID=$(shell az account show --query tenantId --output tsv) && \ + AZURE_SUBSCRIPTION_ID=$(shell az account show --query id --output tsv) && \ + CSI_SECRET_STORE_CLIENT_ID=$(shell az aks show -n ${AKS_NAME} -g ${RESOURCEGROUP} --query 'addonProfiles.azureKeyvaultSecretsProvider.identity.clientId' -o tsv) && \ + helm upgrade --install hypershift deploy/helm \ + --create-namespace --namespace ${HYPERSHIFT_NAMESPACE} \ + --set image=${HO_IMAGE_BASE} \ + --set imagetag=${HO_IMAGE_TAG} \ + --set registryOverrides="quay.io/openshift-release-dev/ocp-v4.0-art-dev=${ARO_HCP_OCP_ACR}.azurecr.io/openshift/release\,quay.io/openshift-release-dev/ocp-release=${ARO_HCP_OCP_ACR}.azurecr.io/openshift/release-images\,registry.redhat.io/redhat=${ARO_HCP_OCP_ACR}.azurecr.io/redhat" \ + --set azureKeyVaultClientId=$${CSI_SECRET_STORE_CLIENT_ID} \ + --set external-dns.image=${ED_IMAGE_BASE} \ + --set external-dns.imagetag=${ED_IMAGE_TAG} \ + --set external-dns.txtOwnerId=${RESOURCEGROUP} \ + --set external-dns.domain=${ZONE_NAME} \ + --set external-dns.credentials.tenantId=$${AZURE_TENANT_ID} \ + --set external-dns.credentials.subscriptionId=$${AZURE_SUBSCRIPTION_ID} \ + --set external-dns.credentials.resourceGroup=${REGIONAL_RESOURCEGROUP} \ + --set external-dns.credentials.userAssignedIdentityID=$${EXTERNAL_DNS_OPERATOR_MI_CLIENT_ID} + +.PHONY: helm-chart deploy diff --git a/hypershiftoperator/README.md b/hypershiftoperator/README.md index 141a3ab40..8560cec3c 100644 --- a/hypershiftoperator/README.md +++ b/hypershiftoperator/README.md @@ -1,3 +1,3 @@ # HyperShift Operator -To promote HyperShift Operator, increment the `HO_IMAGE` variable in the Makefile, then run `make prepare-ho-manifests` to generate the corresponding manifests for that image. \ No newline at end of file +To promote HyperShift Operator, increment the `hypershiftOperatorImageTag` parameter in the `config/config.yaml` file. diff --git a/hypershiftoperator/config.tmpl.mk b/hypershiftoperator/config.tmpl.mk index f08a8b411..9d0f83bf5 100644 --- a/hypershiftoperator/config.tmpl.mk +++ b/hypershiftoperator/config.tmpl.mk @@ -1,6 +1,18 @@ -ARO_HCP_IMAGE_ACR ?= {{ .svcAcrName }} +ARO_HCP_SVC_ACR ?= {{ .svcAcrName }} +ARO_HCP_OCP_ACR ?= {{ .ocpAcrName }} HO_IMAGE_TAG ?= {{ .hypershiftOperatorImageTag }} +HO_IMAGE_BASE ?= ${ARO_HCP_SVC_ACR}.azurecr.io/acm-d/rhtap-hypershift-operator +HO_IMAGE ?= ${HO_IMAGE_BASE}:${HO_IMAGE_TAG} +ED_IMAGE ?= ${ARO_HCP_SVC_ACR}.azurecr.io/external-dns/external-dns:${ED_IMAGE_TAG} ED_IMAGE_TAG ?= {{ .externalDNSImageTag }} +ED_IMAGE_BASE ?= ${ARO_HCP_SVC_ACR}.azurecr.io/external-dns/external-dns +ED_IMAGE ?= ${ED_IMAGE_BASE}:${ED_IMAGE_TAG} + RESOURCEGROUP ?= {{ .managementClusterRG }} REGIONAL_RESOURCEGROUP ?= {{ .regionRG }} ZONE_NAME ?= {{ .regionalDNSSubdomain }}.{{ .baseDnsZoneName }} +AKS_NAME ?= {{ .aksName }} +HYPERSHIFT_NAMESPACE ?= {{ .hypershiftNamespace}} +EXTERNAL_DNS_MI_NAME ?= {{ .externalDNSManagedIdentityName }} + +HO_CHART_DIR ?= deploy/helm/charts/hypershift-operator diff --git a/hypershiftoperator/deploy/base/clusterrole-hypershift-operator.yaml b/hypershiftoperator/deploy/base/clusterrole-hypershift-operator.yaml deleted file mode 100644 index c2a4df432..000000000 --- a/hypershiftoperator/deploy/base/clusterrole-hypershift-operator.yaml +++ /dev/null @@ -1,296 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: hypershift-operator -rules: -- apiGroups: - - hypershift.openshift.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - certificates.hypershift.openshift.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - scheduling.hypershift.openshift.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - config.openshift.io - resources: - - '*' - verbs: - - get - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - '*' -- apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - '*' -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - '*' -- apiGroups: - - networking.k8s.io - resources: - - networkpolicies - verbs: - - '*' -- apiGroups: - - bootstrap.cluster.x-k8s.io - - controlplane.cluster.x-k8s.io - - infrastructure.cluster.x-k8s.io - - machines.cluster.x-k8s.io - - exp.infrastructure.cluster.x-k8s.io - - addons.cluster.x-k8s.io - - exp.cluster.x-k8s.io - - cluster.x-k8s.io - - monitoring.coreos.com - - monitoring.rhobs - resources: - - '*' - verbs: - - '*' -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - '*' -- apiGroups: - - operator.openshift.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - route.openshift.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - image.openshift.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - security.openshift.io - resources: - - securitycontextconstraints - verbs: - - '*' -- apiGroups: - - rbac.authorization.k8s.io - resources: - - '*' - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - deletecollection -- apiGroups: - - "" - resources: - - events - - configmaps - - configmaps/finalizers - - persistentvolumeclaims - - pods - - pods/log - - secrets - - nodes - - namespaces - - serviceaccounts - - services - - endpoints - verbs: - - '*' -- apiGroups: - - apps - resources: - - deployments - - replicasets - - statefulsets - verbs: - - '*' -- apiGroups: - - etcd.database.coreos.com - resources: - - '*' - verbs: - - '*' -- apiGroups: - - machine.openshift.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - monitoring.coreos.com - - monitoring.rhobs - resources: - - podmonitors - verbs: - - get - - list - - watch - - create - - update -- apiGroups: - - capi-provider.agent-install.openshift.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - operator.openshift.io - resources: - - ingresscontrollers - verbs: - - '*' -- apiGroups: - - kubevirt.io - resources: - - virtualmachineinstances - - virtualmachines - - virtualmachines/finalizers - verbs: - - '*' -- apiGroups: - - cdi.kubevirt.io - resources: - - datavolumes - verbs: - - get - - list - - watch -- apiGroups: - - ipam.cluster.x-k8s.io - resources: - - ipaddressclaims - - ipaddressclaims/status - verbs: - - '*' -- apiGroups: - - ipam.cluster.x-k8s.io - resources: - - ipaddresses - - ipaddresses/status - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - subresources.kubevirt.io - resources: - - virtualmachineinstances/addvolume - - virtualmachineinstances/removevolume - verbs: - - '*' -- apiGroups: - - cdi.kubevirt.io - resources: - - datavolumes - verbs: - - '*' -- apiGroups: - - agent-install.openshift.io - resources: - - agents - verbs: - - '*' -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - get - - create - - delete -- apiGroups: - - extensions.hive.openshift.io - resources: - - agentclusterinstalls - verbs: - - '*' -- apiGroups: - - hive.openshift.io - resources: - - clusterdeployments - verbs: - - '*' -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - - endpointslices/restricted - verbs: - - '*' -- apiGroups: - - admissionregistration.k8s.io - resourceNames: - - hypershift.openshift.io - resources: - - validatingwebhookconfigurations - verbs: - - delete -- apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - verbs: - - get - - list - - watch -- apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests/status - verbs: - - patch -- apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests/approval - verbs: - - update -- apiGroups: - - certificates.k8s.io - resources: - - signers - verbs: - - approve -- apiGroups: - - certificates.k8s.io - resources: - - signers - verbs: - - sign diff --git a/hypershiftoperator/deploy/base/clusterrolebinding-hypershift-operator.yaml b/hypershiftoperator/deploy/base/clusterrolebinding-hypershift-operator.yaml deleted file mode 100644 index c455db285..000000000 --- a/hypershiftoperator/deploy/base/clusterrolebinding-hypershift-operator.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - name: hypershift-operator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: hypershift-operator -subjects: -- kind: ServiceAccount - name: operator - namespace: hypershift diff --git a/hypershiftoperator/deploy/base/configmap-openshift-config-managed-trusted-ca-bundle.yaml b/hypershiftoperator/deploy/base/configmap-openshift-config-managed-trusted-ca-bundle.yaml deleted file mode 100644 index bf945ef4e..000000000 --- a/hypershiftoperator/deploy/base/configmap-openshift-config-managed-trusted-ca-bundle.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - creationTimestamp: null - labels: - config.openshift.io/inject-trusted-cabundle: "true" - name: openshift-config-managed-trusted-ca-bundle - namespace: hypershift diff --git a/hypershiftoperator/deploy/base/deployment-operator.yaml b/hypershiftoperator/deploy/base/deployment-operator.yaml deleted file mode 100644 index 3d4af41d0..000000000 --- a/hypershiftoperator/deploy/base/deployment-operator.yaml +++ /dev/null @@ -1,144 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - hypershift.openshift.io/install-cli-version: 'openshift/hypershift: 99a256fc978cf2bd7b4553e123816b46d96859ea. - Latest supported OCP: 4.18.0' - creationTimestamp: null - name: operator - namespace: hypershift -spec: - replicas: 1 - selector: - matchLabels: - name: operator - strategy: {} - template: - metadata: - creationTimestamp: null - labels: - app: operator - hypershift.openshift.io/operator-component: operator - name: operator - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - operator - topologyKey: kubernetes.io/hostname - weight: 10 - containers: - - args: - - run - - --namespace=$(MY_NAMESPACE) - - --pod-name=$(MY_NAME) - - --metrics-addr=:9000 - - --enable-dedicated-request-serving-isolation=true - - --enable-ocp-cluster-monitoring=false - - --enable-ci-debug-output=false - - --private-platform=None - command: - - /usr/bin/hypershift-operator - env: - - name: MY_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: METRICS_SET - value: Telemetry - - name: CERT_ROTATION_SCALE - value: 24h0m0s - - name: MANAGED_SERVICE - value: ARO-HCP - - name: ENABLE_ETCD_RECOVERY - value: "1" - image: arohcpdev.azurecr.io/acm-d/rhtap-hypershift-operator:99a256f - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 5 - httpGet: - path: /metrics - port: 9000 - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 60 - successThreshold: 1 - timeoutSeconds: 5 - name: operator - ports: - - containerPort: 9000 - name: metrics - protocol: TCP - - containerPort: 9443 - name: manager - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /metrics - port: 9000 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 60 - successThreshold: 1 - timeoutSeconds: 5 - resources: - requests: - cpu: 10m - memory: 150Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsUser: 1000 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /etc/pki/ca-trust/extracted/pem - name: trusted-ca-bundle - readOnly: true - initContainers: - - args: - - init - command: - - /usr/bin/hypershift-operator - image: arohcpdev.azurecr.io/acm-d/rhtap-hypershift-operator:99a256f - imagePullPolicy: IfNotPresent - name: init-environment - resources: {} - securityContext: - privileged: false - readOnlyRootFilesystem: true - runAsUser: 1000 - volumeMounts: - - mountPath: /var/run/ca-trust - name: openshift-config-managed-trusted-ca-bundle - readOnly: true - - mountPath: /trust-bundle - name: trusted-ca-bundle - priorityClassName: hypershift-operator - serviceAccountName: operator - volumes: - - configMap: - items: - - key: ca-bundle.crt - path: tls-ca-bundle.pem - name: openshift-config-managed-trusted-ca-bundle - optional: true - name: openshift-config-managed-trusted-ca-bundle - - emptyDir: {} - name: trusted-ca-bundle -status: {} diff --git a/hypershiftoperator/deploy/base/kustomization.yml b/hypershiftoperator/deploy/base/kustomization.yml deleted file mode 100644 index e0ca0f24b..000000000 --- a/hypershiftoperator/deploy/base/kustomization.yml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - clusterrole-external-dns.yaml - - configmap-openshift-config-managed-trusted-ca-bundle.yaml - - podmonitor-external-dns.yaml - - clusterrole-hypershift-operator.yaml - - priorityclass-hypershift-etcd.yaml - - role-prometheus.yaml - - deployment-operator.yaml - - rolebinding-authentication-reader-for-authenticated-users.yaml - - priorityclass-hypershift-api-critical.yaml - - clusterrolebinding-hypershift-operator.yaml - - servicemonitor-operator.yaml - - prometheusrule-metrics.yaml - - role-hypershift-operator.yaml - - priorityclass-hypershift-control-plane.yaml - - serviceaccount-external-dns.yaml - - rolebinding-prometheus.yaml - - clusterrolebinding-external-dns.yaml - - namespace-hypershift.yaml - - service-operator.yaml - - rolebinding-hypershift-operator.yaml - - deployment-external-dns.yaml - - serviceaccount-operator.yaml - - priorityclass-hypershift-operator.yaml diff --git a/hypershiftoperator/deploy/base/namespace-hypershift.yaml b/hypershiftoperator/deploy/base/namespace-hypershift.yaml deleted file mode 100644 index 4d1aecb69..000000000 --- a/hypershiftoperator/deploy/base/namespace-hypershift.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - creationTimestamp: null - labels: - hypershift.openshift.io/monitoring: "true" - openshift.io/cluster-monitoring: "true" - name: hypershift -spec: {} -status: {} diff --git a/hypershiftoperator/deploy/base/priorityclass-hypershift-api-critical.yaml b/hypershiftoperator/deploy/base/priorityclass-hypershift-api-critical.yaml deleted file mode 100644 index 192d7cf78..000000000 --- a/hypershiftoperator/deploy/base/priorityclass-hypershift-api-critical.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: scheduling.k8s.io/v1 -description: This priority class should be used for hypershift control plane pods - critical to serving the API. -kind: PriorityClass -metadata: - creationTimestamp: null - name: hypershift-api-critical -preemptionPolicy: Never -value: 100001000 diff --git a/hypershiftoperator/deploy/base/priorityclass-hypershift-control-plane.yaml b/hypershiftoperator/deploy/base/priorityclass-hypershift-control-plane.yaml deleted file mode 100644 index 9fa693f44..000000000 --- a/hypershiftoperator/deploy/base/priorityclass-hypershift-control-plane.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: scheduling.k8s.io/v1 -description: This priority class should be used for hypershift control plane pods - not critical to serving the API. -kind: PriorityClass -metadata: - creationTimestamp: null - name: hypershift-control-plane -preemptionPolicy: Never -value: 100000000 diff --git a/hypershiftoperator/deploy/base/priorityclass-hypershift-etcd.yaml b/hypershiftoperator/deploy/base/priorityclass-hypershift-etcd.yaml deleted file mode 100644 index 860817a3c..000000000 --- a/hypershiftoperator/deploy/base/priorityclass-hypershift-etcd.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: scheduling.k8s.io/v1 -description: This priority class should be used for hypershift etcd pods. -kind: PriorityClass -metadata: - creationTimestamp: null - name: hypershift-etcd -preemptionPolicy: Never -value: 100002000 diff --git a/hypershiftoperator/deploy/base/priorityclass-hypershift-operator.yaml b/hypershiftoperator/deploy/base/priorityclass-hypershift-operator.yaml deleted file mode 100644 index 216863ad3..000000000 --- a/hypershiftoperator/deploy/base/priorityclass-hypershift-operator.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: scheduling.k8s.io/v1 -description: This priority class is used for hypershift operator pods -kind: PriorityClass -metadata: - creationTimestamp: null - name: hypershift-operator -value: 100003000 diff --git a/hypershiftoperator/deploy/base/prometheusrule-metrics.yaml b/hypershiftoperator/deploy/base/prometheusrule-metrics.yaml deleted file mode 100644 index c44290511..000000000 --- a/hypershiftoperator/deploy/base/prometheusrule-metrics.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - creationTimestamp: null - name: metrics - namespace: hypershift -spec: - groups: - - interval: 30s - name: hypershift.rules - rules: - - expr: sum by (namespace) (rate(apiserver_request_total{verb=~"LIST|GET|WATCH"}[2m])) - record: hypershift:apiserver_request_total:read - - expr: sum by (namespace) (rate(apiserver_request_total{verb=~"POST|PUT|PATCH|UPDATE|DELETE|APPLY"}[2m])) - record: hypershift:apiserver_request_total:write - - expr: sum by (namespace, system_client) (rate(apiserver_request_total{}[2m])) - record: hypershift:apiserver_request_total:client - - expr: sort_desc(sum(rate(apiserver_request_aborts_total[1m])) by (resource, - verb)) - record: hypershift:apiserver_request_aborts_total - - expr: sum by (app, namespace, code, method, pod) ( sum(rest_client_requests_total) - by (pod, namespace, code, method) * on (pod, namespace) group_left(app) label_replace(kube_pod_labels{label_hypershift_openshift_io_control_plane_component!=""}, - "app", "$1", "label_app", "(.*)") ) - record: hypershift:controlplane:component_api_requests_total - - expr: sum by (app, namespace, pod) ( sum(container_memory_usage_bytes{container!="POD",container!=""}) - by (pod, namespace) * on (pod, namespace) group_left(app) label_replace(kube_pod_labels{label_hypershift_openshift_io_control_plane_component!=""}, - "app", "$1", "label_app", "(.*)") ) - record: hypershift:controlplane:component_memory_usage - - expr: sum by (app, namespace, pod) ( sum(container_memory_rss{container!="POD",container!=""}) - by (pod, namespace) * on (pod, namespace) group_left(app) label_replace(kube_pod_labels{label_hypershift_openshift_io_control_plane_component!=""}, - "app", "$1", "label_app", "(.*)") ) - record: hypershift:controlplane:component_memory_rss - - expr: sum by (app, namespace, pod) ( sum(kube_pod_container_resource_requests{resource="memory"}) - by (pod, namespace) * on (pod, namespace) group_left(app) label_replace(kube_pod_labels{label_hypershift_openshift_io_control_plane_component!=""}, - "app", "$1", "label_app", "(.*)") ) - record: hypershift:controlplane:component_memory_request - - expr: histogram_quantile(0.9, sum by (namespace, le) (rate(ign_server_payload_generation_seconds_bucket{container="ignition-server"}[3m]))) - record: hypershift:controlplane:ign_payload_generation_seconds_p90 - - expr: avg by (app, namespace, pod) ( sum( rate( container_cpu_usage_seconds_total{container_name!="POD",container!=""}[2m] - ) ) by (pod, namespace) * on (pod, namespace) group_left(app) label_replace(kube_pod_labels{label_hypershift_openshift_io_control_plane_component!=""}, - "app", "$1", "label_app", "(.*)") ) / count by (app, namespace, pod) ( sum( - rate( container_cpu_usage_seconds_total{container_name!="POD",container!=""}[2m] - ) ) by (pod, namespace) * on (pod, namespace) group_left(app) label_replace(kube_pod_labels{label_hypershift_openshift_io_control_plane_component!=""}, - "app", "$1", "label_app", "(.*)") ) - record: hypershift:controlplane:component_cpu_usage_seconds - - expr: sum by (app, namespace, pod) ( sum(kube_pod_container_resource_requests{resource="cpu"}) - by (pod, namespace) * on (pod, namespace) group_left(app) label_replace(kube_pod_labels{label_hypershift_openshift_io_control_plane_component!=""}, - "app", "$1", "label_app", "(.*)") ) - record: hypershift:controlplane:component_cpu_request - - expr: sum by (app, namespace, code, method) ( sum(rest_client_requests_total) - by (pod, namespace, code, method) * on (pod, namespace) group_left(app) label_replace(kube_pod_labels{label_hypershift_openshift_io_operator_component!=""}, - "app", "$1", "label_app", "(.*)") ) - record: hypershift:operator:component_api_requests_total - - expr: max by(platform) (hypershift_hostedclusters) - record: platform:hypershift_hostedclusters:max - - expr: max by(platform) (hypershift_nodepools) - record: platform:hypershift_nodepools:max - - expr: sum by(cluster_name, exported_namespace) (max by(name, exported_namespace, - platform, cluster_name) (hypershift_nodepools_size)) - record: cluster_name:hypershift_nodepools_size:sum - - expr: sum by(cluster_name, exported_namespace) (max by(name, exported_namespace, - platform, cluster_name) (hypershift_nodepools_available_replicas)) - record: cluster_name:hypershift_nodepools_available_replicas:sum diff --git a/hypershiftoperator/deploy/base/role-hypershift-operator.yaml b/hypershiftoperator/deploy/base/role-hypershift-operator.yaml deleted file mode 100644 index f0e9c7aad..000000000 --- a/hypershiftoperator/deploy/base/role-hypershift-operator.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - name: hypershift-operator - namespace: hypershift -rules: -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - '*' diff --git a/hypershiftoperator/deploy/base/role-prometheus.yaml b/hypershiftoperator/deploy/base/role-prometheus.yaml deleted file mode 100644 index c2100527a..000000000 --- a/hypershiftoperator/deploy/base/role-prometheus.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - name: prometheus - namespace: hypershift -rules: -- apiGroups: - - "" - resources: - - services - - endpoints - - pods - verbs: - - get - - list - - watch diff --git a/hypershiftoperator/deploy/base/rolebinding-authentication-reader-for-authenticated-users.yaml b/hypershiftoperator/deploy/base/rolebinding-authentication-reader-for-authenticated-users.yaml deleted file mode 100644 index d24d33117..000000000 --- a/hypershiftoperator/deploy/base/rolebinding-authentication-reader-for-authenticated-users.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - name: authentication-reader-for-authenticated-users - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: -- apiGroup: rbac.authorization.k8s.io - kind: Group - name: system:authenticated diff --git a/hypershiftoperator/deploy/base/rolebinding-hypershift-operator.yaml b/hypershiftoperator/deploy/base/rolebinding-hypershift-operator.yaml deleted file mode 100644 index bc2ef6d20..000000000 --- a/hypershiftoperator/deploy/base/rolebinding-hypershift-operator.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - name: hypershift-operator - namespace: hypershift -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: hypershift-operator -subjects: -- kind: ServiceAccount - name: operator - namespace: hypershift diff --git a/hypershiftoperator/deploy/base/rolebinding-prometheus.yaml b/hypershiftoperator/deploy/base/rolebinding-prometheus.yaml deleted file mode 100644 index a250e573e..000000000 --- a/hypershiftoperator/deploy/base/rolebinding-prometheus.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - creationTimestamp: null - name: prometheus - namespace: hypershift -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: prometheus -subjects: -- kind: ServiceAccount - name: prometheus-k8s - namespace: openshift-monitoring diff --git a/hypershiftoperator/deploy/base/service-operator.yaml b/hypershiftoperator/deploy/base/service-operator.yaml deleted file mode 100644 index 31b081376..000000000 --- a/hypershiftoperator/deploy/base/service-operator.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.openshift.io/serving-cert-secret-name: manager-serving-cert - creationTimestamp: null - labels: - name: operator - name: operator - namespace: hypershift -spec: - ports: - - name: metrics - port: 9393 - protocol: TCP - targetPort: metrics - - name: manager - port: 443 - protocol: TCP - targetPort: manager - selector: - name: operator - type: ClusterIP -status: - loadBalancer: {} diff --git a/hypershiftoperator/deploy/base/serviceaccount-external-dns.yaml b/hypershiftoperator/deploy/base/serviceaccount-external-dns.yaml deleted file mode 100644 index 1f6c9e39c..000000000 --- a/hypershiftoperator/deploy/base/serviceaccount-external-dns.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - name: external-dns - namespace: hypershift diff --git a/hypershiftoperator/deploy/base/serviceaccount-operator.yaml b/hypershiftoperator/deploy/base/serviceaccount-operator.yaml deleted file mode 100644 index 0702b7a69..000000000 --- a/hypershiftoperator/deploy/base/serviceaccount-operator.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - creationTimestamp: null - name: operator - namespace: hypershift diff --git a/hypershiftoperator/deploy/base/servicemonitor-operator.yaml b/hypershiftoperator/deploy/base/servicemonitor-operator.yaml deleted file mode 100644 index 72f900814..000000000 --- a/hypershiftoperator/deploy/base/servicemonitor-operator.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: azmonitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - creationTimestamp: null - name: operator - namespace: hypershift -spec: - endpoints: - - interval: 30s - port: metrics - jobLabel: component - namespaceSelector: {} - selector: - matchLabels: - name: operator diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-agentclusters.capi-provider.agent-install.openshift.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-agentclusters.capi-provider.agent-install.openshift.io.yaml deleted file mode 100644 index 6b333cf72..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-agentclusters.capi-provider.agent-install.openshift.io.yaml +++ /dev/null @@ -1,340 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - labels: - cluster.x-k8s.io/v1beta1: v1beta1 - name: agentclusters.capi-provider.agent-install.openshift.io -spec: - group: capi-provider.agent-install.openshift.io - names: - kind: AgentCluster - listKind: AgentClusterList - plural: agentclusters - singular: agentcluster - scope: Namespaced - versions: - - deprecated: true - deprecationWarning: v1alpha1 is a deprecated version for AgentCluster - name: v1alpha1 - schema: - openAPIV3Schema: - description: AgentCluster is the Schema for the agentclusters API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AgentClusterSpec defines the desired state of AgentCluster - properties: - controlPlaneEndpoint: - description: ControlPlaneEndpoint represents the endpoint used to - communicate with the control plane. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - ignitionEndpoint: - description: IgnitionEndpoint store the data to of the custom ignition - endpoint. - properties: - caCertificateReference: - description: |- - CaCertificateReference is a reference to the secret containing CA certificate to be used - when contacting the URL via HTTPS. - properties: - name: - description: Name is the name of the secret containing the - CA certificate. - type: string - namespace: - description: Namespace is the namespace of the secret containing - the CA certificate. - type: string - required: - - name - - namespace - type: object - url: - description: Url store the URL of the custom ignition endpoint. - type: string - type: object - type: object - status: - description: AgentClusterStatus defines the observed state of AgentCluster - properties: - clusterDeploymentReference: - description: ClusterDeploymentRef is a reference to the associated - Hive ClusterDeployment. - properties: - name: - description: Name is unique within a namespace to reference a - clusterDeployment resource. - type: string - namespace: - description: Namespace defines the space within which the clusterDeployment - name must be unique. - type: string - type: object - conditions: - description: Conditions defines current service state of the ClusterDeployment. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureDomains: - additionalProperties: - description: |- - FailureDomainSpec is the Schema for Cluster API failure domains. - It allows controllers to understand how many failure domains a cluster can optionally span across. - properties: - attributes: - additionalProperties: - type: string - description: Attributes is a free form map of attributes an - infrastructure provider might use or require. - type: object - controlPlane: - description: ControlPlane determines if this failure domain - is suitable for use by control plane machines. - type: boolean - type: object - description: FailureDomains is a list of failure domain objects synced - from the infrastructure provider. - type: object - ready: - type: boolean - required: - - clusterDeploymentReference - type: object - type: object - served: true - storage: false - subresources: - status: {} - - name: v1beta1 - schema: - openAPIV3Schema: - description: AgentCluster is the Schema for the agentclusters API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AgentClusterSpec defines the desired state of AgentCluster - properties: - controlPlaneEndpoint: - description: ControlPlaneEndpoint represents the endpoint used to - communicate with the control plane. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - ignitionEndpoint: - description: IgnitionEndpoint store the data to of the custom ignition - endpoint. - properties: - caCertificateReference: - description: |- - CaCertificateReference is a reference to the secret containing CA certificate to be used - when contacting the URL via HTTPS. - properties: - name: - description: Name is the name of the secret containing the - CA certificate. - type: string - namespace: - description: Namespace is the namespace of the secret containing - the CA certificate. - type: string - required: - - name - - namespace - type: object - url: - description: Url store the URL of the custom ignition endpoint. - type: string - type: object - type: object - status: - description: AgentClusterStatus defines the observed state of AgentCluster - properties: - clusterDeploymentReference: - description: ClusterDeploymentRef is a reference to the associated - Hive ClusterDeployment. - properties: - name: - description: Name is unique within a namespace to reference a - clusterDeployment resource. - type: string - namespace: - description: Namespace defines the space within which the clusterDeployment - name must be unique. - type: string - type: object - conditions: - description: Conditions defines current service state of the ClusterDeployment. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureDomains: - additionalProperties: - description: |- - FailureDomainSpec is the Schema for Cluster API failure domains. - It allows controllers to understand how many failure domains a cluster can optionally span across. - properties: - attributes: - additionalProperties: - type: string - description: Attributes is a free form map of attributes an - infrastructure provider might use or require. - type: object - controlPlane: - description: ControlPlane determines if this failure domain - is suitable for use by control plane machines. - type: boolean - type: object - description: FailureDomains is a list of failure domain objects synced - from the infrastructure provider. - type: object - ready: - type: boolean - required: - - clusterDeploymentReference - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-agentmachines.capi-provider.agent-install.openshift.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-agentmachines.capi-provider.agent-install.openshift.io.yaml deleted file mode 100644 index 0616a2574..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-agentmachines.capi-provider.agent-install.openshift.io.yaml +++ /dev/null @@ -1,440 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - labels: - cluster.x-k8s.io/v1beta1: v1beta1 - name: agentmachines.capi-provider.agent-install.openshift.io -spec: - group: capi-provider.agent-install.openshift.io - names: - kind: AgentMachine - listKind: AgentMachineList - plural: agentmachines - singular: agentmachine - scope: Namespaced - versions: - - deprecated: true - deprecationWarning: v1alpha1 is a deprecated version for AgentMachine - name: v1alpha1 - schema: - openAPIV3Schema: - description: AgentMachine is the Schema for the agentmachines API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AgentMachineSpec defines the desired state of AgentMachine - properties: - agentLabelSelector: - description: AgentLabelSelector contains the labels that must be set - on an Agent in order to be selected for this Machine. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - providerID: - description: |- - ProviderID is the host's motherboard serial formatted as - agent://12345678-1234-1234-1234-123456789abc - type: string - type: object - status: - description: AgentMachineStatus defines the observed state of AgentMachine - properties: - addresses: - description: Addresses contains the Agent's associated addresses. - items: - description: MachineAddress contains information for the node's - address. - properties: - address: - description: The machine address. - type: string - type: - description: Machine address type, one of Hostname, ExternalIP, - InternalIP, ExternalDNS or InternalDNS. - type: string - required: - - address - - type - type: object - type: array - agentRef: - description: AgentRef is a reference to the Agent matched to the Machine. - properties: - name: - description: Name is unique within a namespace to reference an - agent resource. - type: string - namespace: - description: Namespace defines the space within which the agent - name must be unique. - type: string - type: object - conditions: - description: Conditions defines current service state of the AgentMachine. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - description: |- - FailureMessage will be set in the event that there is a terminal problem - reconciling the Machine and will contain a more verbose string suitable - for logging and human consumption. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - failureReason: - description: |- - FailureReason will be set in the event that there is a terminal problem - reconciling the Machine and will contain a succinct value suitable - for machine interpretation. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - ready: - description: Ready is true when the provider resource is ready. - type: boolean - type: object - type: object - served: true - storage: false - subresources: - status: {} - - name: v1beta1 - schema: - openAPIV3Schema: - description: AgentMachine is the Schema for the agentmachines API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AgentMachineSpec defines the desired state of AgentMachine - properties: - agentLabelSelector: - description: AgentLabelSelector contains the labels that must be set - on an Agent in order to be selected for this Machine. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - providerID: - description: |- - ProviderID is the host's motherboard serial formatted as - agent://12345678-1234-1234-1234-123456789abc - type: string - type: object - status: - description: AgentMachineStatus defines the observed state of AgentMachine - properties: - addresses: - description: Addresses contains the Agent's associated addresses. - items: - description: MachineAddress contains information for the node's - address. - properties: - address: - description: The machine address. - type: string - type: - description: Machine address type, one of Hostname, ExternalIP, - InternalIP, ExternalDNS or InternalDNS. - type: string - required: - - address - - type - type: object - type: array - agentRef: - description: AgentRef is a reference to the Agent matched to the Machine. - properties: - name: - description: Name is unique within a namespace to reference an - agent resource. - type: string - namespace: - description: Namespace defines the space within which the agent - name must be unique. - type: string - type: object - conditions: - description: Conditions defines current service state of the AgentMachine. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - description: |- - FailureMessage will be set in the event that there is a terminal problem - reconciling the Machine and will contain a more verbose string suitable - for logging and human consumption. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - failureReason: - description: |- - FailureReason will be set in the event that there is a terminal problem - reconciling the Machine and will contain a succinct value suitable - for machine interpretation. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - ready: - description: Ready is true when the provider resource is ready. - type: boolean - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-agentmachinetemplates.capi-provider.agent-install.openshift.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-agentmachinetemplates.capi-provider.agent-install.openshift.io.yaml deleted file mode 100644 index a0ea3c850..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-agentmachinetemplates.capi-provider.agent-install.openshift.io.yaml +++ /dev/null @@ -1,222 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - labels: - cluster.x-k8s.io/v1beta1: v1beta1 - name: agentmachinetemplates.capi-provider.agent-install.openshift.io -spec: - group: capi-provider.agent-install.openshift.io - names: - categories: - - cluster-api - kind: AgentMachineTemplate - listKind: AgentMachineTemplateList - plural: agentmachinetemplates - shortNames: - - agentmt - singular: agentmachinetemplate - scope: Namespaced - versions: - - deprecated: true - deprecationWarning: v1alpha1 is a deprecated version for AgentMachineTemplate - name: v1alpha1 - schema: - openAPIV3Schema: - description: AgentMachineTemplate is the Schema for the agentmachinetemplates - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AgentMachineTemplateSpec defines the desired state of AgentMachineTemplate - properties: - template: - description: AgentMachineTemplateResource describes the data needed - to create an AgentMachine from a template - properties: - spec: - description: Spec is the specification of the desired behavior - of the machine. - properties: - agentLabelSelector: - description: AgentLabelSelector contains the labels that must - be set on an Agent in order to be selected for this Machine. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - providerID: - description: |- - ProviderID is the host's motherboard serial formatted as - agent://12345678-1234-1234-1234-123456789abc - type: string - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: true - storage: false - - name: v1beta1 - schema: - openAPIV3Schema: - description: AgentMachineTemplate is the Schema for the agentmachinetemplates - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AgentMachineTemplateSpec defines the desired state of AgentMachineTemplate - properties: - template: - description: AgentMachineTemplateResource describes the data needed - to create an AgentMachine from a template - properties: - spec: - description: Spec is the specification of the desired behavior - of the machine. - properties: - agentLabelSelector: - description: AgentLabelSelector contains the labels that must - be set on an Agent in order to be selected for this Machine. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - providerID: - description: |- - ProviderID is the host's motherboard serial formatted as - agent://12345678-1234-1234-1234-123456789abc - type: string - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-awsclustercontrolleridentities.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-awsclustercontrolleridentities.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index 413c7a003..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-awsclustercontrolleridentities.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,218 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: awsclustercontrolleridentities.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AWSClusterControllerIdentity - listKind: AWSClusterControllerIdentityList - plural: awsclustercontrolleridentities - shortNames: - - awsci - singular: awsclustercontrolleridentity - scope: Cluster - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: |- - AWSClusterControllerIdentity is the Schema for the awsclustercontrolleridentities API - It is used to grant access to use Cluster API Provider AWS Controller credentials. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Spec for this AWSClusterControllerIdentity. - properties: - allowedNamespaces: - description: |- - AllowedNamespaces is used to identify which namespaces are allowed to use the identity from. - Namespaces can be selected either using an array of namespaces or with label selector. - An empty allowedNamespaces object indicates that AWSClusters can use this identity from any namespace. - If this object is nil, no namespaces will be allowed (default behaviour, if this field is not provided) - A namespace should be either in the NamespaceList or match with Selector to use the identity. - nullable: true - properties: - list: - description: An nil or empty list indicates that AWSClusters cannot - use the identity from any namespace. - items: - type: string - nullable: true - type: array - selector: - description: |- - An empty selector indicates that AWSClusters cannot use this - AWSClusterIdentity from any namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: object - type: object - type: object - served: false - storage: false - - name: v1beta2 - schema: - openAPIV3Schema: - description: |- - AWSClusterControllerIdentity is the Schema for the awsclustercontrolleridentities API - It is used to grant access to use Cluster API Provider AWS Controller credentials. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Spec for this AWSClusterControllerIdentity. - properties: - allowedNamespaces: - description: |- - AllowedNamespaces is used to identify which namespaces are allowed to use the identity from. - Namespaces can be selected either using an array of namespaces or with label selector. - An empty allowedNamespaces object indicates that AWSClusters can use this identity from any namespace. - If this object is nil, no namespaces will be allowed (default behaviour, if this field is not provided) - A namespace should be either in the NamespaceList or match with Selector to use the identity. - nullable: true - properties: - list: - description: An nil or empty list indicates that AWSClusters cannot - use the identity from any namespace. - items: - type: string - nullable: true - type: array - selector: - description: |- - An empty selector indicates that AWSClusters cannot use this - AWSClusterIdentity from any namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: object - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-awsclusterroleidentities.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-awsclusterroleidentities.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index 629cb4b2a..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-awsclusterroleidentities.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,336 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: awsclusterroleidentities.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AWSClusterRoleIdentity - listKind: AWSClusterRoleIdentityList - plural: awsclusterroleidentities - shortNames: - - awsri - singular: awsclusterroleidentity - scope: Cluster - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: |- - AWSClusterRoleIdentity is the Schema for the awsclusterroleidentities API - It is used to assume a role using the provided sourceRef. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Spec for this AWSClusterRoleIdentity. - properties: - allowedNamespaces: - description: |- - AllowedNamespaces is used to identify which namespaces are allowed to use the identity from. - Namespaces can be selected either using an array of namespaces or with label selector. - An empty allowedNamespaces object indicates that AWSClusters can use this identity from any namespace. - If this object is nil, no namespaces will be allowed (default behaviour, if this field is not provided) - A namespace should be either in the NamespaceList or match with Selector to use the identity. - nullable: true - properties: - list: - description: An nil or empty list indicates that AWSClusters cannot - use the identity from any namespace. - items: - type: string - nullable: true - type: array - selector: - description: |- - An empty selector indicates that AWSClusters cannot use this - AWSClusterIdentity from any namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: object - durationSeconds: - description: The duration, in seconds, of the role session before - it is renewed. - format: int32 - maximum: 43200 - minimum: 900 - type: integer - externalID: - description: |- - A unique identifier that might be required when you assume a role in another account. - If the administrator of the account to which the role belongs provided you with an - external ID, then provide that value in the ExternalId parameter. This value can be - any string, such as a passphrase or account number. A cross-account role is usually - set up to trust everyone in an account. Therefore, the administrator of the trusting - account might send an external ID to the administrator of the trusted account. That - way, only someone with the ID can assume the role, rather than everyone in the - account. For more information about the external ID, see How to Use an External ID - When Granting Access to Your AWS Resources to a Third Party in the IAM User Guide. - type: string - inlinePolicy: - description: An IAM policy as a JSON-encoded string that you want - to use as an inline session policy. - type: string - policyARNs: - description: |- - The Amazon Resource Names (ARNs) of the IAM managed policies that you want - to use as managed session policies. - The policies must exist in the same account as the role. - items: - type: string - type: array - roleARN: - description: The Amazon Resource Name (ARN) of the role to assume. - type: string - sessionName: - description: An identifier for the assumed role session - type: string - sourceIdentityRef: - description: |- - SourceIdentityRef is a reference to another identity which will be chained to do - role assumption. All identity types are accepted. - properties: - kind: - description: Kind of the identity. - enum: - - AWSClusterControllerIdentity - - AWSClusterRoleIdentity - - AWSClusterStaticIdentity - type: string - name: - description: Name of the identity. - minLength: 1 - type: string - required: - - kind - - name - type: object - required: - - roleARN - type: object - type: object - served: false - storage: false - - name: v1beta2 - schema: - openAPIV3Schema: - description: |- - AWSClusterRoleIdentity is the Schema for the awsclusterroleidentities API - It is used to assume a role using the provided sourceRef. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Spec for this AWSClusterRoleIdentity. - properties: - allowedNamespaces: - description: |- - AllowedNamespaces is used to identify which namespaces are allowed to use the identity from. - Namespaces can be selected either using an array of namespaces or with label selector. - An empty allowedNamespaces object indicates that AWSClusters can use this identity from any namespace. - If this object is nil, no namespaces will be allowed (default behaviour, if this field is not provided) - A namespace should be either in the NamespaceList or match with Selector to use the identity. - nullable: true - properties: - list: - description: An nil or empty list indicates that AWSClusters cannot - use the identity from any namespace. - items: - type: string - nullable: true - type: array - selector: - description: |- - An empty selector indicates that AWSClusters cannot use this - AWSClusterIdentity from any namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: object - durationSeconds: - description: The duration, in seconds, of the role session before - it is renewed. - format: int32 - maximum: 43200 - minimum: 900 - type: integer - externalID: - description: |- - A unique identifier that might be required when you assume a role in another account. - If the administrator of the account to which the role belongs provided you with an - external ID, then provide that value in the ExternalId parameter. This value can be - any string, such as a passphrase or account number. A cross-account role is usually - set up to trust everyone in an account. Therefore, the administrator of the trusting - account might send an external ID to the administrator of the trusted account. That - way, only someone with the ID can assume the role, rather than everyone in the - account. For more information about the external ID, see How to Use an External ID - When Granting Access to Your AWS Resources to a Third Party in the IAM User Guide. - type: string - inlinePolicy: - description: An IAM policy as a JSON-encoded string that you want - to use as an inline session policy. - type: string - policyARNs: - description: |- - The Amazon Resource Names (ARNs) of the IAM managed policies that you want - to use as managed session policies. - The policies must exist in the same account as the role. - items: - type: string - type: array - roleARN: - description: The Amazon Resource Name (ARN) of the role to assume. - type: string - sessionName: - description: An identifier for the assumed role session - type: string - sourceIdentityRef: - description: |- - SourceIdentityRef is a reference to another identity which will be chained to do - role assumption. All identity types are accepted. - properties: - kind: - description: Kind of the identity. - enum: - - AWSClusterControllerIdentity - - AWSClusterRoleIdentity - - AWSClusterStaticIdentity - type: string - name: - description: Name of the identity. - minLength: 1 - type: string - required: - - kind - - name - type: object - required: - - roleARN - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-awsclusters.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-awsclusters.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index 66b9e40a6..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-awsclusters.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,2918 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - labels: - cluster.x-k8s.io/v1beta1: v1beta2 - name: awsclusters.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AWSCluster - listKind: AWSClusterList - plural: awsclusters - shortNames: - - awsc - singular: awscluster - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster to which this AWSCluster belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - description: Cluster infrastructure is ready for EC2 instances - jsonPath: .status.ready - name: Ready - type: string - - description: AWS VPC the cluster is using - jsonPath: .spec.network.vpc.id - name: VPC - type: string - - description: API Endpoint - jsonPath: .spec.controlPlaneEndpoint - name: Endpoint - priority: 1 - type: string - - description: Bastion IP address for breakglass access - jsonPath: .status.bastion.publicIp - name: Bastion IP - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: AWSCluster is the schema for Amazon EC2 based Kubernetes Cluster - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AWSClusterSpec defines the desired state of an EC2-based - Kubernetes cluster. - properties: - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to AWS resources managed by the AWS provider, in addition to the - ones added by default. - type: object - bastion: - description: Bastion contains options to configure the bastion host. - properties: - allowedCIDRBlocks: - description: |- - AllowedCIDRBlocks is a list of CIDR blocks allowed to access the bastion host. - They are set as ingress rules for the Bastion host's Security Group (defaults to 0.0.0.0/0). - items: - type: string - type: array - ami: - description: |- - AMI will use the specified AMI to boot the bastion. If not specified, - the AMI will default to one picked out in public space. - type: string - disableIngressRules: - description: |- - DisableIngressRules will ensure there are no Ingress rules in the bastion host's security group. - Requires AllowedCIDRBlocks to be empty. - type: boolean - enabled: - description: |- - Enabled allows this provider to create a bastion host instance - with a public ip to access the VPC private network. - type: boolean - instanceType: - description: |- - InstanceType will use the specified instance type for the bastion. If not specified, - Cluster API Provider AWS will use t3.micro for all regions except us-east-1, where t2.micro - will be the default. - type: string - type: object - controlPlaneEndpoint: - description: ControlPlaneEndpoint represents the endpoint used to - communicate with the control plane. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - controlPlaneLoadBalancer: - description: ControlPlaneLoadBalancer is optional configuration for - customizing control plane behavior. - properties: - additionalSecurityGroups: - description: |- - AdditionalSecurityGroups sets the security groups used by the load balancer. Expected to be security group IDs - This is optional - if not provided new security groups will be created for the load balancer - items: - type: string - type: array - crossZoneLoadBalancing: - description: |- - CrossZoneLoadBalancing enables the classic ELB cross availability zone balancing. - - - With cross-zone load balancing, each load balancer node for your Classic Load Balancer - distributes requests evenly across the registered instances in all enabled Availability Zones. - If cross-zone load balancing is disabled, each load balancer node distributes requests evenly across - the registered instances in its Availability Zone only. - - - Defaults to false. - type: boolean - healthCheckProtocol: - description: |- - HealthCheckProtocol sets the protocol type for classic ELB health check target - default value is ClassicELBProtocolSSL - type: string - name: - description: |- - Name sets the name of the classic ELB load balancer. As per AWS, the name must be unique - within your set of load balancers for the region, must have a maximum of 32 characters, must - contain only alphanumeric characters or hyphens, and cannot begin or end with a hyphen. Once - set, the value cannot be changed. - maxLength: 32 - pattern: ^[A-Za-z0-9]([A-Za-z0-9]{0,31}|[-A-Za-z0-9]{0,30}[A-Za-z0-9])$ - type: string - scheme: - default: internet-facing - description: Scheme sets the scheme of the load balancer (defaults - to internet-facing) - enum: - - internet-facing - - internal - type: string - subnets: - description: Subnets sets the subnets that should be applied to - the control plane load balancer (defaults to discovered subnets - for managed VPCs or an empty set for unmanaged VPCs) - items: - type: string - type: array - type: object - identityRef: - description: |- - IdentityRef is a reference to an identity to be used when reconciling the managed control plane. - If no identity is specified, the default identity for this controller will be used. - properties: - kind: - description: Kind of the identity. - enum: - - AWSClusterControllerIdentity - - AWSClusterRoleIdentity - - AWSClusterStaticIdentity - type: string - name: - description: Name of the identity. - minLength: 1 - type: string - required: - - kind - - name - type: object - imageLookupBaseOS: - description: |- - ImageLookupBaseOS is the name of the base operating system used to look - up machine images when a machine does not specify an AMI. When set, this - will be used for all cluster machines unless a machine specifies a - different ImageLookupBaseOS. - type: string - imageLookupFormat: - description: |- - ImageLookupFormat is the AMI naming format to look up machine images when - a machine does not specify an AMI. When set, this will be used for all - cluster machines unless a machine specifies a different ImageLookupOrg. - Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base - OS and kubernetes version, respectively. The BaseOS will be the value in - ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as - defined by the packages produced by kubernetes/release without v as a - prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default - image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* will end up - searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a - Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See - also: https://golang.org/pkg/text/template/ - type: string - imageLookupOrg: - description: |- - ImageLookupOrg is the AWS Organization ID to look up machine images when a - machine does not specify an AMI. When set, this will be used for all - cluster machines unless a machine specifies a different ImageLookupOrg. - type: string - network: - description: NetworkSpec encapsulates all things related to AWS network. - properties: - cni: - description: CNI configuration - properties: - cniIngressRules: - description: |- - CNIIngressRules specify rules to apply to control plane and worker node security groups. - The source for the rule will be set to control plane and worker security group IDs. - items: - description: CNIIngressRule defines an AWS ingress rule - for CNI requirements. - properties: - description: - type: string - fromPort: - format: int64 - type: integer - protocol: - description: SecurityGroupProtocol defines the protocol - type for a security group rule. - type: string - toPort: - format: int64 - type: integer - required: - - description - - fromPort - - protocol - - toPort - type: object - type: array - type: object - securityGroupOverrides: - additionalProperties: - type: string - description: |- - SecurityGroupOverrides is an optional set of security groups to use for cluster instances - This is optional - if not provided new security groups will be created for the cluster - type: object - subnets: - description: Subnets configuration. - items: - description: SubnetSpec configures an AWS Subnet. - properties: - availabilityZone: - description: AvailabilityZone defines the availability zone - to use for this subnet in the cluster's region. - type: string - cidrBlock: - description: CidrBlock is the CIDR block to be used when - the provider creates a managed VPC. - type: string - id: - description: ID defines a unique identifier to reference - this resource. - type: string - ipv6CidrBlock: - description: |- - IPv6CidrBlock is the IPv6 CIDR block to be used when the provider creates a managed VPC. - A subnet can have an IPv4 and an IPv6 address. - IPv6 is only supported in managed clusters, this field cannot be set on AWSCluster object. - type: string - isIpv6: - description: |- - IsIPv6 defines the subnet as an IPv6 subnet. A subnet is IPv6 when it is associated with a VPC that has IPv6 enabled. - IPv6 is only supported in managed clusters, this field cannot be set on AWSCluster object. - type: boolean - isPublic: - description: IsPublic defines the subnet as a public subnet. - A subnet is public when it is associated with a route - table that has a route to an internet gateway. - type: boolean - natGatewayId: - description: |- - NatGatewayID is the NAT gateway id associated with the subnet. - Ignored unless the subnet is managed by the provider, in which case this is set on the public subnet where the NAT gateway resides. It is then used to determine routes for private subnets in the same AZ as the public subnet. - type: string - routeTableId: - description: RouteTableID is the routing table id associated - with the subnet. - type: string - tags: - additionalProperties: - type: string - description: Tags is a collection of tags describing the - resource. - type: object - type: object - type: array - vpc: - description: VPC configuration. - properties: - availabilityZoneSelection: - default: Ordered - description: |- - AvailabilityZoneSelection specifies how AZs should be selected if there are more AZs - in a region than specified by AvailabilityZoneUsageLimit. There are 2 selection schemes: - Ordered - selects based on alphabetical order - Random - selects AZs randomly in a region - Defaults to Ordered - enum: - - Ordered - - Random - type: string - availabilityZoneUsageLimit: - default: 3 - description: |- - AvailabilityZoneUsageLimit specifies the maximum number of availability zones (AZ) that - should be used in a region when automatically creating subnets. If a region has more - than this number of AZs then this number of AZs will be picked randomly when creating - default subnets. Defaults to 3 - minimum: 1 - type: integer - cidrBlock: - description: |- - CidrBlock is the CIDR block to be used when the provider creates a managed VPC. - Defaults to 10.0.0.0/16. - type: string - id: - description: ID is the vpc-id of the VPC this provider should - use to create resources. - type: string - internetGatewayId: - description: InternetGatewayID is the id of the internet gateway - associated with the VPC. - type: string - ipv6: - description: |- - IPv6 contains ipv6 specific settings for the network. Supported only in managed clusters. - This field cannot be set on AWSCluster object. - properties: - cidrBlock: - description: CidrBlock is the CIDR block provided by Amazon - when VPC has enabled IPv6. - type: string - egressOnlyInternetGatewayId: - description: EgressOnlyInternetGatewayID is the id of - the egress only internet gateway associated with an - IPv6 enabled VPC. - type: string - poolId: - description: PoolID is the IP pool which must be defined - in case of BYO IP is defined. - type: string - type: object - tags: - additionalProperties: - type: string - description: Tags is a collection of tags describing the resource. - type: object - type: object - type: object - region: - description: The AWS Region the cluster lives in. - type: string - s3Bucket: - description: |- - S3Bucket contains options to configure a supporting S3 bucket for this - cluster - currently used for nodes requiring Ignition - (https://coreos.github.io/ignition/) for bootstrapping (requires - BootstrapFormatIgnition feature flag to be enabled). - properties: - controlPlaneIAMInstanceProfile: - description: |- - ControlPlaneIAMInstanceProfile is a name of the IAMInstanceProfile, which will be allowed - to read control-plane node bootstrap data from S3 Bucket. - type: string - name: - description: Name defines name of S3 Bucket to be created. - maxLength: 63 - minLength: 3 - pattern: ^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$ - type: string - nodesIAMInstanceProfiles: - description: |- - NodesIAMInstanceProfiles is a list of IAM instance profiles, which will be allowed to read - worker nodes bootstrap data from S3 Bucket. - items: - type: string - type: array - required: - - controlPlaneIAMInstanceProfile - - name - - nodesIAMInstanceProfiles - type: object - sshKeyName: - description: SSHKeyName is the name of the ssh key to attach to the - bastion host. Valid values are empty string (do not use SSH keys), - a valid SSH key name, or omitted (use the default SSH key name) - type: string - type: object - status: - description: AWSClusterStatus defines the observed state of AWSCluster. - properties: - bastion: - description: Instance describes an AWS instance. - properties: - addresses: - description: Addresses contains the AWS instance associated addresses. - items: - description: MachineAddress contains information for the node's - address. - properties: - address: - description: The machine address. - type: string - type: - description: Machine address type, one of Hostname, ExternalIP, - InternalIP, ExternalDNS or InternalDNS. - type: string - required: - - address - - type - type: object - type: array - availabilityZone: - description: Availability zone of instance - type: string - ebsOptimized: - description: Indicates whether the instance is optimized for Amazon - EBS I/O. - type: boolean - enaSupport: - description: Specifies whether enhanced networking with ENA is - enabled. - type: boolean - iamProfile: - description: The name of the IAM instance profile associated with - the instance, if applicable. - type: string - id: - type: string - imageId: - description: The ID of the AMI used to launch the instance. - type: string - instanceState: - description: The current state of the instance. - type: string - networkInterfaces: - description: Specifies ENIs attached to instance - items: - type: string - type: array - nonRootVolumes: - description: Configuration options for the non root storage volumes. - items: - description: Volume encapsulates the configuration options for - the storage device. - properties: - deviceName: - description: Device name - type: string - encrypted: - description: Encrypted is whether the volume should be encrypted - or not. - type: boolean - encryptionKey: - description: |- - EncryptionKey is the KMS key to use to encrypt the volume. Can be either a KMS key ID or ARN. - If Encrypted is set and this is omitted, the default AWS key will be used. - The key must already exist and be accessible by the controller. - type: string - iops: - description: IOPS is the number of IOPS requested for the - disk. Not applicable to all types. - format: int64 - type: integer - size: - description: |- - Size specifies size (in Gi) of the storage device. - Must be greater than the image snapshot size or 8 (whichever is greater). - format: int64 - minimum: 8 - type: integer - throughput: - description: Throughput to provision in MiB/s supported - for the volume type. Not applicable to all types. - format: int64 - type: integer - type: - description: Type is the type of the volume (e.g. gp2, io1, - etc...). - type: string - required: - - size - type: object - type: array - privateIp: - description: The private IPv4 address assigned to the instance. - type: string - publicIp: - description: The public IPv4 address assigned to the instance, - if applicable. - type: string - rootVolume: - description: Configuration options for the root storage volume. - properties: - deviceName: - description: Device name - type: string - encrypted: - description: Encrypted is whether the volume should be encrypted - or not. - type: boolean - encryptionKey: - description: |- - EncryptionKey is the KMS key to use to encrypt the volume. Can be either a KMS key ID or ARN. - If Encrypted is set and this is omitted, the default AWS key will be used. - The key must already exist and be accessible by the controller. - type: string - iops: - description: IOPS is the number of IOPS requested for the - disk. Not applicable to all types. - format: int64 - type: integer - size: - description: |- - Size specifies size (in Gi) of the storage device. - Must be greater than the image snapshot size or 8 (whichever is greater). - format: int64 - minimum: 8 - type: integer - throughput: - description: Throughput to provision in MiB/s supported for - the volume type. Not applicable to all types. - format: int64 - type: integer - type: - description: Type is the type of the volume (e.g. gp2, io1, - etc...). - type: string - required: - - size - type: object - securityGroupIds: - description: SecurityGroupIDs are one or more security group IDs - this instance belongs to. - items: - type: string - type: array - spotMarketOptions: - description: SpotMarketOptions option for configuring instances - to be run using AWS Spot instances. - properties: - maxPrice: - description: MaxPrice defines the maximum price the user is - willing to pay for Spot VM instances - type: string - type: object - sshKeyName: - description: The name of the SSH key pair. - type: string - subnetId: - description: The ID of the subnet of the instance. - type: string - tags: - additionalProperties: - type: string - description: The tags associated with the instance. - type: object - tenancy: - description: Tenancy indicates if instance should run on shared - or single-tenant hardware. - type: string - type: - description: The instance type. - type: string - userData: - description: |- - UserData is the raw data script passed to the instance which is run upon bootstrap. - This field must not be base64 encoded and should only be used when running a new instance. - type: string - volumeIDs: - description: IDs of the instance's volumes - items: - type: string - type: array - required: - - id - type: object - conditions: - description: Conditions provide observations of the operational state - of a Cluster API resource. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureDomains: - additionalProperties: - description: |- - FailureDomainSpec is the Schema for Cluster API failure domains. - It allows controllers to understand how many failure domains a cluster can optionally span across. - properties: - attributes: - additionalProperties: - type: string - description: Attributes is a free form map of attributes an - infrastructure provider might use or require. - type: object - controlPlane: - description: ControlPlane determines if this failure domain - is suitable for use by control plane machines. - type: boolean - type: object - description: FailureDomains is a slice of FailureDomains. - type: object - networkStatus: - description: NetworkStatus encapsulates AWS networking resources. - properties: - apiServerElb: - description: APIServerELB is the Kubernetes api server classic - load balancer. - properties: - attributes: - description: Attributes defines extra attributes associated - with the load balancer. - properties: - crossZoneLoadBalancing: - description: CrossZoneLoadBalancing enables the classic - load balancer load balancing. - type: boolean - idleTimeout: - description: |- - IdleTimeout is time that the connection is allowed to be idle (no data - has been sent over the connection) before it is closed by the load balancer. - format: int64 - type: integer - type: object - availabilityZones: - description: AvailabilityZones is an array of availability - zones in the VPC attached to the load balancer. - items: - type: string - type: array - dnsName: - description: DNSName is the dns name of the load balancer. - type: string - healthChecks: - description: HealthCheck is the classic elb health check associated - with the load balancer. - properties: - healthyThreshold: - format: int64 - type: integer - interval: - description: |- - A Duration represents the elapsed time between two instants - as an int64 nanosecond count. The representation limits the - largest representable duration to approximately 290 years. - format: int64 - type: integer - target: - type: string - timeout: - description: |- - A Duration represents the elapsed time between two instants - as an int64 nanosecond count. The representation limits the - largest representable duration to approximately 290 years. - format: int64 - type: integer - unhealthyThreshold: - format: int64 - type: integer - required: - - healthyThreshold - - interval - - target - - timeout - - unhealthyThreshold - type: object - listeners: - description: Listeners is an array of classic elb listeners - associated with the load balancer. There must be at least - one. - items: - description: ClassicELBListener defines an AWS classic load - balancer listener. - properties: - instancePort: - format: int64 - type: integer - instanceProtocol: - description: ClassicELBProtocol defines listener protocols - for a classic load balancer. - type: string - port: - format: int64 - type: integer - protocol: - description: ClassicELBProtocol defines listener protocols - for a classic load balancer. - type: string - required: - - instancePort - - instanceProtocol - - port - - protocol - type: object - type: array - name: - description: |- - The name of the load balancer. It must be unique within the set of load balancers - defined in the region. It also serves as identifier. - type: string - scheme: - description: Scheme is the load balancer scheme, either internet-facing - or private. - type: string - securityGroupIds: - description: SecurityGroupIDs is an array of security groups - assigned to the load balancer. - items: - type: string - type: array - subnetIds: - description: SubnetIDs is an array of subnets in the VPC attached - to the load balancer. - items: - type: string - type: array - tags: - additionalProperties: - type: string - description: Tags is a map of tags associated with the load - balancer. - type: object - type: object - securityGroups: - additionalProperties: - description: SecurityGroup defines an AWS security group. - properties: - id: - description: ID is a unique identifier. - type: string - ingressRule: - description: IngressRules is the inbound rules associated - with the security group. - items: - description: IngressRule defines an AWS ingress rule for - security groups. - properties: - cidrBlocks: - description: List of CIDR blocks to allow access from. - Cannot be specified with SourceSecurityGroupID. - items: - type: string - type: array - description: - type: string - fromPort: - format: int64 - type: integer - ipv6CidrBlocks: - description: List of IPv6 CIDR blocks to allow access - from. Cannot be specified with SourceSecurityGroupID. - items: - type: string - type: array - protocol: - description: SecurityGroupProtocol defines the protocol - type for a security group rule. - type: string - sourceSecurityGroupIds: - description: The security group id to allow access - from. Cannot be specified with CidrBlocks. - items: - type: string - type: array - toPort: - format: int64 - type: integer - required: - - description - - fromPort - - protocol - - toPort - type: object - type: array - name: - description: Name is the security group name. - type: string - tags: - additionalProperties: - type: string - description: Tags is a map of tags associated with the security - group. - type: object - required: - - id - - name - type: object - description: SecurityGroups is a map from the role/kind of the - security group to its unique name, if any. - type: object - type: object - ready: - default: false - type: boolean - required: - - ready - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Cluster to which this AWSCluster belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - description: Cluster infrastructure is ready for EC2 instances - jsonPath: .status.ready - name: Ready - type: string - - description: AWS VPC the cluster is using - jsonPath: .spec.network.vpc.id - name: VPC - type: string - - description: API Endpoint - jsonPath: .spec.controlPlaneEndpoint - name: Endpoint - priority: 1 - type: string - - description: Bastion IP address for breakglass access - jsonPath: .status.bastion.publicIp - name: Bastion IP - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: AWSCluster is the schema for Amazon EC2 based Kubernetes Cluster - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AWSClusterSpec defines the desired state of an EC2-based - Kubernetes cluster. - properties: - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to AWS resources managed by the AWS provider, in addition to the - ones added by default. - type: object - bastion: - description: Bastion contains options to configure the bastion host. - properties: - allowedCIDRBlocks: - description: |- - AllowedCIDRBlocks is a list of CIDR blocks allowed to access the bastion host. - They are set as ingress rules for the Bastion host's Security Group (defaults to 0.0.0.0/0). - items: - type: string - type: array - ami: - description: |- - AMI will use the specified AMI to boot the bastion. If not specified, - the AMI will default to one picked out in public space. - type: string - disableIngressRules: - description: |- - DisableIngressRules will ensure there are no Ingress rules in the bastion host's security group. - Requires AllowedCIDRBlocks to be empty. - type: boolean - enabled: - description: |- - Enabled allows this provider to create a bastion host instance - with a public ip to access the VPC private network. - type: boolean - instanceType: - description: |- - InstanceType will use the specified instance type for the bastion. If not specified, - Cluster API Provider AWS will use t3.micro for all regions except us-east-1, where t2.micro - will be the default. - type: string - type: object - controlPlaneEndpoint: - description: ControlPlaneEndpoint represents the endpoint used to - communicate with the control plane. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - controlPlaneLoadBalancer: - description: ControlPlaneLoadBalancer is optional configuration for - customizing control plane behavior. - properties: - additionalListeners: - description: |- - AdditionalListeners sets the additional listeners for the control plane load balancer. - This is only applicable to Network Load Balancer (NLB) types for the time being. - items: - description: |- - AdditionalListenerSpec defines the desired state of an - additional listener on an AWS load balancer. - properties: - healthCheck: - description: HealthCheck sets the optional custom health - check configuration to the API target group. - properties: - intervalSeconds: - description: |- - The approximate amount of time, in seconds, between health checks of an individual - target. - format: int64 - maximum: 300 - minimum: 5 - type: integer - path: - description: |- - The destination for health checks on the targets when using the protocol HTTP or HTTPS, - otherwise the path will be ignored. - type: string - port: - description: |- - The port the load balancer uses when performing health checks for additional target groups. When - not specified this value will be set for the same of listener port. - type: string - protocol: - description: |- - The protocol to use to health check connect with the target. When not specified the Protocol - will be the same of the listener. - enum: - - TCP - - HTTP - - HTTPS - type: string - thresholdCount: - description: |- - The number of consecutive health check successes required before considering - a target healthy. - format: int64 - maximum: 10 - minimum: 2 - type: integer - timeoutSeconds: - description: |- - The amount of time, in seconds, during which no response from a target means - a failed health check. - format: int64 - maximum: 120 - minimum: 2 - type: integer - unhealthyThresholdCount: - description: |- - The number of consecutive health check failures required before considering - a target unhealthy. - format: int64 - maximum: 10 - minimum: 2 - type: integer - type: object - port: - description: Port sets the port for the additional listener. - format: int64 - maximum: 65535 - minimum: 1 - type: integer - protocol: - default: TCP - description: |- - Protocol sets the protocol for the additional listener. - Currently only TCP is supported. - enum: - - TCP - type: string - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - x-kubernetes-list-type: map - additionalSecurityGroups: - description: |- - AdditionalSecurityGroups sets the security groups used by the load balancer. Expected to be security group IDs - This is optional - if not provided new security groups will be created for the load balancer - items: - type: string - type: array - crossZoneLoadBalancing: - description: |- - CrossZoneLoadBalancing enables the classic ELB cross availability zone balancing. - - - With cross-zone load balancing, each load balancer node for your Classic Load Balancer - distributes requests evenly across the registered instances in all enabled Availability Zones. - If cross-zone load balancing is disabled, each load balancer node distributes requests evenly across - the registered instances in its Availability Zone only. - - - Defaults to false. - type: boolean - disableHostsRewrite: - description: |- - DisableHostsRewrite disabled the hair pinning issue solution that adds the NLB's address as 127.0.0.1 to the hosts - file of each instance. This is by default, false. - type: boolean - healthCheck: - description: HealthCheck sets custom health check configuration - to the API target group. - properties: - intervalSeconds: - description: |- - The approximate amount of time, in seconds, between health checks of an individual - target. - format: int64 - maximum: 300 - minimum: 5 - type: integer - thresholdCount: - description: |- - The number of consecutive health check successes required before considering - a target healthy. - format: int64 - maximum: 10 - minimum: 2 - type: integer - timeoutSeconds: - description: |- - The amount of time, in seconds, during which no response from a target means - a failed health check. - format: int64 - maximum: 120 - minimum: 2 - type: integer - unhealthyThresholdCount: - description: |- - The number of consecutive health check failures required before considering - a target unhealthy. - format: int64 - maximum: 10 - minimum: 2 - type: integer - type: object - healthCheckProtocol: - description: |- - HealthCheckProtocol sets the protocol type for ELB health check target - default value is ELBProtocolSSL - enum: - - TCP - - SSL - - HTTP - - HTTPS - - TLS - - UDP - type: string - ingressRules: - description: IngressRules sets the ingress rules for the control - plane load balancer. - items: - description: IngressRule defines an AWS ingress rule for security - groups. - properties: - cidrBlocks: - description: List of CIDR blocks to allow access from. Cannot - be specified with SourceSecurityGroupID. - items: - type: string - type: array - description: - description: Description provides extended information about - the ingress rule. - type: string - fromPort: - description: FromPort is the start of port range. - format: int64 - type: integer - ipv6CidrBlocks: - description: List of IPv6 CIDR blocks to allow access from. - Cannot be specified with SourceSecurityGroupID. - items: - type: string - type: array - protocol: - description: Protocol is the protocol for the ingress rule. - Accepted values are "-1" (all), "4" (IP in IP),"tcp", - "udp", "icmp", and "58" (ICMPv6), "50" (ESP). - enum: - - "-1" - - "4" - - tcp - - udp - - icmp - - "58" - - "50" - type: string - sourceSecurityGroupIds: - description: The security group id to allow access from. - Cannot be specified with CidrBlocks. - items: - type: string - type: array - sourceSecurityGroupRoles: - description: |- - The security group role to allow access from. Cannot be specified with CidrBlocks. - The field will be combined with source security group IDs if specified. - items: - description: SecurityGroupRole defines the unique role - of a security group. - enum: - - bastion - - node - - controlplane - - apiserver-lb - - lb - - node-eks-additional - type: string - type: array - toPort: - description: ToPort is the end of port range. - format: int64 - type: integer - required: - - description - - fromPort - - protocol - - toPort - type: object - type: array - loadBalancerType: - default: classic - description: LoadBalancerType sets the type for a load balancer. - The default type is classic. - enum: - - classic - - elb - - alb - - nlb - - disabled - type: string - name: - description: |- - Name sets the name of the classic ELB load balancer. As per AWS, the name must be unique - within your set of load balancers for the region, must have a maximum of 32 characters, must - contain only alphanumeric characters or hyphens, and cannot begin or end with a hyphen. Once - set, the value cannot be changed. - maxLength: 32 - pattern: ^[A-Za-z0-9]([A-Za-z0-9]{0,31}|[-A-Za-z0-9]{0,30}[A-Za-z0-9])$ - type: string - preserveClientIP: - description: |- - PreserveClientIP lets the user control if preservation of client ips must be retained or not. - If this is enabled 6443 will be opened to 0.0.0.0/0. - type: boolean - scheme: - default: internet-facing - description: Scheme sets the scheme of the load balancer (defaults - to internet-facing) - enum: - - internet-facing - - internal - type: string - subnets: - description: Subnets sets the subnets that should be applied to - the control plane load balancer (defaults to discovered subnets - for managed VPCs or an empty set for unmanaged VPCs) - items: - type: string - type: array - type: object - identityRef: - description: |- - IdentityRef is a reference to an identity to be used when reconciling the managed control plane. - If no identity is specified, the default identity for this controller will be used. - properties: - kind: - description: Kind of the identity. - enum: - - AWSClusterControllerIdentity - - AWSClusterRoleIdentity - - AWSClusterStaticIdentity - type: string - name: - description: Name of the identity. - minLength: 1 - type: string - required: - - kind - - name - type: object - imageLookupBaseOS: - description: |- - ImageLookupBaseOS is the name of the base operating system used to look - up machine images when a machine does not specify an AMI. When set, this - will be used for all cluster machines unless a machine specifies a - different ImageLookupBaseOS. - type: string - imageLookupFormat: - description: |- - ImageLookupFormat is the AMI naming format to look up machine images when - a machine does not specify an AMI. When set, this will be used for all - cluster machines unless a machine specifies a different ImageLookupOrg. - Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base - OS and kubernetes version, respectively. The BaseOS will be the value in - ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as - defined by the packages produced by kubernetes/release without v as a - prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default - image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* will end up - searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a - Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See - also: https://golang.org/pkg/text/template/ - type: string - imageLookupOrg: - description: |- - ImageLookupOrg is the AWS Organization ID to look up machine images when a - machine does not specify an AMI. When set, this will be used for all - cluster machines unless a machine specifies a different ImageLookupOrg. - type: string - network: - description: NetworkSpec encapsulates all things related to AWS network. - properties: - additionalControlPlaneIngressRules: - description: AdditionalControlPlaneIngressRules is an optional - set of ingress rules to add to the control plane - items: - description: IngressRule defines an AWS ingress rule for security - groups. - properties: - cidrBlocks: - description: List of CIDR blocks to allow access from. Cannot - be specified with SourceSecurityGroupID. - items: - type: string - type: array - description: - description: Description provides extended information about - the ingress rule. - type: string - fromPort: - description: FromPort is the start of port range. - format: int64 - type: integer - ipv6CidrBlocks: - description: List of IPv6 CIDR blocks to allow access from. - Cannot be specified with SourceSecurityGroupID. - items: - type: string - type: array - protocol: - description: Protocol is the protocol for the ingress rule. - Accepted values are "-1" (all), "4" (IP in IP),"tcp", - "udp", "icmp", and "58" (ICMPv6), "50" (ESP). - enum: - - "-1" - - "4" - - tcp - - udp - - icmp - - "58" - - "50" - type: string - sourceSecurityGroupIds: - description: The security group id to allow access from. - Cannot be specified with CidrBlocks. - items: - type: string - type: array - sourceSecurityGroupRoles: - description: |- - The security group role to allow access from. Cannot be specified with CidrBlocks. - The field will be combined with source security group IDs if specified. - items: - description: SecurityGroupRole defines the unique role - of a security group. - enum: - - bastion - - node - - controlplane - - apiserver-lb - - lb - - node-eks-additional - type: string - type: array - toPort: - description: ToPort is the end of port range. - format: int64 - type: integer - required: - - description - - fromPort - - protocol - - toPort - type: object - type: array - cni: - description: CNI configuration - properties: - cniIngressRules: - description: |- - CNIIngressRules specify rules to apply to control plane and worker node security groups. - The source for the rule will be set to control plane and worker security group IDs. - items: - description: CNIIngressRule defines an AWS ingress rule - for CNI requirements. - properties: - description: - type: string - fromPort: - format: int64 - type: integer - protocol: - description: SecurityGroupProtocol defines the protocol - type for a security group rule. - type: string - toPort: - format: int64 - type: integer - required: - - description - - fromPort - - protocol - - toPort - type: object - type: array - type: object - securityGroupOverrides: - additionalProperties: - type: string - description: |- - SecurityGroupOverrides is an optional set of security groups to use for cluster instances - This is optional - if not provided new security groups will be created for the cluster - type: object - subnets: - description: Subnets configuration. - items: - description: SubnetSpec configures an AWS Subnet. - properties: - availabilityZone: - description: AvailabilityZone defines the availability zone - to use for this subnet in the cluster's region. - type: string - cidrBlock: - description: CidrBlock is the CIDR block to be used when - the provider creates a managed VPC. - type: string - id: - description: |- - ID defines a unique identifier to reference this resource. - If you're bringing your subnet, set the AWS subnet-id here, it must start with `subnet-`. - - - When the VPC is managed by CAPA, and you'd like the provider to create a subnet for you, - the id can be set to any placeholder value that does not start with `subnet-`; - upon creation, the subnet AWS identifier will be populated in the `ResourceID` field and - the `id` field is going to be used as the subnet name. If you specify a tag - called `Name`, it takes precedence. - type: string - ipv6CidrBlock: - description: |- - IPv6CidrBlock is the IPv6 CIDR block to be used when the provider creates a managed VPC. - A subnet can have an IPv4 and an IPv6 address. - IPv6 is only supported in managed clusters, this field cannot be set on AWSCluster object. - type: string - isIpv6: - description: |- - IsIPv6 defines the subnet as an IPv6 subnet. A subnet is IPv6 when it is associated with a VPC that has IPv6 enabled. - IPv6 is only supported in managed clusters, this field cannot be set on AWSCluster object. - type: boolean - isPublic: - description: IsPublic defines the subnet as a public subnet. - A subnet is public when it is associated with a route - table that has a route to an internet gateway. - type: boolean - natGatewayId: - description: |- - NatGatewayID is the NAT gateway id associated with the subnet. - Ignored unless the subnet is managed by the provider, in which case this is set on the public subnet where the NAT gateway resides. It is then used to determine routes for private subnets in the same AZ as the public subnet. - type: string - parentZoneName: - description: |- - ParentZoneName is the zone name where the current subnet's zone is tied when - the zone is a Local Zone. - - - The subnets in Local Zone or Wavelength Zone locations consume the ParentZoneName - to select the correct private route table to egress traffic to the internet. - type: string - resourceID: - description: |- - ResourceID is the subnet identifier from AWS, READ ONLY. - This field is populated when the provider manages the subnet. - type: string - routeTableId: - description: RouteTableID is the routing table id associated - with the subnet. - type: string - tags: - additionalProperties: - type: string - description: Tags is a collection of tags describing the - resource. - type: object - zoneType: - description: |- - ZoneType defines the type of the zone where the subnet is created. - - - The valid values are availability-zone, local-zone, and wavelength-zone. - - - Subnet with zone type availability-zone (regular) is always selected to create cluster - resources, like Load Balancers, NAT Gateways, Contol Plane nodes, etc. - - - Subnet with zone type local-zone or wavelength-zone is not eligible to automatically create - regular cluster resources. - - - The public subnet in availability-zone or local-zone is associated with regular public - route table with default route entry to a Internet Gateway. - - - The public subnet in wavelength-zone is associated with a carrier public - route table with default route entry to a Carrier Gateway. - - - The private subnet in the availability-zone is associated with a private route table with - the default route entry to a NAT Gateway created in that zone. - - - The private subnet in the local-zone or wavelength-zone is associated with a private route table with - the default route entry re-using the NAT Gateway in the Region (preferred from the - parent zone, the zone type availability-zone in the region, or first table available). - enum: - - availability-zone - - local-zone - - wavelength-zone - type: string - required: - - id - type: object - type: array - x-kubernetes-list-map-keys: - - id - x-kubernetes-list-type: map - vpc: - description: VPC configuration. - properties: - availabilityZoneSelection: - default: Ordered - description: |- - AvailabilityZoneSelection specifies how AZs should be selected if there are more AZs - in a region than specified by AvailabilityZoneUsageLimit. There are 2 selection schemes: - Ordered - selects based on alphabetical order - Random - selects AZs randomly in a region - Defaults to Ordered - enum: - - Ordered - - Random - type: string - availabilityZoneUsageLimit: - default: 3 - description: |- - AvailabilityZoneUsageLimit specifies the maximum number of availability zones (AZ) that - should be used in a region when automatically creating subnets. If a region has more - than this number of AZs then this number of AZs will be picked randomly when creating - default subnets. Defaults to 3 - minimum: 1 - type: integer - carrierGatewayId: - description: |- - CarrierGatewayID is the id of the internet gateway associated with the VPC, - for carrier network (Wavelength Zones). - type: string - x-kubernetes-validations: - - message: Carrier Gateway ID must start with 'cagw-' - rule: self.startsWith('cagw-') - cidrBlock: - description: |- - CidrBlock is the CIDR block to be used when the provider creates a managed VPC. - Defaults to 10.0.0.0/16. - Mutually exclusive with IPAMPool. - type: string - emptyRoutesDefaultVPCSecurityGroup: - description: |- - EmptyRoutesDefaultVPCSecurityGroup specifies whether the default VPC security group ingress - and egress rules should be removed. - - - By default, when creating a VPC, AWS creates a security group called `default` with ingress and egress - rules that allow traffic from anywhere. The group could be used as a potential surface attack and - it's generally suggested that the group rules are removed or modified appropriately. - - - NOTE: This only applies when the VPC is managed by the Cluster API AWS controller. - type: boolean - id: - description: ID is the vpc-id of the VPC this provider should - use to create resources. - type: string - internetGatewayId: - description: InternetGatewayID is the id of the internet gateway - associated with the VPC. - type: string - ipamPool: - description: |- - IPAMPool defines the IPAMv4 pool to be used for VPC. - Mutually exclusive with CidrBlock. - properties: - id: - description: ID is the ID of the IPAM pool this provider - should use to create VPC. - type: string - name: - description: Name is the name of the IPAM pool this provider - should use to create VPC. - type: string - netmaskLength: - description: |- - The netmask length of the IPv4 CIDR you want to allocate to VPC from - an Amazon VPC IP Address Manager (IPAM) pool. - Defaults to /16 for IPv4 if not specified. - format: int64 - type: integer - type: object - ipv6: - description: |- - IPv6 contains ipv6 specific settings for the network. Supported only in managed clusters. - This field cannot be set on AWSCluster object. - properties: - cidrBlock: - description: |- - CidrBlock is the CIDR block provided by Amazon when VPC has enabled IPv6. - Mutually exclusive with IPAMPool. - type: string - egressOnlyInternetGatewayId: - description: EgressOnlyInternetGatewayID is the id of - the egress only internet gateway associated with an - IPv6 enabled VPC. - type: string - ipamPool: - description: |- - IPAMPool defines the IPAMv6 pool to be used for VPC. - Mutually exclusive with CidrBlock. - properties: - id: - description: ID is the ID of the IPAM pool this provider - should use to create VPC. - type: string - name: - description: Name is the name of the IPAM pool this - provider should use to create VPC. - type: string - netmaskLength: - description: |- - The netmask length of the IPv4 CIDR you want to allocate to VPC from - an Amazon VPC IP Address Manager (IPAM) pool. - Defaults to /16 for IPv4 if not specified. - format: int64 - type: integer - type: object - poolId: - description: |- - PoolID is the IP pool which must be defined in case of BYO IP is defined. - Must be specified if CidrBlock is set. - Mutually exclusive with IPAMPool. - type: string - type: object - privateDnsHostnameTypeOnLaunch: - description: |- - PrivateDNSHostnameTypeOnLaunch is the type of hostname to assign to instances in the subnet at launch. - For IPv4-only and dual-stack (IPv4 and IPv6) subnets, an instance DNS name can be based on the instance IPv4 address (ip-name) - or the instance ID (resource-name). For IPv6 only subnets, an instance DNS name must be based on the instance ID (resource-name). - enum: - - ip-name - - resource-name - type: string - tags: - additionalProperties: - type: string - description: Tags is a collection of tags describing the resource. - type: object - type: object - type: object - partition: - description: Partition is the AWS security partition being used. Defaults - to "aws" - type: string - region: - description: The AWS Region the cluster lives in. - type: string - s3Bucket: - description: |- - S3Bucket contains options to configure a supporting S3 bucket for this - cluster - currently used for nodes requiring Ignition - (https://coreos.github.io/ignition/) for bootstrapping (requires - BootstrapFormatIgnition feature flag to be enabled). - properties: - bestEffortDeleteObjects: - description: BestEffortDeleteObjects defines whether access/permission - errors during object deletion should be ignored. - type: boolean - controlPlaneIAMInstanceProfile: - description: |- - ControlPlaneIAMInstanceProfile is a name of the IAMInstanceProfile, which will be allowed - to read control-plane node bootstrap data from S3 Bucket. - type: string - name: - description: Name defines name of S3 Bucket to be created. - maxLength: 63 - minLength: 3 - pattern: ^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$ - type: string - nodesIAMInstanceProfiles: - description: |- - NodesIAMInstanceProfiles is a list of IAM instance profiles, which will be allowed to read - worker nodes bootstrap data from S3 Bucket. - items: - type: string - type: array - presignedURLDuration: - description: |- - PresignedURLDuration defines the duration for which presigned URLs are valid. - - - This is used to generate presigned URLs for S3 Bucket objects, which are used by - control-plane and worker nodes to fetch bootstrap data. - - - When enabled, the IAM instance profiles specified are not used. - type: string - required: - - name - type: object - secondaryControlPlaneLoadBalancer: - description: |- - SecondaryControlPlaneLoadBalancer is an additional load balancer that can be used for the control plane. - - - An example use case is to have a separate internal load balancer for internal traffic, - and a separate external load balancer for external traffic. - properties: - additionalListeners: - description: |- - AdditionalListeners sets the additional listeners for the control plane load balancer. - This is only applicable to Network Load Balancer (NLB) types for the time being. - items: - description: |- - AdditionalListenerSpec defines the desired state of an - additional listener on an AWS load balancer. - properties: - healthCheck: - description: HealthCheck sets the optional custom health - check configuration to the API target group. - properties: - intervalSeconds: - description: |- - The approximate amount of time, in seconds, between health checks of an individual - target. - format: int64 - maximum: 300 - minimum: 5 - type: integer - path: - description: |- - The destination for health checks on the targets when using the protocol HTTP or HTTPS, - otherwise the path will be ignored. - type: string - port: - description: |- - The port the load balancer uses when performing health checks for additional target groups. When - not specified this value will be set for the same of listener port. - type: string - protocol: - description: |- - The protocol to use to health check connect with the target. When not specified the Protocol - will be the same of the listener. - enum: - - TCP - - HTTP - - HTTPS - type: string - thresholdCount: - description: |- - The number of consecutive health check successes required before considering - a target healthy. - format: int64 - maximum: 10 - minimum: 2 - type: integer - timeoutSeconds: - description: |- - The amount of time, in seconds, during which no response from a target means - a failed health check. - format: int64 - maximum: 120 - minimum: 2 - type: integer - unhealthyThresholdCount: - description: |- - The number of consecutive health check failures required before considering - a target unhealthy. - format: int64 - maximum: 10 - minimum: 2 - type: integer - type: object - port: - description: Port sets the port for the additional listener. - format: int64 - maximum: 65535 - minimum: 1 - type: integer - protocol: - default: TCP - description: |- - Protocol sets the protocol for the additional listener. - Currently only TCP is supported. - enum: - - TCP - type: string - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - x-kubernetes-list-type: map - additionalSecurityGroups: - description: |- - AdditionalSecurityGroups sets the security groups used by the load balancer. Expected to be security group IDs - This is optional - if not provided new security groups will be created for the load balancer - items: - type: string - type: array - crossZoneLoadBalancing: - description: |- - CrossZoneLoadBalancing enables the classic ELB cross availability zone balancing. - - - With cross-zone load balancing, each load balancer node for your Classic Load Balancer - distributes requests evenly across the registered instances in all enabled Availability Zones. - If cross-zone load balancing is disabled, each load balancer node distributes requests evenly across - the registered instances in its Availability Zone only. - - - Defaults to false. - type: boolean - disableHostsRewrite: - description: |- - DisableHostsRewrite disabled the hair pinning issue solution that adds the NLB's address as 127.0.0.1 to the hosts - file of each instance. This is by default, false. - type: boolean - healthCheck: - description: HealthCheck sets custom health check configuration - to the API target group. - properties: - intervalSeconds: - description: |- - The approximate amount of time, in seconds, between health checks of an individual - target. - format: int64 - maximum: 300 - minimum: 5 - type: integer - thresholdCount: - description: |- - The number of consecutive health check successes required before considering - a target healthy. - format: int64 - maximum: 10 - minimum: 2 - type: integer - timeoutSeconds: - description: |- - The amount of time, in seconds, during which no response from a target means - a failed health check. - format: int64 - maximum: 120 - minimum: 2 - type: integer - unhealthyThresholdCount: - description: |- - The number of consecutive health check failures required before considering - a target unhealthy. - format: int64 - maximum: 10 - minimum: 2 - type: integer - type: object - healthCheckProtocol: - description: |- - HealthCheckProtocol sets the protocol type for ELB health check target - default value is ELBProtocolSSL - enum: - - TCP - - SSL - - HTTP - - HTTPS - - TLS - - UDP - type: string - ingressRules: - description: IngressRules sets the ingress rules for the control - plane load balancer. - items: - description: IngressRule defines an AWS ingress rule for security - groups. - properties: - cidrBlocks: - description: List of CIDR blocks to allow access from. Cannot - be specified with SourceSecurityGroupID. - items: - type: string - type: array - description: - description: Description provides extended information about - the ingress rule. - type: string - fromPort: - description: FromPort is the start of port range. - format: int64 - type: integer - ipv6CidrBlocks: - description: List of IPv6 CIDR blocks to allow access from. - Cannot be specified with SourceSecurityGroupID. - items: - type: string - type: array - protocol: - description: Protocol is the protocol for the ingress rule. - Accepted values are "-1" (all), "4" (IP in IP),"tcp", - "udp", "icmp", and "58" (ICMPv6), "50" (ESP). - enum: - - "-1" - - "4" - - tcp - - udp - - icmp - - "58" - - "50" - type: string - sourceSecurityGroupIds: - description: The security group id to allow access from. - Cannot be specified with CidrBlocks. - items: - type: string - type: array - sourceSecurityGroupRoles: - description: |- - The security group role to allow access from. Cannot be specified with CidrBlocks. - The field will be combined with source security group IDs if specified. - items: - description: SecurityGroupRole defines the unique role - of a security group. - enum: - - bastion - - node - - controlplane - - apiserver-lb - - lb - - node-eks-additional - type: string - type: array - toPort: - description: ToPort is the end of port range. - format: int64 - type: integer - required: - - description - - fromPort - - protocol - - toPort - type: object - type: array - loadBalancerType: - default: classic - description: LoadBalancerType sets the type for a load balancer. - The default type is classic. - enum: - - classic - - elb - - alb - - nlb - - disabled - type: string - name: - description: |- - Name sets the name of the classic ELB load balancer. As per AWS, the name must be unique - within your set of load balancers for the region, must have a maximum of 32 characters, must - contain only alphanumeric characters or hyphens, and cannot begin or end with a hyphen. Once - set, the value cannot be changed. - maxLength: 32 - pattern: ^[A-Za-z0-9]([A-Za-z0-9]{0,31}|[-A-Za-z0-9]{0,30}[A-Za-z0-9])$ - type: string - preserveClientIP: - description: |- - PreserveClientIP lets the user control if preservation of client ips must be retained or not. - If this is enabled 6443 will be opened to 0.0.0.0/0. - type: boolean - scheme: - default: internet-facing - description: Scheme sets the scheme of the load balancer (defaults - to internet-facing) - enum: - - internet-facing - - internal - type: string - subnets: - description: Subnets sets the subnets that should be applied to - the control plane load balancer (defaults to discovered subnets - for managed VPCs or an empty set for unmanaged VPCs) - items: - type: string - type: array - type: object - sshKeyName: - description: SSHKeyName is the name of the ssh key to attach to the - bastion host. Valid values are empty string (do not use SSH keys), - a valid SSH key name, or omitted (use the default SSH key name) - type: string - type: object - status: - description: AWSClusterStatus defines the observed state of AWSCluster. - properties: - bastion: - description: Instance describes an AWS instance. - properties: - addresses: - description: Addresses contains the AWS instance associated addresses. - items: - description: MachineAddress contains information for the node's - address. - properties: - address: - description: The machine address. - type: string - type: - description: Machine address type, one of Hostname, ExternalIP, - InternalIP, ExternalDNS or InternalDNS. - type: string - required: - - address - - type - type: object - type: array - availabilityZone: - description: Availability zone of instance - type: string - ebsOptimized: - description: Indicates whether the instance is optimized for Amazon - EBS I/O. - type: boolean - enaSupport: - description: Specifies whether enhanced networking with ENA is - enabled. - type: boolean - iamProfile: - description: The name of the IAM instance profile associated with - the instance, if applicable. - type: string - id: - type: string - imageId: - description: The ID of the AMI used to launch the instance. - type: string - instanceMetadataOptions: - description: InstanceMetadataOptions is the metadata options for - the EC2 instance. - properties: - httpEndpoint: - default: enabled - description: |- - Enables or disables the HTTP metadata endpoint on your instances. - - - If you specify a value of disabled, you cannot access your instance metadata. - - - Default: enabled - enum: - - enabled - - disabled - type: string - httpPutResponseHopLimit: - default: 1 - description: |- - The desired HTTP PUT response hop limit for instance metadata requests. The - larger the number, the further instance metadata requests can travel. - - - Default: 1 - format: int64 - maximum: 64 - minimum: 1 - type: integer - httpTokens: - default: optional - description: |- - The state of token usage for your instance metadata requests. - - - If the state is optional, you can choose to retrieve instance metadata with - or without a session token on your request. If you retrieve the IAM role - credentials without a token, the version 1.0 role credentials are returned. - If you retrieve the IAM role credentials using a valid session token, the - version 2.0 role credentials are returned. - - - If the state is required, you must send a session token with any instance - metadata retrieval requests. In this state, retrieving the IAM role credentials - always returns the version 2.0 credentials; the version 1.0 credentials are - not available. - - - Default: optional - enum: - - optional - - required - type: string - instanceMetadataTags: - default: disabled - description: |- - Set to enabled to allow access to instance tags from the instance metadata. - Set to disabled to turn off access to instance tags from the instance metadata. - For more information, see Work with instance tags using the instance metadata - (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). - - - Default: disabled - enum: - - enabled - - disabled - type: string - type: object - instanceState: - description: The current state of the instance. - type: string - networkInterfaces: - description: Specifies ENIs attached to instance - items: - type: string - type: array - nonRootVolumes: - description: Configuration options for the non root storage volumes. - items: - description: Volume encapsulates the configuration options for - the storage device. - properties: - deviceName: - description: Device name - type: string - encrypted: - description: Encrypted is whether the volume should be encrypted - or not. - type: boolean - encryptionKey: - description: |- - EncryptionKey is the KMS key to use to encrypt the volume. Can be either a KMS key ID or ARN. - If Encrypted is set and this is omitted, the default AWS key will be used. - The key must already exist and be accessible by the controller. - type: string - iops: - description: IOPS is the number of IOPS requested for the - disk. Not applicable to all types. - format: int64 - type: integer - size: - description: |- - Size specifies size (in Gi) of the storage device. - Must be greater than the image snapshot size or 8 (whichever is greater). - format: int64 - minimum: 8 - type: integer - throughput: - description: Throughput to provision in MiB/s supported - for the volume type. Not applicable to all types. - format: int64 - type: integer - type: - description: Type is the type of the volume (e.g. gp2, io1, - etc...). - type: string - required: - - size - type: object - type: array - placementGroupName: - description: PlacementGroupName specifies the name of the placement - group in which to launch the instance. - type: string - placementGroupPartition: - description: |- - PlacementGroupPartition is the partition number within the placement group in which to launch the instance. - This value is only valid if the placement group, referred in `PlacementGroupName`, was created with - strategy set to partition. - format: int64 - maximum: 7 - minimum: 1 - type: integer - privateDnsName: - description: PrivateDNSName is the options for the instance hostname. - properties: - enableResourceNameDnsAAAARecord: - description: EnableResourceNameDNSAAAARecord indicates whether - to respond to DNS queries for instance hostnames with DNS - AAAA records. - type: boolean - enableResourceNameDnsARecord: - description: EnableResourceNameDNSARecord indicates whether - to respond to DNS queries for instance hostnames with DNS - A records. - type: boolean - hostnameType: - description: The type of hostname to assign to an instance. - enum: - - ip-name - - resource-name - type: string - type: object - privateIp: - description: The private IPv4 address assigned to the instance. - type: string - publicIPOnLaunch: - description: PublicIPOnLaunch is the option to associate a public - IP on instance launch - type: boolean - publicIp: - description: The public IPv4 address assigned to the instance, - if applicable. - type: string - rootVolume: - description: Configuration options for the root storage volume. - properties: - deviceName: - description: Device name - type: string - encrypted: - description: Encrypted is whether the volume should be encrypted - or not. - type: boolean - encryptionKey: - description: |- - EncryptionKey is the KMS key to use to encrypt the volume. Can be either a KMS key ID or ARN. - If Encrypted is set and this is omitted, the default AWS key will be used. - The key must already exist and be accessible by the controller. - type: string - iops: - description: IOPS is the number of IOPS requested for the - disk. Not applicable to all types. - format: int64 - type: integer - size: - description: |- - Size specifies size (in Gi) of the storage device. - Must be greater than the image snapshot size or 8 (whichever is greater). - format: int64 - minimum: 8 - type: integer - throughput: - description: Throughput to provision in MiB/s supported for - the volume type. Not applicable to all types. - format: int64 - type: integer - type: - description: Type is the type of the volume (e.g. gp2, io1, - etc...). - type: string - required: - - size - type: object - securityGroupIds: - description: SecurityGroupIDs are one or more security group IDs - this instance belongs to. - items: - type: string - type: array - spotMarketOptions: - description: SpotMarketOptions option for configuring instances - to be run using AWS Spot instances. - properties: - maxPrice: - description: MaxPrice defines the maximum price the user is - willing to pay for Spot VM instances - type: string - type: object - sshKeyName: - description: The name of the SSH key pair. - type: string - subnetId: - description: The ID of the subnet of the instance. - type: string - tags: - additionalProperties: - type: string - description: The tags associated with the instance. - type: object - tenancy: - description: Tenancy indicates if instance should run on shared - or single-tenant hardware. - type: string - type: - description: The instance type. - type: string - userData: - description: |- - UserData is the raw data script passed to the instance which is run upon bootstrap. - This field must not be base64 encoded and should only be used when running a new instance. - type: string - volumeIDs: - description: IDs of the instance's volumes - items: - type: string - type: array - required: - - id - type: object - conditions: - description: Conditions provide observations of the operational state - of a Cluster API resource. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureDomains: - additionalProperties: - description: |- - FailureDomainSpec is the Schema for Cluster API failure domains. - It allows controllers to understand how many failure domains a cluster can optionally span across. - properties: - attributes: - additionalProperties: - type: string - description: Attributes is a free form map of attributes an - infrastructure provider might use or require. - type: object - controlPlane: - description: ControlPlane determines if this failure domain - is suitable for use by control plane machines. - type: boolean - type: object - description: FailureDomains is a slice of FailureDomains. - type: object - networkStatus: - description: NetworkStatus encapsulates AWS networking resources. - properties: - apiServerElb: - description: APIServerELB is the Kubernetes api server load balancer. - properties: - arn: - description: |- - ARN of the load balancer. Unlike the ClassicLB, ARN is used mostly - to define and get it. - type: string - attributes: - description: ClassicElbAttributes defines extra attributes - associated with the load balancer. - properties: - crossZoneLoadBalancing: - description: CrossZoneLoadBalancing enables the classic - load balancer load balancing. - type: boolean - idleTimeout: - description: |- - IdleTimeout is time that the connection is allowed to be idle (no data - has been sent over the connection) before it is closed by the load balancer. - format: int64 - type: integer - type: object - availabilityZones: - description: AvailabilityZones is an array of availability - zones in the VPC attached to the load balancer. - items: - type: string - type: array - dnsName: - description: DNSName is the dns name of the load balancer. - type: string - elbAttributes: - additionalProperties: - type: string - description: ELBAttributes defines extra attributes associated - with v2 load balancers. - type: object - elbListeners: - description: ELBListeners is an array of listeners associated - with the load balancer. There must be at least one. - items: - description: Listener defines an AWS network load balancer - listener. - properties: - port: - format: int64 - type: integer - protocol: - description: ELBProtocol defines listener protocols - for a load balancer. - type: string - targetGroup: - description: |- - TargetGroupSpec specifies target group settings for a given listener. - This is created first, and the ARN is then passed to the listener. - properties: - name: - description: Name of the TargetGroup. Must be unique - over the same group of listeners. - maxLength: 32 - type: string - port: - description: Port is the exposed port - format: int64 - type: integer - protocol: - description: ELBProtocol defines listener protocols - for a load balancer. - enum: - - tcp - - tls - - udp - - TCP - - TLS - - UDP - type: string - targetGroupHealthCheck: - description: HealthCheck is the elb health check - associated with the load balancer. - properties: - intervalSeconds: - format: int64 - type: integer - path: - type: string - port: - type: string - protocol: - type: string - thresholdCount: - format: int64 - type: integer - timeoutSeconds: - format: int64 - type: integer - unhealthyThresholdCount: - format: int64 - type: integer - type: object - vpcId: - type: string - required: - - name - - port - - protocol - - vpcId - type: object - required: - - port - - protocol - - targetGroup - type: object - type: array - healthChecks: - description: HealthCheck is the classic elb health check associated - with the load balancer. - properties: - healthyThreshold: - format: int64 - type: integer - interval: - description: |- - A Duration represents the elapsed time between two instants - as an int64 nanosecond count. The representation limits the - largest representable duration to approximately 290 years. - format: int64 - type: integer - target: - type: string - timeout: - description: |- - A Duration represents the elapsed time between two instants - as an int64 nanosecond count. The representation limits the - largest representable duration to approximately 290 years. - format: int64 - type: integer - unhealthyThreshold: - format: int64 - type: integer - required: - - healthyThreshold - - interval - - target - - timeout - - unhealthyThreshold - type: object - listeners: - description: ClassicELBListeners is an array of classic elb - listeners associated with the load balancer. There must - be at least one. - items: - description: ClassicELBListener defines an AWS classic load - balancer listener. - properties: - instancePort: - format: int64 - type: integer - instanceProtocol: - description: ELBProtocol defines listener protocols - for a load balancer. - type: string - port: - format: int64 - type: integer - protocol: - description: ELBProtocol defines listener protocols - for a load balancer. - type: string - required: - - instancePort - - instanceProtocol - - port - - protocol - type: object - type: array - loadBalancerType: - description: LoadBalancerType sets the type for a load balancer. - The default type is classic. - enum: - - classic - - elb - - alb - - nlb - type: string - name: - description: |- - The name of the load balancer. It must be unique within the set of load balancers - defined in the region. It also serves as identifier. - type: string - scheme: - description: Scheme is the load balancer scheme, either internet-facing - or private. - type: string - securityGroupIds: - description: SecurityGroupIDs is an array of security groups - assigned to the load balancer. - items: - type: string - type: array - subnetIds: - description: SubnetIDs is an array of subnets in the VPC attached - to the load balancer. - items: - type: string - type: array - tags: - additionalProperties: - type: string - description: Tags is a map of tags associated with the load - balancer. - type: object - type: object - natGatewaysIPs: - description: NatGatewaysIPs contains the public IPs of the NAT - Gateways - items: - type: string - type: array - secondaryAPIServerELB: - description: SecondaryAPIServerELB is the secondary Kubernetes - api server load balancer. - properties: - arn: - description: |- - ARN of the load balancer. Unlike the ClassicLB, ARN is used mostly - to define and get it. - type: string - attributes: - description: ClassicElbAttributes defines extra attributes - associated with the load balancer. - properties: - crossZoneLoadBalancing: - description: CrossZoneLoadBalancing enables the classic - load balancer load balancing. - type: boolean - idleTimeout: - description: |- - IdleTimeout is time that the connection is allowed to be idle (no data - has been sent over the connection) before it is closed by the load balancer. - format: int64 - type: integer - type: object - availabilityZones: - description: AvailabilityZones is an array of availability - zones in the VPC attached to the load balancer. - items: - type: string - type: array - dnsName: - description: DNSName is the dns name of the load balancer. - type: string - elbAttributes: - additionalProperties: - type: string - description: ELBAttributes defines extra attributes associated - with v2 load balancers. - type: object - elbListeners: - description: ELBListeners is an array of listeners associated - with the load balancer. There must be at least one. - items: - description: Listener defines an AWS network load balancer - listener. - properties: - port: - format: int64 - type: integer - protocol: - description: ELBProtocol defines listener protocols - for a load balancer. - type: string - targetGroup: - description: |- - TargetGroupSpec specifies target group settings for a given listener. - This is created first, and the ARN is then passed to the listener. - properties: - name: - description: Name of the TargetGroup. Must be unique - over the same group of listeners. - maxLength: 32 - type: string - port: - description: Port is the exposed port - format: int64 - type: integer - protocol: - description: ELBProtocol defines listener protocols - for a load balancer. - enum: - - tcp - - tls - - udp - - TCP - - TLS - - UDP - type: string - targetGroupHealthCheck: - description: HealthCheck is the elb health check - associated with the load balancer. - properties: - intervalSeconds: - format: int64 - type: integer - path: - type: string - port: - type: string - protocol: - type: string - thresholdCount: - format: int64 - type: integer - timeoutSeconds: - format: int64 - type: integer - unhealthyThresholdCount: - format: int64 - type: integer - type: object - vpcId: - type: string - required: - - name - - port - - protocol - - vpcId - type: object - required: - - port - - protocol - - targetGroup - type: object - type: array - healthChecks: - description: HealthCheck is the classic elb health check associated - with the load balancer. - properties: - healthyThreshold: - format: int64 - type: integer - interval: - description: |- - A Duration represents the elapsed time between two instants - as an int64 nanosecond count. The representation limits the - largest representable duration to approximately 290 years. - format: int64 - type: integer - target: - type: string - timeout: - description: |- - A Duration represents the elapsed time between two instants - as an int64 nanosecond count. The representation limits the - largest representable duration to approximately 290 years. - format: int64 - type: integer - unhealthyThreshold: - format: int64 - type: integer - required: - - healthyThreshold - - interval - - target - - timeout - - unhealthyThreshold - type: object - listeners: - description: ClassicELBListeners is an array of classic elb - listeners associated with the load balancer. There must - be at least one. - items: - description: ClassicELBListener defines an AWS classic load - balancer listener. - properties: - instancePort: - format: int64 - type: integer - instanceProtocol: - description: ELBProtocol defines listener protocols - for a load balancer. - type: string - port: - format: int64 - type: integer - protocol: - description: ELBProtocol defines listener protocols - for a load balancer. - type: string - required: - - instancePort - - instanceProtocol - - port - - protocol - type: object - type: array - loadBalancerType: - description: LoadBalancerType sets the type for a load balancer. - The default type is classic. - enum: - - classic - - elb - - alb - - nlb - type: string - name: - description: |- - The name of the load balancer. It must be unique within the set of load balancers - defined in the region. It also serves as identifier. - type: string - scheme: - description: Scheme is the load balancer scheme, either internet-facing - or private. - type: string - securityGroupIds: - description: SecurityGroupIDs is an array of security groups - assigned to the load balancer. - items: - type: string - type: array - subnetIds: - description: SubnetIDs is an array of subnets in the VPC attached - to the load balancer. - items: - type: string - type: array - tags: - additionalProperties: - type: string - description: Tags is a map of tags associated with the load - balancer. - type: object - type: object - securityGroups: - additionalProperties: - description: SecurityGroup defines an AWS security group. - properties: - id: - description: ID is a unique identifier. - type: string - ingressRule: - description: IngressRules is the inbound rules associated - with the security group. - items: - description: IngressRule defines an AWS ingress rule for - security groups. - properties: - cidrBlocks: - description: List of CIDR blocks to allow access from. - Cannot be specified with SourceSecurityGroupID. - items: - type: string - type: array - description: - description: Description provides extended information - about the ingress rule. - type: string - fromPort: - description: FromPort is the start of port range. - format: int64 - type: integer - ipv6CidrBlocks: - description: List of IPv6 CIDR blocks to allow access - from. Cannot be specified with SourceSecurityGroupID. - items: - type: string - type: array - protocol: - description: Protocol is the protocol for the ingress - rule. Accepted values are "-1" (all), "4" (IP in - IP),"tcp", "udp", "icmp", and "58" (ICMPv6), "50" - (ESP). - enum: - - "-1" - - "4" - - tcp - - udp - - icmp - - "58" - - "50" - type: string - sourceSecurityGroupIds: - description: The security group id to allow access - from. Cannot be specified with CidrBlocks. - items: - type: string - type: array - sourceSecurityGroupRoles: - description: |- - The security group role to allow access from. Cannot be specified with CidrBlocks. - The field will be combined with source security group IDs if specified. - items: - description: SecurityGroupRole defines the unique - role of a security group. - enum: - - bastion - - node - - controlplane - - apiserver-lb - - lb - - node-eks-additional - type: string - type: array - toPort: - description: ToPort is the end of port range. - format: int64 - type: integer - required: - - description - - fromPort - - protocol - - toPort - type: object - type: array - name: - description: Name is the security group name. - type: string - tags: - additionalProperties: - type: string - description: Tags is a map of tags associated with the security - group. - type: object - required: - - id - - name - type: object - description: SecurityGroups is a map from the role/kind of the - security group to its unique name, if any. - type: object - type: object - ready: - default: false - type: boolean - required: - - ready - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-awsclusterstaticidentities.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-awsclusterstaticidentities.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index 23a262166..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-awsclusterstaticidentities.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,238 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: awsclusterstaticidentities.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AWSClusterStaticIdentity - listKind: AWSClusterStaticIdentityList - plural: awsclusterstaticidentities - shortNames: - - awssi - singular: awsclusterstaticidentity - scope: Cluster - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: |- - AWSClusterStaticIdentity is the Schema for the awsclusterstaticidentities API - It represents a reference to an AWS access key ID and secret access key, stored in a secret. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Spec for this AWSClusterStaticIdentity - properties: - allowedNamespaces: - description: |- - AllowedNamespaces is used to identify which namespaces are allowed to use the identity from. - Namespaces can be selected either using an array of namespaces or with label selector. - An empty allowedNamespaces object indicates that AWSClusters can use this identity from any namespace. - If this object is nil, no namespaces will be allowed (default behaviour, if this field is not provided) - A namespace should be either in the NamespaceList or match with Selector to use the identity. - nullable: true - properties: - list: - description: An nil or empty list indicates that AWSClusters cannot - use the identity from any namespace. - items: - type: string - nullable: true - type: array - selector: - description: |- - An empty selector indicates that AWSClusters cannot use this - AWSClusterIdentity from any namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: object - secretRef: - description: |- - Reference to a secret containing the credentials. The secret should - contain the following data keys: - AccessKeyID: AKIAIOSFODNN7EXAMPLE - SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY - SessionToken: Optional - type: string - required: - - secretRef - type: object - type: object - served: false - storage: false - - name: v1beta2 - schema: - openAPIV3Schema: - description: |- - AWSClusterStaticIdentity is the Schema for the awsclusterstaticidentities API - It represents a reference to an AWS access key ID and secret access key, stored in a secret. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Spec for this AWSClusterStaticIdentity - properties: - allowedNamespaces: - description: |- - AllowedNamespaces is used to identify which namespaces are allowed to use the identity from. - Namespaces can be selected either using an array of namespaces or with label selector. - An empty allowedNamespaces object indicates that AWSClusters can use this identity from any namespace. - If this object is nil, no namespaces will be allowed (default behaviour, if this field is not provided) - A namespace should be either in the NamespaceList or match with Selector to use the identity. - nullable: true - properties: - list: - description: An nil or empty list indicates that AWSClusters cannot - use the identity from any namespace. - items: - type: string - nullable: true - type: array - selector: - description: |- - An empty selector indicates that AWSClusters cannot use this - AWSClusterIdentity from any namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: object - secretRef: - description: |- - Reference to a secret containing the credentials. The secret should - contain the following data keys: - AccessKeyID: AKIAIOSFODNN7EXAMPLE - SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY - SessionToken: Optional - type: string - required: - - secretRef - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-awsclustertemplates.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-awsclustertemplates.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index ce19c154c..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-awsclustertemplates.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,1625 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: awsclustertemplates.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AWSClusterTemplate - listKind: AWSClusterTemplateList - plural: awsclustertemplates - shortNames: - - awsct - singular: awsclustertemplate - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Time duration since creation of AWSClusterTemplate - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: AWSClusterTemplate is the schema for Amazon EC2 based Kubernetes - Cluster Templates. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AWSClusterTemplateSpec defines the desired state of AWSClusterTemplate. - properties: - template: - description: AWSClusterTemplateResource defines the desired state - of AWSClusterTemplate. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: AWSClusterSpec defines the desired state of an EC2-based - Kubernetes cluster. - properties: - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to AWS resources managed by the AWS provider, in addition to the - ones added by default. - type: object - bastion: - description: Bastion contains options to configure the bastion - host. - properties: - allowedCIDRBlocks: - description: |- - AllowedCIDRBlocks is a list of CIDR blocks allowed to access the bastion host. - They are set as ingress rules for the Bastion host's Security Group (defaults to 0.0.0.0/0). - items: - type: string - type: array - ami: - description: |- - AMI will use the specified AMI to boot the bastion. If not specified, - the AMI will default to one picked out in public space. - type: string - disableIngressRules: - description: |- - DisableIngressRules will ensure there are no Ingress rules in the bastion host's security group. - Requires AllowedCIDRBlocks to be empty. - type: boolean - enabled: - description: |- - Enabled allows this provider to create a bastion host instance - with a public ip to access the VPC private network. - type: boolean - instanceType: - description: |- - InstanceType will use the specified instance type for the bastion. If not specified, - Cluster API Provider AWS will use t3.micro for all regions except us-east-1, where t2.micro - will be the default. - type: string - type: object - controlPlaneEndpoint: - description: ControlPlaneEndpoint represents the endpoint - used to communicate with the control plane. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - controlPlaneLoadBalancer: - description: ControlPlaneLoadBalancer is optional configuration - for customizing control plane behavior. - properties: - additionalSecurityGroups: - description: |- - AdditionalSecurityGroups sets the security groups used by the load balancer. Expected to be security group IDs - This is optional - if not provided new security groups will be created for the load balancer - items: - type: string - type: array - crossZoneLoadBalancing: - description: |- - CrossZoneLoadBalancing enables the classic ELB cross availability zone balancing. - - - With cross-zone load balancing, each load balancer node for your Classic Load Balancer - distributes requests evenly across the registered instances in all enabled Availability Zones. - If cross-zone load balancing is disabled, each load balancer node distributes requests evenly across - the registered instances in its Availability Zone only. - - - Defaults to false. - type: boolean - healthCheckProtocol: - description: |- - HealthCheckProtocol sets the protocol type for classic ELB health check target - default value is ClassicELBProtocolSSL - type: string - name: - description: |- - Name sets the name of the classic ELB load balancer. As per AWS, the name must be unique - within your set of load balancers for the region, must have a maximum of 32 characters, must - contain only alphanumeric characters or hyphens, and cannot begin or end with a hyphen. Once - set, the value cannot be changed. - maxLength: 32 - pattern: ^[A-Za-z0-9]([A-Za-z0-9]{0,31}|[-A-Za-z0-9]{0,30}[A-Za-z0-9])$ - type: string - scheme: - default: internet-facing - description: Scheme sets the scheme of the load balancer - (defaults to internet-facing) - enum: - - internet-facing - - internal - type: string - subnets: - description: Subnets sets the subnets that should be applied - to the control plane load balancer (defaults to discovered - subnets for managed VPCs or an empty set for unmanaged - VPCs) - items: - type: string - type: array - type: object - identityRef: - description: |- - IdentityRef is a reference to an identity to be used when reconciling the managed control plane. - If no identity is specified, the default identity for this controller will be used. - properties: - kind: - description: Kind of the identity. - enum: - - AWSClusterControllerIdentity - - AWSClusterRoleIdentity - - AWSClusterStaticIdentity - type: string - name: - description: Name of the identity. - minLength: 1 - type: string - required: - - kind - - name - type: object - imageLookupBaseOS: - description: |- - ImageLookupBaseOS is the name of the base operating system used to look - up machine images when a machine does not specify an AMI. When set, this - will be used for all cluster machines unless a machine specifies a - different ImageLookupBaseOS. - type: string - imageLookupFormat: - description: |- - ImageLookupFormat is the AMI naming format to look up machine images when - a machine does not specify an AMI. When set, this will be used for all - cluster machines unless a machine specifies a different ImageLookupOrg. - Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base - OS and kubernetes version, respectively. The BaseOS will be the value in - ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as - defined by the packages produced by kubernetes/release without v as a - prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default - image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* will end up - searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a - Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See - also: https://golang.org/pkg/text/template/ - type: string - imageLookupOrg: - description: |- - ImageLookupOrg is the AWS Organization ID to look up machine images when a - machine does not specify an AMI. When set, this will be used for all - cluster machines unless a machine specifies a different ImageLookupOrg. - type: string - network: - description: NetworkSpec encapsulates all things related to - AWS network. - properties: - cni: - description: CNI configuration - properties: - cniIngressRules: - description: |- - CNIIngressRules specify rules to apply to control plane and worker node security groups. - The source for the rule will be set to control plane and worker security group IDs. - items: - description: CNIIngressRule defines an AWS ingress - rule for CNI requirements. - properties: - description: - type: string - fromPort: - format: int64 - type: integer - protocol: - description: SecurityGroupProtocol defines the - protocol type for a security group rule. - type: string - toPort: - format: int64 - type: integer - required: - - description - - fromPort - - protocol - - toPort - type: object - type: array - type: object - securityGroupOverrides: - additionalProperties: - type: string - description: |- - SecurityGroupOverrides is an optional set of security groups to use for cluster instances - This is optional - if not provided new security groups will be created for the cluster - type: object - subnets: - description: Subnets configuration. - items: - description: SubnetSpec configures an AWS Subnet. - properties: - availabilityZone: - description: AvailabilityZone defines the availability - zone to use for this subnet in the cluster's region. - type: string - cidrBlock: - description: CidrBlock is the CIDR block to be used - when the provider creates a managed VPC. - type: string - id: - description: ID defines a unique identifier to reference - this resource. - type: string - ipv6CidrBlock: - description: |- - IPv6CidrBlock is the IPv6 CIDR block to be used when the provider creates a managed VPC. - A subnet can have an IPv4 and an IPv6 address. - IPv6 is only supported in managed clusters, this field cannot be set on AWSCluster object. - type: string - isIpv6: - description: |- - IsIPv6 defines the subnet as an IPv6 subnet. A subnet is IPv6 when it is associated with a VPC that has IPv6 enabled. - IPv6 is only supported in managed clusters, this field cannot be set on AWSCluster object. - type: boolean - isPublic: - description: IsPublic defines the subnet as a public - subnet. A subnet is public when it is associated - with a route table that has a route to an internet - gateway. - type: boolean - natGatewayId: - description: |- - NatGatewayID is the NAT gateway id associated with the subnet. - Ignored unless the subnet is managed by the provider, in which case this is set on the public subnet where the NAT gateway resides. It is then used to determine routes for private subnets in the same AZ as the public subnet. - type: string - routeTableId: - description: RouteTableID is the routing table id - associated with the subnet. - type: string - tags: - additionalProperties: - type: string - description: Tags is a collection of tags describing - the resource. - type: object - type: object - type: array - vpc: - description: VPC configuration. - properties: - availabilityZoneSelection: - default: Ordered - description: |- - AvailabilityZoneSelection specifies how AZs should be selected if there are more AZs - in a region than specified by AvailabilityZoneUsageLimit. There are 2 selection schemes: - Ordered - selects based on alphabetical order - Random - selects AZs randomly in a region - Defaults to Ordered - enum: - - Ordered - - Random - type: string - availabilityZoneUsageLimit: - default: 3 - description: |- - AvailabilityZoneUsageLimit specifies the maximum number of availability zones (AZ) that - should be used in a region when automatically creating subnets. If a region has more - than this number of AZs then this number of AZs will be picked randomly when creating - default subnets. Defaults to 3 - minimum: 1 - type: integer - cidrBlock: - description: |- - CidrBlock is the CIDR block to be used when the provider creates a managed VPC. - Defaults to 10.0.0.0/16. - type: string - id: - description: ID is the vpc-id of the VPC this provider - should use to create resources. - type: string - internetGatewayId: - description: InternetGatewayID is the id of the internet - gateway associated with the VPC. - type: string - ipv6: - description: |- - IPv6 contains ipv6 specific settings for the network. Supported only in managed clusters. - This field cannot be set on AWSCluster object. - properties: - cidrBlock: - description: CidrBlock is the CIDR block provided - by Amazon when VPC has enabled IPv6. - type: string - egressOnlyInternetGatewayId: - description: EgressOnlyInternetGatewayID is the - id of the egress only internet gateway associated - with an IPv6 enabled VPC. - type: string - poolId: - description: PoolID is the IP pool which must - be defined in case of BYO IP is defined. - type: string - type: object - tags: - additionalProperties: - type: string - description: Tags is a collection of tags describing - the resource. - type: object - type: object - type: object - region: - description: The AWS Region the cluster lives in. - type: string - s3Bucket: - description: |- - S3Bucket contains options to configure a supporting S3 bucket for this - cluster - currently used for nodes requiring Ignition - (https://coreos.github.io/ignition/) for bootstrapping (requires - BootstrapFormatIgnition feature flag to be enabled). - properties: - controlPlaneIAMInstanceProfile: - description: |- - ControlPlaneIAMInstanceProfile is a name of the IAMInstanceProfile, which will be allowed - to read control-plane node bootstrap data from S3 Bucket. - type: string - name: - description: Name defines name of S3 Bucket to be created. - maxLength: 63 - minLength: 3 - pattern: ^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$ - type: string - nodesIAMInstanceProfiles: - description: |- - NodesIAMInstanceProfiles is a list of IAM instance profiles, which will be allowed to read - worker nodes bootstrap data from S3 Bucket. - items: - type: string - type: array - required: - - controlPlaneIAMInstanceProfile - - name - - nodesIAMInstanceProfiles - type: object - sshKeyName: - description: SSHKeyName is the name of the ssh key to attach - to the bastion host. Valid values are empty string (do not - use SSH keys), a valid SSH key name, or omitted (use the - default SSH key name) - type: string - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: false - storage: false - subresources: {} - - additionalPrinterColumns: - - description: Time duration since creation of AWSClusterTemplate - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta2 - schema: - openAPIV3Schema: - description: AWSClusterTemplate is the schema for Amazon EC2 based Kubernetes - Cluster Templates. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AWSClusterTemplateSpec defines the desired state of AWSClusterTemplate. - properties: - template: - description: AWSClusterTemplateResource defines the desired state - of AWSClusterTemplateResource. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: AWSClusterSpec defines the desired state of an EC2-based - Kubernetes cluster. - properties: - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to AWS resources managed by the AWS provider, in addition to the - ones added by default. - type: object - bastion: - description: Bastion contains options to configure the bastion - host. - properties: - allowedCIDRBlocks: - description: |- - AllowedCIDRBlocks is a list of CIDR blocks allowed to access the bastion host. - They are set as ingress rules for the Bastion host's Security Group (defaults to 0.0.0.0/0). - items: - type: string - type: array - ami: - description: |- - AMI will use the specified AMI to boot the bastion. If not specified, - the AMI will default to one picked out in public space. - type: string - disableIngressRules: - description: |- - DisableIngressRules will ensure there are no Ingress rules in the bastion host's security group. - Requires AllowedCIDRBlocks to be empty. - type: boolean - enabled: - description: |- - Enabled allows this provider to create a bastion host instance - with a public ip to access the VPC private network. - type: boolean - instanceType: - description: |- - InstanceType will use the specified instance type for the bastion. If not specified, - Cluster API Provider AWS will use t3.micro for all regions except us-east-1, where t2.micro - will be the default. - type: string - type: object - controlPlaneEndpoint: - description: ControlPlaneEndpoint represents the endpoint - used to communicate with the control plane. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - controlPlaneLoadBalancer: - description: ControlPlaneLoadBalancer is optional configuration - for customizing control plane behavior. - properties: - additionalListeners: - description: |- - AdditionalListeners sets the additional listeners for the control plane load balancer. - This is only applicable to Network Load Balancer (NLB) types for the time being. - items: - description: |- - AdditionalListenerSpec defines the desired state of an - additional listener on an AWS load balancer. - properties: - healthCheck: - description: HealthCheck sets the optional custom - health check configuration to the API target group. - properties: - intervalSeconds: - description: |- - The approximate amount of time, in seconds, between health checks of an individual - target. - format: int64 - maximum: 300 - minimum: 5 - type: integer - path: - description: |- - The destination for health checks on the targets when using the protocol HTTP or HTTPS, - otherwise the path will be ignored. - type: string - port: - description: |- - The port the load balancer uses when performing health checks for additional target groups. When - not specified this value will be set for the same of listener port. - type: string - protocol: - description: |- - The protocol to use to health check connect with the target. When not specified the Protocol - will be the same of the listener. - enum: - - TCP - - HTTP - - HTTPS - type: string - thresholdCount: - description: |- - The number of consecutive health check successes required before considering - a target healthy. - format: int64 - maximum: 10 - minimum: 2 - type: integer - timeoutSeconds: - description: |- - The amount of time, in seconds, during which no response from a target means - a failed health check. - format: int64 - maximum: 120 - minimum: 2 - type: integer - unhealthyThresholdCount: - description: |- - The number of consecutive health check failures required before considering - a target unhealthy. - format: int64 - maximum: 10 - minimum: 2 - type: integer - type: object - port: - description: Port sets the port for the additional - listener. - format: int64 - maximum: 65535 - minimum: 1 - type: integer - protocol: - default: TCP - description: |- - Protocol sets the protocol for the additional listener. - Currently only TCP is supported. - enum: - - TCP - type: string - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - x-kubernetes-list-type: map - additionalSecurityGroups: - description: |- - AdditionalSecurityGroups sets the security groups used by the load balancer. Expected to be security group IDs - This is optional - if not provided new security groups will be created for the load balancer - items: - type: string - type: array - crossZoneLoadBalancing: - description: |- - CrossZoneLoadBalancing enables the classic ELB cross availability zone balancing. - - - With cross-zone load balancing, each load balancer node for your Classic Load Balancer - distributes requests evenly across the registered instances in all enabled Availability Zones. - If cross-zone load balancing is disabled, each load balancer node distributes requests evenly across - the registered instances in its Availability Zone only. - - - Defaults to false. - type: boolean - disableHostsRewrite: - description: |- - DisableHostsRewrite disabled the hair pinning issue solution that adds the NLB's address as 127.0.0.1 to the hosts - file of each instance. This is by default, false. - type: boolean - healthCheck: - description: HealthCheck sets custom health check configuration - to the API target group. - properties: - intervalSeconds: - description: |- - The approximate amount of time, in seconds, between health checks of an individual - target. - format: int64 - maximum: 300 - minimum: 5 - type: integer - thresholdCount: - description: |- - The number of consecutive health check successes required before considering - a target healthy. - format: int64 - maximum: 10 - minimum: 2 - type: integer - timeoutSeconds: - description: |- - The amount of time, in seconds, during which no response from a target means - a failed health check. - format: int64 - maximum: 120 - minimum: 2 - type: integer - unhealthyThresholdCount: - description: |- - The number of consecutive health check failures required before considering - a target unhealthy. - format: int64 - maximum: 10 - minimum: 2 - type: integer - type: object - healthCheckProtocol: - description: |- - HealthCheckProtocol sets the protocol type for ELB health check target - default value is ELBProtocolSSL - enum: - - TCP - - SSL - - HTTP - - HTTPS - - TLS - - UDP - type: string - ingressRules: - description: IngressRules sets the ingress rules for the - control plane load balancer. - items: - description: IngressRule defines an AWS ingress rule - for security groups. - properties: - cidrBlocks: - description: List of CIDR blocks to allow access - from. Cannot be specified with SourceSecurityGroupID. - items: - type: string - type: array - description: - description: Description provides extended information - about the ingress rule. - type: string - fromPort: - description: FromPort is the start of port range. - format: int64 - type: integer - ipv6CidrBlocks: - description: List of IPv6 CIDR blocks to allow access - from. Cannot be specified with SourceSecurityGroupID. - items: - type: string - type: array - protocol: - description: Protocol is the protocol for the ingress - rule. Accepted values are "-1" (all), "4" (IP - in IP),"tcp", "udp", "icmp", and "58" (ICMPv6), - "50" (ESP). - enum: - - "-1" - - "4" - - tcp - - udp - - icmp - - "58" - - "50" - type: string - sourceSecurityGroupIds: - description: The security group id to allow access - from. Cannot be specified with CidrBlocks. - items: - type: string - type: array - sourceSecurityGroupRoles: - description: |- - The security group role to allow access from. Cannot be specified with CidrBlocks. - The field will be combined with source security group IDs if specified. - items: - description: SecurityGroupRole defines the unique - role of a security group. - enum: - - bastion - - node - - controlplane - - apiserver-lb - - lb - - node-eks-additional - type: string - type: array - toPort: - description: ToPort is the end of port range. - format: int64 - type: integer - required: - - description - - fromPort - - protocol - - toPort - type: object - type: array - loadBalancerType: - default: classic - description: LoadBalancerType sets the type for a load - balancer. The default type is classic. - enum: - - classic - - elb - - alb - - nlb - - disabled - type: string - name: - description: |- - Name sets the name of the classic ELB load balancer. As per AWS, the name must be unique - within your set of load balancers for the region, must have a maximum of 32 characters, must - contain only alphanumeric characters or hyphens, and cannot begin or end with a hyphen. Once - set, the value cannot be changed. - maxLength: 32 - pattern: ^[A-Za-z0-9]([A-Za-z0-9]{0,31}|[-A-Za-z0-9]{0,30}[A-Za-z0-9])$ - type: string - preserveClientIP: - description: |- - PreserveClientIP lets the user control if preservation of client ips must be retained or not. - If this is enabled 6443 will be opened to 0.0.0.0/0. - type: boolean - scheme: - default: internet-facing - description: Scheme sets the scheme of the load balancer - (defaults to internet-facing) - enum: - - internet-facing - - internal - type: string - subnets: - description: Subnets sets the subnets that should be applied - to the control plane load balancer (defaults to discovered - subnets for managed VPCs or an empty set for unmanaged - VPCs) - items: - type: string - type: array - type: object - identityRef: - description: |- - IdentityRef is a reference to an identity to be used when reconciling the managed control plane. - If no identity is specified, the default identity for this controller will be used. - properties: - kind: - description: Kind of the identity. - enum: - - AWSClusterControllerIdentity - - AWSClusterRoleIdentity - - AWSClusterStaticIdentity - type: string - name: - description: Name of the identity. - minLength: 1 - type: string - required: - - kind - - name - type: object - imageLookupBaseOS: - description: |- - ImageLookupBaseOS is the name of the base operating system used to look - up machine images when a machine does not specify an AMI. When set, this - will be used for all cluster machines unless a machine specifies a - different ImageLookupBaseOS. - type: string - imageLookupFormat: - description: |- - ImageLookupFormat is the AMI naming format to look up machine images when - a machine does not specify an AMI. When set, this will be used for all - cluster machines unless a machine specifies a different ImageLookupOrg. - Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base - OS and kubernetes version, respectively. The BaseOS will be the value in - ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as - defined by the packages produced by kubernetes/release without v as a - prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default - image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* will end up - searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a - Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See - also: https://golang.org/pkg/text/template/ - type: string - imageLookupOrg: - description: |- - ImageLookupOrg is the AWS Organization ID to look up machine images when a - machine does not specify an AMI. When set, this will be used for all - cluster machines unless a machine specifies a different ImageLookupOrg. - type: string - network: - description: NetworkSpec encapsulates all things related to - AWS network. - properties: - additionalControlPlaneIngressRules: - description: AdditionalControlPlaneIngressRules is an - optional set of ingress rules to add to the control - plane - items: - description: IngressRule defines an AWS ingress rule - for security groups. - properties: - cidrBlocks: - description: List of CIDR blocks to allow access - from. Cannot be specified with SourceSecurityGroupID. - items: - type: string - type: array - description: - description: Description provides extended information - about the ingress rule. - type: string - fromPort: - description: FromPort is the start of port range. - format: int64 - type: integer - ipv6CidrBlocks: - description: List of IPv6 CIDR blocks to allow access - from. Cannot be specified with SourceSecurityGroupID. - items: - type: string - type: array - protocol: - description: Protocol is the protocol for the ingress - rule. Accepted values are "-1" (all), "4" (IP - in IP),"tcp", "udp", "icmp", and "58" (ICMPv6), - "50" (ESP). - enum: - - "-1" - - "4" - - tcp - - udp - - icmp - - "58" - - "50" - type: string - sourceSecurityGroupIds: - description: The security group id to allow access - from. Cannot be specified with CidrBlocks. - items: - type: string - type: array - sourceSecurityGroupRoles: - description: |- - The security group role to allow access from. Cannot be specified with CidrBlocks. - The field will be combined with source security group IDs if specified. - items: - description: SecurityGroupRole defines the unique - role of a security group. - enum: - - bastion - - node - - controlplane - - apiserver-lb - - lb - - node-eks-additional - type: string - type: array - toPort: - description: ToPort is the end of port range. - format: int64 - type: integer - required: - - description - - fromPort - - protocol - - toPort - type: object - type: array - cni: - description: CNI configuration - properties: - cniIngressRules: - description: |- - CNIIngressRules specify rules to apply to control plane and worker node security groups. - The source for the rule will be set to control plane and worker security group IDs. - items: - description: CNIIngressRule defines an AWS ingress - rule for CNI requirements. - properties: - description: - type: string - fromPort: - format: int64 - type: integer - protocol: - description: SecurityGroupProtocol defines the - protocol type for a security group rule. - type: string - toPort: - format: int64 - type: integer - required: - - description - - fromPort - - protocol - - toPort - type: object - type: array - type: object - securityGroupOverrides: - additionalProperties: - type: string - description: |- - SecurityGroupOverrides is an optional set of security groups to use for cluster instances - This is optional - if not provided new security groups will be created for the cluster - type: object - subnets: - description: Subnets configuration. - items: - description: SubnetSpec configures an AWS Subnet. - properties: - availabilityZone: - description: AvailabilityZone defines the availability - zone to use for this subnet in the cluster's region. - type: string - cidrBlock: - description: CidrBlock is the CIDR block to be used - when the provider creates a managed VPC. - type: string - id: - description: |- - ID defines a unique identifier to reference this resource. - If you're bringing your subnet, set the AWS subnet-id here, it must start with `subnet-`. - - - When the VPC is managed by CAPA, and you'd like the provider to create a subnet for you, - the id can be set to any placeholder value that does not start with `subnet-`; - upon creation, the subnet AWS identifier will be populated in the `ResourceID` field and - the `id` field is going to be used as the subnet name. If you specify a tag - called `Name`, it takes precedence. - type: string - ipv6CidrBlock: - description: |- - IPv6CidrBlock is the IPv6 CIDR block to be used when the provider creates a managed VPC. - A subnet can have an IPv4 and an IPv6 address. - IPv6 is only supported in managed clusters, this field cannot be set on AWSCluster object. - type: string - isIpv6: - description: |- - IsIPv6 defines the subnet as an IPv6 subnet. A subnet is IPv6 when it is associated with a VPC that has IPv6 enabled. - IPv6 is only supported in managed clusters, this field cannot be set on AWSCluster object. - type: boolean - isPublic: - description: IsPublic defines the subnet as a public - subnet. A subnet is public when it is associated - with a route table that has a route to an internet - gateway. - type: boolean - natGatewayId: - description: |- - NatGatewayID is the NAT gateway id associated with the subnet. - Ignored unless the subnet is managed by the provider, in which case this is set on the public subnet where the NAT gateway resides. It is then used to determine routes for private subnets in the same AZ as the public subnet. - type: string - parentZoneName: - description: |- - ParentZoneName is the zone name where the current subnet's zone is tied when - the zone is a Local Zone. - - - The subnets in Local Zone or Wavelength Zone locations consume the ParentZoneName - to select the correct private route table to egress traffic to the internet. - type: string - resourceID: - description: |- - ResourceID is the subnet identifier from AWS, READ ONLY. - This field is populated when the provider manages the subnet. - type: string - routeTableId: - description: RouteTableID is the routing table id - associated with the subnet. - type: string - tags: - additionalProperties: - type: string - description: Tags is a collection of tags describing - the resource. - type: object - zoneType: - description: |- - ZoneType defines the type of the zone where the subnet is created. - - - The valid values are availability-zone, local-zone, and wavelength-zone. - - - Subnet with zone type availability-zone (regular) is always selected to create cluster - resources, like Load Balancers, NAT Gateways, Contol Plane nodes, etc. - - - Subnet with zone type local-zone or wavelength-zone is not eligible to automatically create - regular cluster resources. - - - The public subnet in availability-zone or local-zone is associated with regular public - route table with default route entry to a Internet Gateway. - - - The public subnet in wavelength-zone is associated with a carrier public - route table with default route entry to a Carrier Gateway. - - - The private subnet in the availability-zone is associated with a private route table with - the default route entry to a NAT Gateway created in that zone. - - - The private subnet in the local-zone or wavelength-zone is associated with a private route table with - the default route entry re-using the NAT Gateway in the Region (preferred from the - parent zone, the zone type availability-zone in the region, or first table available). - enum: - - availability-zone - - local-zone - - wavelength-zone - type: string - required: - - id - type: object - type: array - x-kubernetes-list-map-keys: - - id - x-kubernetes-list-type: map - vpc: - description: VPC configuration. - properties: - availabilityZoneSelection: - default: Ordered - description: |- - AvailabilityZoneSelection specifies how AZs should be selected if there are more AZs - in a region than specified by AvailabilityZoneUsageLimit. There are 2 selection schemes: - Ordered - selects based on alphabetical order - Random - selects AZs randomly in a region - Defaults to Ordered - enum: - - Ordered - - Random - type: string - availabilityZoneUsageLimit: - default: 3 - description: |- - AvailabilityZoneUsageLimit specifies the maximum number of availability zones (AZ) that - should be used in a region when automatically creating subnets. If a region has more - than this number of AZs then this number of AZs will be picked randomly when creating - default subnets. Defaults to 3 - minimum: 1 - type: integer - carrierGatewayId: - description: |- - CarrierGatewayID is the id of the internet gateway associated with the VPC, - for carrier network (Wavelength Zones). - type: string - x-kubernetes-validations: - - message: Carrier Gateway ID must start with 'cagw-' - rule: self.startsWith('cagw-') - cidrBlock: - description: |- - CidrBlock is the CIDR block to be used when the provider creates a managed VPC. - Defaults to 10.0.0.0/16. - Mutually exclusive with IPAMPool. - type: string - emptyRoutesDefaultVPCSecurityGroup: - description: |- - EmptyRoutesDefaultVPCSecurityGroup specifies whether the default VPC security group ingress - and egress rules should be removed. - - - By default, when creating a VPC, AWS creates a security group called `default` with ingress and egress - rules that allow traffic from anywhere. The group could be used as a potential surface attack and - it's generally suggested that the group rules are removed or modified appropriately. - - - NOTE: This only applies when the VPC is managed by the Cluster API AWS controller. - type: boolean - id: - description: ID is the vpc-id of the VPC this provider - should use to create resources. - type: string - internetGatewayId: - description: InternetGatewayID is the id of the internet - gateway associated with the VPC. - type: string - ipamPool: - description: |- - IPAMPool defines the IPAMv4 pool to be used for VPC. - Mutually exclusive with CidrBlock. - properties: - id: - description: ID is the ID of the IPAM pool this - provider should use to create VPC. - type: string - name: - description: Name is the name of the IPAM pool - this provider should use to create VPC. - type: string - netmaskLength: - description: |- - The netmask length of the IPv4 CIDR you want to allocate to VPC from - an Amazon VPC IP Address Manager (IPAM) pool. - Defaults to /16 for IPv4 if not specified. - format: int64 - type: integer - type: object - ipv6: - description: |- - IPv6 contains ipv6 specific settings for the network. Supported only in managed clusters. - This field cannot be set on AWSCluster object. - properties: - cidrBlock: - description: |- - CidrBlock is the CIDR block provided by Amazon when VPC has enabled IPv6. - Mutually exclusive with IPAMPool. - type: string - egressOnlyInternetGatewayId: - description: EgressOnlyInternetGatewayID is the - id of the egress only internet gateway associated - with an IPv6 enabled VPC. - type: string - ipamPool: - description: |- - IPAMPool defines the IPAMv6 pool to be used for VPC. - Mutually exclusive with CidrBlock. - properties: - id: - description: ID is the ID of the IPAM pool - this provider should use to create VPC. - type: string - name: - description: Name is the name of the IPAM - pool this provider should use to create - VPC. - type: string - netmaskLength: - description: |- - The netmask length of the IPv4 CIDR you want to allocate to VPC from - an Amazon VPC IP Address Manager (IPAM) pool. - Defaults to /16 for IPv4 if not specified. - format: int64 - type: integer - type: object - poolId: - description: |- - PoolID is the IP pool which must be defined in case of BYO IP is defined. - Must be specified if CidrBlock is set. - Mutually exclusive with IPAMPool. - type: string - type: object - privateDnsHostnameTypeOnLaunch: - description: |- - PrivateDNSHostnameTypeOnLaunch is the type of hostname to assign to instances in the subnet at launch. - For IPv4-only and dual-stack (IPv4 and IPv6) subnets, an instance DNS name can be based on the instance IPv4 address (ip-name) - or the instance ID (resource-name). For IPv6 only subnets, an instance DNS name must be based on the instance ID (resource-name). - enum: - - ip-name - - resource-name - type: string - tags: - additionalProperties: - type: string - description: Tags is a collection of tags describing - the resource. - type: object - type: object - type: object - partition: - description: Partition is the AWS security partition being - used. Defaults to "aws" - type: string - region: - description: The AWS Region the cluster lives in. - type: string - s3Bucket: - description: |- - S3Bucket contains options to configure a supporting S3 bucket for this - cluster - currently used for nodes requiring Ignition - (https://coreos.github.io/ignition/) for bootstrapping (requires - BootstrapFormatIgnition feature flag to be enabled). - properties: - bestEffortDeleteObjects: - description: BestEffortDeleteObjects defines whether access/permission - errors during object deletion should be ignored. - type: boolean - controlPlaneIAMInstanceProfile: - description: |- - ControlPlaneIAMInstanceProfile is a name of the IAMInstanceProfile, which will be allowed - to read control-plane node bootstrap data from S3 Bucket. - type: string - name: - description: Name defines name of S3 Bucket to be created. - maxLength: 63 - minLength: 3 - pattern: ^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$ - type: string - nodesIAMInstanceProfiles: - description: |- - NodesIAMInstanceProfiles is a list of IAM instance profiles, which will be allowed to read - worker nodes bootstrap data from S3 Bucket. - items: - type: string - type: array - presignedURLDuration: - description: |- - PresignedURLDuration defines the duration for which presigned URLs are valid. - - - This is used to generate presigned URLs for S3 Bucket objects, which are used by - control-plane and worker nodes to fetch bootstrap data. - - - When enabled, the IAM instance profiles specified are not used. - type: string - required: - - name - type: object - secondaryControlPlaneLoadBalancer: - description: |- - SecondaryControlPlaneLoadBalancer is an additional load balancer that can be used for the control plane. - - - An example use case is to have a separate internal load balancer for internal traffic, - and a separate external load balancer for external traffic. - properties: - additionalListeners: - description: |- - AdditionalListeners sets the additional listeners for the control plane load balancer. - This is only applicable to Network Load Balancer (NLB) types for the time being. - items: - description: |- - AdditionalListenerSpec defines the desired state of an - additional listener on an AWS load balancer. - properties: - healthCheck: - description: HealthCheck sets the optional custom - health check configuration to the API target group. - properties: - intervalSeconds: - description: |- - The approximate amount of time, in seconds, between health checks of an individual - target. - format: int64 - maximum: 300 - minimum: 5 - type: integer - path: - description: |- - The destination for health checks on the targets when using the protocol HTTP or HTTPS, - otherwise the path will be ignored. - type: string - port: - description: |- - The port the load balancer uses when performing health checks for additional target groups. When - not specified this value will be set for the same of listener port. - type: string - protocol: - description: |- - The protocol to use to health check connect with the target. When not specified the Protocol - will be the same of the listener. - enum: - - TCP - - HTTP - - HTTPS - type: string - thresholdCount: - description: |- - The number of consecutive health check successes required before considering - a target healthy. - format: int64 - maximum: 10 - minimum: 2 - type: integer - timeoutSeconds: - description: |- - The amount of time, in seconds, during which no response from a target means - a failed health check. - format: int64 - maximum: 120 - minimum: 2 - type: integer - unhealthyThresholdCount: - description: |- - The number of consecutive health check failures required before considering - a target unhealthy. - format: int64 - maximum: 10 - minimum: 2 - type: integer - type: object - port: - description: Port sets the port for the additional - listener. - format: int64 - maximum: 65535 - minimum: 1 - type: integer - protocol: - default: TCP - description: |- - Protocol sets the protocol for the additional listener. - Currently only TCP is supported. - enum: - - TCP - type: string - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - x-kubernetes-list-type: map - additionalSecurityGroups: - description: |- - AdditionalSecurityGroups sets the security groups used by the load balancer. Expected to be security group IDs - This is optional - if not provided new security groups will be created for the load balancer - items: - type: string - type: array - crossZoneLoadBalancing: - description: |- - CrossZoneLoadBalancing enables the classic ELB cross availability zone balancing. - - - With cross-zone load balancing, each load balancer node for your Classic Load Balancer - distributes requests evenly across the registered instances in all enabled Availability Zones. - If cross-zone load balancing is disabled, each load balancer node distributes requests evenly across - the registered instances in its Availability Zone only. - - - Defaults to false. - type: boolean - disableHostsRewrite: - description: |- - DisableHostsRewrite disabled the hair pinning issue solution that adds the NLB's address as 127.0.0.1 to the hosts - file of each instance. This is by default, false. - type: boolean - healthCheck: - description: HealthCheck sets custom health check configuration - to the API target group. - properties: - intervalSeconds: - description: |- - The approximate amount of time, in seconds, between health checks of an individual - target. - format: int64 - maximum: 300 - minimum: 5 - type: integer - thresholdCount: - description: |- - The number of consecutive health check successes required before considering - a target healthy. - format: int64 - maximum: 10 - minimum: 2 - type: integer - timeoutSeconds: - description: |- - The amount of time, in seconds, during which no response from a target means - a failed health check. - format: int64 - maximum: 120 - minimum: 2 - type: integer - unhealthyThresholdCount: - description: |- - The number of consecutive health check failures required before considering - a target unhealthy. - format: int64 - maximum: 10 - minimum: 2 - type: integer - type: object - healthCheckProtocol: - description: |- - HealthCheckProtocol sets the protocol type for ELB health check target - default value is ELBProtocolSSL - enum: - - TCP - - SSL - - HTTP - - HTTPS - - TLS - - UDP - type: string - ingressRules: - description: IngressRules sets the ingress rules for the - control plane load balancer. - items: - description: IngressRule defines an AWS ingress rule - for security groups. - properties: - cidrBlocks: - description: List of CIDR blocks to allow access - from. Cannot be specified with SourceSecurityGroupID. - items: - type: string - type: array - description: - description: Description provides extended information - about the ingress rule. - type: string - fromPort: - description: FromPort is the start of port range. - format: int64 - type: integer - ipv6CidrBlocks: - description: List of IPv6 CIDR blocks to allow access - from. Cannot be specified with SourceSecurityGroupID. - items: - type: string - type: array - protocol: - description: Protocol is the protocol for the ingress - rule. Accepted values are "-1" (all), "4" (IP - in IP),"tcp", "udp", "icmp", and "58" (ICMPv6), - "50" (ESP). - enum: - - "-1" - - "4" - - tcp - - udp - - icmp - - "58" - - "50" - type: string - sourceSecurityGroupIds: - description: The security group id to allow access - from. Cannot be specified with CidrBlocks. - items: - type: string - type: array - sourceSecurityGroupRoles: - description: |- - The security group role to allow access from. Cannot be specified with CidrBlocks. - The field will be combined with source security group IDs if specified. - items: - description: SecurityGroupRole defines the unique - role of a security group. - enum: - - bastion - - node - - controlplane - - apiserver-lb - - lb - - node-eks-additional - type: string - type: array - toPort: - description: ToPort is the end of port range. - format: int64 - type: integer - required: - - description - - fromPort - - protocol - - toPort - type: object - type: array - loadBalancerType: - default: classic - description: LoadBalancerType sets the type for a load - balancer. The default type is classic. - enum: - - classic - - elb - - alb - - nlb - - disabled - type: string - name: - description: |- - Name sets the name of the classic ELB load balancer. As per AWS, the name must be unique - within your set of load balancers for the region, must have a maximum of 32 characters, must - contain only alphanumeric characters or hyphens, and cannot begin or end with a hyphen. Once - set, the value cannot be changed. - maxLength: 32 - pattern: ^[A-Za-z0-9]([A-Za-z0-9]{0,31}|[-A-Za-z0-9]{0,30}[A-Za-z0-9])$ - type: string - preserveClientIP: - description: |- - PreserveClientIP lets the user control if preservation of client ips must be retained or not. - If this is enabled 6443 will be opened to 0.0.0.0/0. - type: boolean - scheme: - default: internet-facing - description: Scheme sets the scheme of the load balancer - (defaults to internet-facing) - enum: - - internet-facing - - internal - type: string - subnets: - description: Subnets sets the subnets that should be applied - to the control plane load balancer (defaults to discovered - subnets for managed VPCs or an empty set for unmanaged - VPCs) - items: - type: string - type: array - type: object - sshKeyName: - description: SSHKeyName is the name of the ssh key to attach - to the bastion host. Valid values are empty string (do not - use SSH keys), a valid SSH key name, or omitted (use the - default SSH key name) - type: string - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-awsendpointservices.hypershift.openshift.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-awsendpointservices.hypershift.openshift.io.yaml deleted file mode 100644 index 0c689109b..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-awsendpointservices.hypershift.openshift.io.yaml +++ /dev/null @@ -1,375 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: awsendpointservices.hypershift.openshift.io -spec: - group: hypershift.openshift.io - names: - kind: AWSEndpointService - listKind: AWSEndpointServiceList - plural: awsendpointservices - singular: awsendpointservice - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: AWSEndpointService specifies a request for an Endpoint Service - in AWS - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AWSEndpointServiceSpec defines the desired state of AWSEndpointService - properties: - networkLoadBalancerName: - description: The name of the NLB for which an Endpoint Service should - be configured - type: string - resourceTags: - description: Tags to apply to the EndpointService - items: - description: AWSResourceTag is a tag to apply to AWS resources created - for the cluster. - properties: - key: - description: Key is the key of the tag. - maxLength: 128 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - value: - description: |- - Value is the value of the tag. - - - Some AWS service do not support empty values. Since tags are added to - resources in many services, the length of the tag value must meet the - requirements of all services. - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - required: - - key - - value - type: object - type: array - subnetIDs: - description: SubnetIDs is the list of subnet IDs to which guest nodes - can attach - items: - type: string - type: array - required: - - networkLoadBalancerName - type: object - status: - description: AWSEndpointServiceStatus defines the observed state of AWSEndpointService - properties: - conditions: - description: |- - Conditions contains details for the current state of the Endpoint Service - request If there is an error processing the request e.g. the NLB doesn't - exist, then the Available condition will be false, reason AWSErrorReason, - and the error reported in the message. - - - Current condition types are: "Available" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - dnsName: - description: 'Deprecated: Use DNSNames instead' - type: string - dnsNames: - description: DNSName are the names for the records created in the - hypershift private zone - items: - type: string - type: array - dnsZoneID: - description: DNSZoneID is ID for the hypershift private zone - type: string - endpointID: - description: EndpointID is the ID of the Endpoint created in the guest - VPC - type: string - endpointServiceName: - description: |- - EndpointServiceName is the name of the Endpoint Service created in the - management VPC - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - name: v1beta1 - schema: - openAPIV3Schema: - description: AWSEndpointService specifies a request for an Endpoint Service - in AWS - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AWSEndpointServiceSpec defines the desired state of AWSEndpointService - properties: - networkLoadBalancerName: - description: The name of the NLB for which an Endpoint Service should - be configured - type: string - resourceTags: - description: Tags to apply to the EndpointService - items: - description: AWSResourceTag is a tag to apply to AWS resources created - for the cluster. - properties: - key: - description: Key is the key of the tag. - maxLength: 128 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - value: - description: |- - Value is the value of the tag. - - - Some AWS service do not support empty values. Since tags are added to - resources in many services, the length of the tag value must meet the - requirements of all services. - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - required: - - key - - value - type: object - type: array - subnetIDs: - description: SubnetIDs is the list of subnet IDs to which guest nodes - can attach - items: - type: string - type: array - required: - - networkLoadBalancerName - type: object - status: - description: AWSEndpointServiceStatus defines the observed state of AWSEndpointService - properties: - conditions: - description: |- - Conditions contains details for the current state of the Endpoint Service - request If there is an error processing the request e.g. the NLB doesn't - exist, then the Available condition will be false, reason AWSErrorReason, - and the error reported in the message. - - - Current condition types are: "Available" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - dnsNames: - description: DNSName are the names for the records created in the - hypershift private zone - items: - type: string - type: array - dnsZoneID: - description: DNSZoneID is ID for the hypershift private zone - type: string - endpointID: - description: EndpointID is the ID of the Endpoint created in the guest - VPC - type: string - endpointServiceName: - description: |- - EndpointServiceName is the name of the Endpoint Service created in the - management VPC - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-awsmachinepools.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-awsmachinepools.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index 68e3640fd..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-awsmachinepools.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,1147 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: awsmachinepools.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AWSMachinePool - listKind: AWSMachinePoolList - plural: awsmachinepools - shortNames: - - awsmp - singular: awsmachinepool - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Machine ready status - jsonPath: .status.ready - name: Ready - type: string - - description: Machine ready status - jsonPath: .status.replicas - name: Replicas - type: integer - - description: Minimum instanes in ASG - jsonPath: .spec.minSize - name: MinSize - type: integer - - description: Maximum instanes in ASG - jsonPath: .spec.maxSize - name: MaxSize - type: integer - - description: Launch Template ID - jsonPath: .status.launchTemplateID - name: LaunchTemplate ID - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: AWSMachinePool is the Schema for the awsmachinepools API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AWSMachinePoolSpec defines the desired state of AWSMachinePool. - properties: - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the - AWS provider. - type: object - availabilityZones: - description: AvailabilityZones is an array of availability zones instances - can run in - items: - type: string - type: array - awsLaunchTemplate: - description: AWSLaunchTemplate specifies the launch template and version - to use when an instance is launched. - properties: - additionalSecurityGroups: - description: |- - AdditionalSecurityGroups is an array of references to security groups that should be applied to the - instances. These security groups would be set in addition to any security groups defined - at the cluster level or in the actuator. - items: - description: |- - AWSResourceReference is a reference to a specific AWS resource by ID or filters. - Only one of ID or Filters may be specified. Specifying more than one will result in - a validation error. - properties: - filters: - description: |- - Filters is a set of key/value pairs used to identify a resource - They are applied according to the rules defined by the AWS API: - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html - items: - description: Filter is a filter used to identify an AWS - resource. - properties: - name: - description: Name of the filter. Filter names are - case-sensitive. - type: string - values: - description: Values includes one or more filter values. - Filter values are case-sensitive. - items: - type: string - type: array - required: - - name - - values - type: object - type: array - id: - description: ID of resource - type: string - type: object - type: array - ami: - description: AMI is the reference to the AMI from which to create - the machine instance. - properties: - eksLookupType: - description: EKSOptimizedLookupType If specified, will look - up an EKS Optimized image in SSM Parameter store - enum: - - AmazonLinux - - AmazonLinuxGPU - type: string - id: - description: ID of resource - type: string - type: object - iamInstanceProfile: - description: |- - The name or the Amazon Resource Name (ARN) of the instance profile associated - with the IAM role for the instance. The instance profile contains the IAM - role. - type: string - imageLookupBaseOS: - description: |- - ImageLookupBaseOS is the name of the base operating system to use for - image lookup the AMI is not set. - type: string - imageLookupFormat: - description: |- - ImageLookupFormat is the AMI naming format to look up the image for this - machine It will be ignored if an explicit AMI is set. Supports - substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base OS and - kubernetes version, respectively. The BaseOS will be the value in - ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as - defined by the packages produced by kubernetes/release without v as a - prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default - image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* will end up - searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a - Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See - also: https://golang.org/pkg/text/template/ - type: string - imageLookupOrg: - description: ImageLookupOrg is the AWS Organization ID to use - for image lookup if AMI is not set. - type: string - instanceType: - description: 'InstanceType is the type of instance to create. - Example: m4.xlarge' - type: string - name: - description: The name of the launch template. - type: string - rootVolume: - description: RootVolume encapsulates the configuration options - for the root volume - properties: - deviceName: - description: Device name - type: string - encrypted: - description: Encrypted is whether the volume should be encrypted - or not. - type: boolean - encryptionKey: - description: |- - EncryptionKey is the KMS key to use to encrypt the volume. Can be either a KMS key ID or ARN. - If Encrypted is set and this is omitted, the default AWS key will be used. - The key must already exist and be accessible by the controller. - type: string - iops: - description: IOPS is the number of IOPS requested for the - disk. Not applicable to all types. - format: int64 - type: integer - size: - description: |- - Size specifies size (in Gi) of the storage device. - Must be greater than the image snapshot size or 8 (whichever is greater). - format: int64 - minimum: 8 - type: integer - throughput: - description: Throughput to provision in MiB/s supported for - the volume type. Not applicable to all types. - format: int64 - type: integer - type: - description: Type is the type of the volume (e.g. gp2, io1, - etc...). - type: string - required: - - size - type: object - spotMarketOptions: - description: SpotMarketOptions are options for configuring AWSMachinePool - instances to be run using AWS Spot instances. - properties: - maxPrice: - description: MaxPrice defines the maximum price the user is - willing to pay for Spot VM instances - type: string - type: object - sshKeyName: - description: |- - SSHKeyName is the name of the ssh key to attach to the instance. Valid values are empty string - (do not use SSH keys), a valid SSH key name, or omitted (use the default SSH key name) - type: string - versionNumber: - description: |- - VersionNumber is the version of the launch template that is applied. - Typically a new version is created when at least one of the following happens: - 1) A new launch template spec is applied. - 2) One or more parameters in an existing template is changed. - 3) A new AMI is discovered. - format: int64 - type: integer - type: object - capacityRebalance: - description: Enable or disable the capacity rebalance autoscaling - group feature - type: boolean - defaultCoolDown: - description: |- - The amount of time, in seconds, after a scaling activity completes before another scaling activity can start. - If no value is supplied by user a default value of 300 seconds is set - type: string - maxSize: - default: 1 - description: MaxSize defines the maximum size of the group. - format: int32 - minimum: 1 - type: integer - minSize: - default: 1 - description: MinSize defines the minimum size of the group. - format: int32 - minimum: 0 - type: integer - mixedInstancesPolicy: - description: MixedInstancesPolicy describes how multiple instance - types will be used by the ASG. - properties: - instancesDistribution: - description: InstancesDistribution to configure distribution of - On-Demand Instances and Spot Instances. - properties: - onDemandAllocationStrategy: - default: prioritized - description: OnDemandAllocationStrategy indicates how to allocate - instance types to fulfill On-Demand capacity. - enum: - - prioritized - type: string - onDemandBaseCapacity: - default: 0 - format: int64 - type: integer - onDemandPercentageAboveBaseCapacity: - default: 100 - format: int64 - type: integer - spotAllocationStrategy: - default: lowest-price - description: SpotAllocationStrategy indicates how to allocate - instances across Spot Instance pools. - enum: - - lowest-price - - capacity-optimized - type: string - type: object - overrides: - items: - description: |- - Overrides are used to override the instance type specified by the launch template with multiple - instance types that can be used to launch On-Demand Instances and Spot Instances. - properties: - instanceType: - type: string - required: - - instanceType - type: object - type: array - type: object - providerID: - description: ProviderID is the ARN of the associated ASG - type: string - providerIDList: - description: |- - ProviderIDList are the identification IDs of machine instances provided by the provider. - This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances. - items: - type: string - type: array - refreshPreferences: - description: RefreshPreferences describes set of preferences associated - with the instance refresh request. - properties: - instanceWarmup: - description: |- - The number of seconds until a newly launched instance is configured and ready - to use. During this time, the next replacement will not be initiated. - The default is to use the value for the health check grace period defined for the group. - format: int64 - type: integer - minHealthyPercentage: - description: |- - The amount of capacity as a percentage in ASG that must remain healthy - during an instance refresh. The default is 90. - format: int64 - type: integer - strategy: - description: |- - The strategy to use for the instance refresh. The only valid value is Rolling. - A rolling update is an update that is applied to all instances in an Auto - Scaling group until all instances have been updated. - type: string - type: object - subnets: - description: Subnets is an array of subnet configurations - items: - description: |- - AWSResourceReference is a reference to a specific AWS resource by ID or filters. - Only one of ID or Filters may be specified. Specifying more than one will result in - a validation error. - properties: - filters: - description: |- - Filters is a set of key/value pairs used to identify a resource - They are applied according to the rules defined by the AWS API: - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html - items: - description: Filter is a filter used to identify an AWS resource. - properties: - name: - description: Name of the filter. Filter names are case-sensitive. - type: string - values: - description: Values includes one or more filter values. - Filter values are case-sensitive. - items: - type: string - type: array - required: - - name - - values - type: object - type: array - id: - description: ID of resource - type: string - type: object - type: array - required: - - awsLaunchTemplate - - maxSize - - minSize - type: object - status: - description: AWSMachinePoolStatus defines the observed state of AWSMachinePool. - properties: - asgStatus: - description: ASGStatus is a status string returned by the autoscaling - API. - type: string - conditions: - description: Conditions defines current service state of the AWSMachinePool. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - description: |- - FailureMessage will be set in the event that there is a terminal problem - reconciling the Machine and will contain a more verbose string suitable - for logging and human consumption. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - failureReason: - description: |- - FailureReason will be set in the event that there is a terminal problem - reconciling the Machine and will contain a succinct value suitable - for machine interpretation. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - instances: - description: Instances contains the status for each instance in the - pool - items: - description: AWSMachinePoolInstanceStatus defines the status of - the AWSMachinePoolInstance. - properties: - instanceID: - description: InstanceID is the identification of the Machine - Instance within ASG - type: string - version: - description: Version defines the Kubernetes version for the - Machine Instance - type: string - type: object - type: array - launchTemplateID: - description: The ID of the launch template - type: string - launchTemplateVersion: - description: The version of the launch template - type: string - ready: - description: Ready is true when the provider resource is ready. - type: boolean - replicas: - description: Replicas is the most recently observed number of replicas - format: int32 - type: integer - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Machine ready status - jsonPath: .status.ready - name: Ready - type: string - - description: Machine ready status - jsonPath: .status.replicas - name: Replicas - type: integer - - description: Minimum instanes in ASG - jsonPath: .spec.minSize - name: MinSize - type: integer - - description: Maximum instanes in ASG - jsonPath: .spec.maxSize - name: MaxSize - type: integer - - description: Launch Template ID - jsonPath: .status.launchTemplateID - name: LaunchTemplate ID - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: AWSMachinePool is the Schema for the awsmachinepools API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AWSMachinePoolSpec defines the desired state of AWSMachinePool. - properties: - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the - AWS provider. - type: object - availabilityZoneSubnetType: - description: AvailabilityZoneSubnetType specifies which type of subnets - to use when an availability zone is specified. - enum: - - public - - private - - all - type: string - availabilityZones: - description: AvailabilityZones is an array of availability zones instances - can run in - items: - type: string - type: array - awsLaunchTemplate: - description: AWSLaunchTemplate specifies the launch template and version - to use when an instance is launched. - properties: - additionalSecurityGroups: - description: |- - AdditionalSecurityGroups is an array of references to security groups that should be applied to the - instances. These security groups would be set in addition to any security groups defined - at the cluster level or in the actuator. - items: - description: |- - AWSResourceReference is a reference to a specific AWS resource by ID or filters. - Only one of ID or Filters may be specified. Specifying more than one will result in - a validation error. - properties: - filters: - description: |- - Filters is a set of key/value pairs used to identify a resource - They are applied according to the rules defined by the AWS API: - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html - items: - description: Filter is a filter used to identify an AWS - resource. - properties: - name: - description: Name of the filter. Filter names are - case-sensitive. - type: string - values: - description: Values includes one or more filter values. - Filter values are case-sensitive. - items: - type: string - type: array - required: - - name - - values - type: object - type: array - id: - description: ID of resource - type: string - type: object - type: array - ami: - description: AMI is the reference to the AMI from which to create - the machine instance. - properties: - eksLookupType: - description: EKSOptimizedLookupType If specified, will look - up an EKS Optimized image in SSM Parameter store - enum: - - AmazonLinux - - AmazonLinuxGPU - type: string - id: - description: ID of resource - type: string - type: object - iamInstanceProfile: - description: |- - The name or the Amazon Resource Name (ARN) of the instance profile associated - with the IAM role for the instance. The instance profile contains the IAM - role. - type: string - imageLookupBaseOS: - description: |- - ImageLookupBaseOS is the name of the base operating system to use for - image lookup the AMI is not set. - type: string - imageLookupFormat: - description: |- - ImageLookupFormat is the AMI naming format to look up the image for this - machine It will be ignored if an explicit AMI is set. Supports - substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base OS and - kubernetes version, respectively. The BaseOS will be the value in - ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as - defined by the packages produced by kubernetes/release without v as a - prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default - image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* will end up - searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a - Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See - also: https://golang.org/pkg/text/template/ - type: string - imageLookupOrg: - description: ImageLookupOrg is the AWS Organization ID to use - for image lookup if AMI is not set. - type: string - instanceMetadataOptions: - description: InstanceMetadataOptions defines the behavior for - applying metadata to instances. - properties: - httpEndpoint: - default: enabled - description: |- - Enables or disables the HTTP metadata endpoint on your instances. - - - If you specify a value of disabled, you cannot access your instance metadata. - - - Default: enabled - enum: - - enabled - - disabled - type: string - httpPutResponseHopLimit: - default: 1 - description: |- - The desired HTTP PUT response hop limit for instance metadata requests. The - larger the number, the further instance metadata requests can travel. - - - Default: 1 - format: int64 - maximum: 64 - minimum: 1 - type: integer - httpTokens: - default: optional - description: |- - The state of token usage for your instance metadata requests. - - - If the state is optional, you can choose to retrieve instance metadata with - or without a session token on your request. If you retrieve the IAM role - credentials without a token, the version 1.0 role credentials are returned. - If you retrieve the IAM role credentials using a valid session token, the - version 2.0 role credentials are returned. - - - If the state is required, you must send a session token with any instance - metadata retrieval requests. In this state, retrieving the IAM role credentials - always returns the version 2.0 credentials; the version 1.0 credentials are - not available. - - - Default: optional - enum: - - optional - - required - type: string - instanceMetadataTags: - default: disabled - description: |- - Set to enabled to allow access to instance tags from the instance metadata. - Set to disabled to turn off access to instance tags from the instance metadata. - For more information, see Work with instance tags using the instance metadata - (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). - - - Default: disabled - enum: - - enabled - - disabled - type: string - type: object - instanceType: - description: 'InstanceType is the type of instance to create. - Example: m4.xlarge' - type: string - name: - description: The name of the launch template. - type: string - privateDnsName: - description: PrivateDNSName is the options for the instance hostname. - properties: - enableResourceNameDnsAAAARecord: - description: EnableResourceNameDNSAAAARecord indicates whether - to respond to DNS queries for instance hostnames with DNS - AAAA records. - type: boolean - enableResourceNameDnsARecord: - description: EnableResourceNameDNSARecord indicates whether - to respond to DNS queries for instance hostnames with DNS - A records. - type: boolean - hostnameType: - description: The type of hostname to assign to an instance. - enum: - - ip-name - - resource-name - type: string - type: object - rootVolume: - description: RootVolume encapsulates the configuration options - for the root volume - properties: - deviceName: - description: Device name - type: string - encrypted: - description: Encrypted is whether the volume should be encrypted - or not. - type: boolean - encryptionKey: - description: |- - EncryptionKey is the KMS key to use to encrypt the volume. Can be either a KMS key ID or ARN. - If Encrypted is set and this is omitted, the default AWS key will be used. - The key must already exist and be accessible by the controller. - type: string - iops: - description: IOPS is the number of IOPS requested for the - disk. Not applicable to all types. - format: int64 - type: integer - size: - description: |- - Size specifies size (in Gi) of the storage device. - Must be greater than the image snapshot size or 8 (whichever is greater). - format: int64 - minimum: 8 - type: integer - throughput: - description: Throughput to provision in MiB/s supported for - the volume type. Not applicable to all types. - format: int64 - type: integer - type: - description: Type is the type of the volume (e.g. gp2, io1, - etc...). - type: string - required: - - size - type: object - spotMarketOptions: - description: SpotMarketOptions are options for configuring AWSMachinePool - instances to be run using AWS Spot instances. - properties: - maxPrice: - description: MaxPrice defines the maximum price the user is - willing to pay for Spot VM instances - type: string - type: object - sshKeyName: - description: |- - SSHKeyName is the name of the ssh key to attach to the instance. Valid values are empty string - (do not use SSH keys), a valid SSH key name, or omitted (use the default SSH key name) - type: string - versionNumber: - description: |- - VersionNumber is the version of the launch template that is applied. - Typically a new version is created when at least one of the following happens: - 1) A new launch template spec is applied. - 2) One or more parameters in an existing template is changed. - 3) A new AMI is discovered. - format: int64 - type: integer - type: object - capacityRebalance: - description: Enable or disable the capacity rebalance autoscaling - group feature - type: boolean - defaultCoolDown: - description: |- - The amount of time, in seconds, after a scaling activity completes before another scaling activity can start. - If no value is supplied by user a default value of 300 seconds is set - type: string - defaultInstanceWarmup: - description: |- - The amount of time, in seconds, until a new instance is considered to - have finished initializing and resource consumption to become stable - after it enters the InService state. - If no value is supplied by user a default value of 300 seconds is set - type: string - maxSize: - default: 1 - description: MaxSize defines the maximum size of the group. - format: int32 - minimum: 1 - type: integer - minSize: - default: 1 - description: MinSize defines the minimum size of the group. - format: int32 - minimum: 0 - type: integer - mixedInstancesPolicy: - description: MixedInstancesPolicy describes how multiple instance - types will be used by the ASG. - properties: - instancesDistribution: - description: InstancesDistribution to configure distribution of - On-Demand Instances and Spot Instances. - properties: - onDemandAllocationStrategy: - default: prioritized - description: OnDemandAllocationStrategy indicates how to allocate - instance types to fulfill On-Demand capacity. - enum: - - prioritized - - lowest-price - type: string - onDemandBaseCapacity: - default: 0 - format: int64 - type: integer - onDemandPercentageAboveBaseCapacity: - default: 100 - format: int64 - type: integer - spotAllocationStrategy: - default: lowest-price - description: SpotAllocationStrategy indicates how to allocate - instances across Spot Instance pools. - enum: - - lowest-price - - capacity-optimized - - capacity-optimized-prioritized - - price-capacity-optimized - type: string - type: object - overrides: - items: - description: |- - Overrides are used to override the instance type specified by the launch template with multiple - instance types that can be used to launch On-Demand Instances and Spot Instances. - properties: - instanceType: - type: string - required: - - instanceType - type: object - type: array - type: object - providerID: - description: ProviderID is the ARN of the associated ASG - type: string - providerIDList: - description: |- - ProviderIDList are the identification IDs of machine instances provided by the provider. - This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances. - items: - type: string - type: array - refreshPreferences: - description: RefreshPreferences describes set of preferences associated - with the instance refresh request. - properties: - disable: - description: |- - Disable, if true, disables instance refresh from triggering when new launch templates are detected. - This is useful in scenarios where ASG nodes are externally managed. - type: boolean - instanceWarmup: - description: |- - The number of seconds until a newly launched instance is configured and ready - to use. During this time, the next replacement will not be initiated. - The default is to use the value for the health check grace period defined for the group. - format: int64 - type: integer - minHealthyPercentage: - description: |- - The amount of capacity as a percentage in ASG that must remain healthy - during an instance refresh. The default is 90. - format: int64 - type: integer - strategy: - description: |- - The strategy to use for the instance refresh. The only valid value is Rolling. - A rolling update is an update that is applied to all instances in an Auto - Scaling group until all instances have been updated. - type: string - type: object - subnets: - description: Subnets is an array of subnet configurations - items: - description: |- - AWSResourceReference is a reference to a specific AWS resource by ID or filters. - Only one of ID or Filters may be specified. Specifying more than one will result in - a validation error. - properties: - filters: - description: |- - Filters is a set of key/value pairs used to identify a resource - They are applied according to the rules defined by the AWS API: - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html - items: - description: Filter is a filter used to identify an AWS resource. - properties: - name: - description: Name of the filter. Filter names are case-sensitive. - type: string - values: - description: Values includes one or more filter values. - Filter values are case-sensitive. - items: - type: string - type: array - required: - - name - - values - type: object - type: array - id: - description: ID of resource - type: string - type: object - type: array - suspendProcesses: - description: |- - SuspendProcesses defines a list of processes to suspend for the given ASG. This is constantly reconciled. - If a process is removed from this list it will automatically be resumed. - properties: - all: - type: boolean - processes: - description: Processes defines the processes which can be enabled - or disabled individually. - properties: - addToLoadBalancer: - type: boolean - alarmNotification: - type: boolean - azRebalance: - type: boolean - healthCheck: - type: boolean - instanceRefresh: - type: boolean - launch: - type: boolean - replaceUnhealthy: - type: boolean - scheduledActions: - type: boolean - terminate: - type: boolean - type: object - type: object - required: - - awsLaunchTemplate - - maxSize - - minSize - type: object - status: - description: AWSMachinePoolStatus defines the observed state of AWSMachinePool. - properties: - asgStatus: - description: ASGStatus is a status string returned by the autoscaling - API. - type: string - conditions: - description: Conditions defines current service state of the AWSMachinePool. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - description: |- - FailureMessage will be set in the event that there is a terminal problem - reconciling the Machine and will contain a more verbose string suitable - for logging and human consumption. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - failureReason: - description: |- - FailureReason will be set in the event that there is a terminal problem - reconciling the Machine and will contain a succinct value suitable - for machine interpretation. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - instances: - description: Instances contains the status for each instance in the - pool - items: - description: AWSMachinePoolInstanceStatus defines the status of - the AWSMachinePoolInstance. - properties: - instanceID: - description: InstanceID is the identification of the Machine - Instance within ASG - type: string - version: - description: Version defines the Kubernetes version for the - Machine Instance - type: string - type: object - type: array - launchTemplateID: - description: The ID of the launch template - type: string - launchTemplateVersion: - description: The version of the launch template - type: string - ready: - description: Ready is true when the provider resource is ready. - type: boolean - replicas: - description: Replicas is the most recently observed number of replicas - format: int32 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-awsmachines.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-awsmachines.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index 2242963cb..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-awsmachines.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,1202 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - labels: - cluster.x-k8s.io/v1beta1: v1beta2 - name: awsmachines.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AWSMachine - listKind: AWSMachineList - plural: awsmachines - shortNames: - - awsm - singular: awsmachine - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster to which this AWSMachine belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - description: EC2 instance state - jsonPath: .status.instanceState - name: State - type: string - - description: Machine ready status - jsonPath: .status.ready - name: Ready - type: string - - description: EC2 instance ID - jsonPath: .spec.providerID - name: InstanceID - type: string - - description: Machine object which owns with this AWSMachine - jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name - name: Machine - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: AWSMachine is the schema for Amazon EC2 machines. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AWSMachineSpec defines the desired state of an Amazon EC2 - instance. - properties: - additionalSecurityGroups: - description: |- - AdditionalSecurityGroups is an array of references to security groups that should be applied to the - instance. These security groups would be set in addition to any security groups defined - at the cluster level or in the actuator. It is possible to specify either IDs of Filters. Using Filters - will cause additional requests to AWS API and if tags change the attached security groups might change too. - items: - description: |- - AWSResourceReference is a reference to a specific AWS resource by ID or filters. - Only one of ID or Filters may be specified. Specifying more than one will result in - a validation error. - properties: - arn: - description: |- - ARN of resource. - Deprecated: This field has no function and is going to be removed in the next release. - type: string - filters: - description: |- - Filters is a set of key/value pairs used to identify a resource - They are applied according to the rules defined by the AWS API: - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html - items: - description: Filter is a filter used to identify an AWS resource. - properties: - name: - description: Name of the filter. Filter names are case-sensitive. - type: string - values: - description: Values includes one or more filter values. - Filter values are case-sensitive. - items: - type: string - type: array - required: - - name - - values - type: object - type: array - id: - description: ID of resource - type: string - type: object - type: array - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the - AWS provider. If both the AWSCluster and the AWSMachine specify the same tag name with different values, the - AWSMachine's value takes precedence. - type: object - ami: - description: AMI is the reference to the AMI from which to create - the machine instance. - properties: - eksLookupType: - description: EKSOptimizedLookupType If specified, will look up - an EKS Optimized image in SSM Parameter store - enum: - - AmazonLinux - - AmazonLinuxGPU - type: string - id: - description: ID of resource - type: string - type: object - cloudInit: - description: |- - CloudInit defines options related to the bootstrapping systems where - CloudInit is used. - properties: - insecureSkipSecretsManager: - description: |- - InsecureSkipSecretsManager, when set to true will not use AWS Secrets Manager - or AWS Systems Manager Parameter Store to ensure privacy of userdata. - By default, a cloud-init boothook shell script is prepended to download - the userdata from Secrets Manager and additionally delete the secret. - type: boolean - secretCount: - description: SecretCount is the number of secrets used to form - the complete secret - format: int32 - type: integer - secretPrefix: - description: |- - SecretPrefix is the prefix for the secret name. This is stored - temporarily, and deleted when the machine registers as a node against - the workload cluster. - type: string - secureSecretsBackend: - description: |- - SecureSecretsBackend, when set to parameter-store will utilize the AWS Systems Manager - Parameter Storage to distribute secrets. By default or with the value of secrets-manager, - will use AWS Secrets Manager instead. - enum: - - secrets-manager - - ssm-parameter-store - type: string - type: object - failureDomain: - description: |- - FailureDomain is the failure domain unique identifier this Machine should be attached to, as defined in Cluster API. - For this infrastructure provider, the ID is equivalent to an AWS Availability Zone. - If multiple subnets are matched for the availability zone, the first one returned is picked. - type: string - iamInstanceProfile: - description: IAMInstanceProfile is a name of an IAM instance profile - to assign to the instance - type: string - ignition: - description: Ignition defined options related to the bootstrapping - systems where Ignition is used. - properties: - version: - default: "2.3" - description: Version defines which version of Ignition will be - used to generate bootstrap data. - enum: - - "2.3" - type: string - type: object - imageLookupBaseOS: - description: |- - ImageLookupBaseOS is the name of the base operating system to use for - image lookup the AMI is not set. - type: string - imageLookupFormat: - description: |- - ImageLookupFormat is the AMI naming format to look up the image for this - machine It will be ignored if an explicit AMI is set. Supports - substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base OS and - kubernetes version, respectively. The BaseOS will be the value in - ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as - defined by the packages produced by kubernetes/release without v as a - prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default - image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* will end up - searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a - Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See - also: https://golang.org/pkg/text/template/ - type: string - imageLookupOrg: - description: ImageLookupOrg is the AWS Organization ID to use for - image lookup if AMI is not set. - type: string - instanceID: - description: InstanceID is the EC2 instance ID for this machine. - type: string - instanceType: - description: 'InstanceType is the type of instance to create. Example: - m4.xlarge' - minLength: 2 - type: string - networkInterfaces: - description: |- - NetworkInterfaces is a list of ENIs to associate with the instance. - A maximum of 2 may be specified. - items: - type: string - maxItems: 2 - type: array - nonRootVolumes: - description: Configuration options for the non root storage volumes. - items: - description: Volume encapsulates the configuration options for the - storage device. - properties: - deviceName: - description: Device name - type: string - encrypted: - description: Encrypted is whether the volume should be encrypted - or not. - type: boolean - encryptionKey: - description: |- - EncryptionKey is the KMS key to use to encrypt the volume. Can be either a KMS key ID or ARN. - If Encrypted is set and this is omitted, the default AWS key will be used. - The key must already exist and be accessible by the controller. - type: string - iops: - description: IOPS is the number of IOPS requested for the disk. - Not applicable to all types. - format: int64 - type: integer - size: - description: |- - Size specifies size (in Gi) of the storage device. - Must be greater than the image snapshot size or 8 (whichever is greater). - format: int64 - minimum: 8 - type: integer - throughput: - description: Throughput to provision in MiB/s supported for - the volume type. Not applicable to all types. - format: int64 - type: integer - type: - description: Type is the type of the volume (e.g. gp2, io1, - etc...). - type: string - required: - - size - type: object - type: array - providerID: - description: ProviderID is the unique identifier as specified by the - cloud provider. - type: string - publicIP: - description: |- - PublicIP specifies whether the instance should get a public IP. - Precedence for this setting is as follows: - 1. This field if set - 2. Cluster/flavor setting - 3. Subnet default - type: boolean - rootVolume: - description: RootVolume encapsulates the configuration options for - the root volume - properties: - deviceName: - description: Device name - type: string - encrypted: - description: Encrypted is whether the volume should be encrypted - or not. - type: boolean - encryptionKey: - description: |- - EncryptionKey is the KMS key to use to encrypt the volume. Can be either a KMS key ID or ARN. - If Encrypted is set and this is omitted, the default AWS key will be used. - The key must already exist and be accessible by the controller. - type: string - iops: - description: IOPS is the number of IOPS requested for the disk. - Not applicable to all types. - format: int64 - type: integer - size: - description: |- - Size specifies size (in Gi) of the storage device. - Must be greater than the image snapshot size or 8 (whichever is greater). - format: int64 - minimum: 8 - type: integer - throughput: - description: Throughput to provision in MiB/s supported for the - volume type. Not applicable to all types. - format: int64 - type: integer - type: - description: Type is the type of the volume (e.g. gp2, io1, etc...). - type: string - required: - - size - type: object - spotMarketOptions: - description: SpotMarketOptions allows users to configure instances - to be run using AWS Spot instances. - properties: - maxPrice: - description: MaxPrice defines the maximum price the user is willing - to pay for Spot VM instances - type: string - type: object - sshKeyName: - description: SSHKeyName is the name of the ssh key to attach to the - instance. Valid values are empty string (do not use SSH keys), a - valid SSH key name, or omitted (use the default SSH key name) - type: string - subnet: - description: |- - Subnet is a reference to the subnet to use for this instance. If not specified, - the cluster subnet will be used. - properties: - arn: - description: |- - ARN of resource. - Deprecated: This field has no function and is going to be removed in the next release. - type: string - filters: - description: |- - Filters is a set of key/value pairs used to identify a resource - They are applied according to the rules defined by the AWS API: - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html - items: - description: Filter is a filter used to identify an AWS resource. - properties: - name: - description: Name of the filter. Filter names are case-sensitive. - type: string - values: - description: Values includes one or more filter values. - Filter values are case-sensitive. - items: - type: string - type: array - required: - - name - - values - type: object - type: array - id: - description: ID of resource - type: string - type: object - tenancy: - description: Tenancy indicates if instance should run on shared or - single-tenant hardware. - enum: - - default - - dedicated - - host - type: string - uncompressedUserData: - description: |- - UncompressedUserData specify whether the user data is gzip-compressed before it is sent to ec2 instance. - cloud-init has built-in support for gzip-compressed user data - user data stored in aws secret manager is always gzip-compressed. - type: boolean - required: - - instanceType - type: object - status: - description: AWSMachineStatus defines the observed state of AWSMachine. - properties: - addresses: - description: Addresses contains the AWS instance associated addresses. - items: - description: MachineAddress contains information for the node's - address. - properties: - address: - description: The machine address. - type: string - type: - description: Machine address type, one of Hostname, ExternalIP, - InternalIP, ExternalDNS or InternalDNS. - type: string - required: - - address - - type - type: object - type: array - conditions: - description: Conditions defines current service state of the AWSMachine. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - description: |- - FailureMessage will be set in the event that there is a terminal problem - reconciling the Machine and will contain a more verbose string suitable - for logging and human consumption. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - failureReason: - description: |- - FailureReason will be set in the event that there is a terminal problem - reconciling the Machine and will contain a succinct value suitable - for machine interpretation. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - instanceState: - description: InstanceState is the state of the AWS instance for this - machine. - type: string - interruptible: - description: |- - Interruptible reports that this machine is using spot instances and can therefore be interrupted by CAPI when it receives a notice that the spot instance is to be terminated by AWS. - This will be set to true when SpotMarketOptions is not nil (i.e. this machine is using a spot instance). - type: boolean - ready: - description: Ready is true when the provider resource is ready. - type: boolean - type: object - type: object - served: false - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Cluster to which this AWSMachine belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - description: EC2 instance state - jsonPath: .status.instanceState - name: State - type: string - - description: Machine ready status - jsonPath: .status.ready - name: Ready - type: string - - description: EC2 instance ID - jsonPath: .spec.providerID - name: InstanceID - type: string - - description: Machine object which owns with this AWSMachine - jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name - name: Machine - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: AWSMachine is the schema for Amazon EC2 machines. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AWSMachineSpec defines the desired state of an Amazon EC2 - instance. - properties: - additionalSecurityGroups: - description: |- - AdditionalSecurityGroups is an array of references to security groups that should be applied to the - instance. These security groups would be set in addition to any security groups defined - at the cluster level or in the actuator. It is possible to specify either IDs of Filters. Using Filters - will cause additional requests to AWS API and if tags change the attached security groups might change too. - items: - description: |- - AWSResourceReference is a reference to a specific AWS resource by ID or filters. - Only one of ID or Filters may be specified. Specifying more than one will result in - a validation error. - properties: - filters: - description: |- - Filters is a set of key/value pairs used to identify a resource - They are applied according to the rules defined by the AWS API: - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html - items: - description: Filter is a filter used to identify an AWS resource. - properties: - name: - description: Name of the filter. Filter names are case-sensitive. - type: string - values: - description: Values includes one or more filter values. - Filter values are case-sensitive. - items: - type: string - type: array - required: - - name - - values - type: object - type: array - id: - description: ID of resource - type: string - type: object - type: array - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the - AWS provider. If both the AWSCluster and the AWSMachine specify the same tag name with different values, the - AWSMachine's value takes precedence. - type: object - ami: - description: AMI is the reference to the AMI from which to create - the machine instance. - properties: - eksLookupType: - description: EKSOptimizedLookupType If specified, will look up - an EKS Optimized image in SSM Parameter store - enum: - - AmazonLinux - - AmazonLinuxGPU - type: string - id: - description: ID of resource - type: string - type: object - cloudInit: - description: |- - CloudInit defines options related to the bootstrapping systems where - CloudInit is used. - properties: - insecureSkipSecretsManager: - description: |- - InsecureSkipSecretsManager, when set to true will not use AWS Secrets Manager - or AWS Systems Manager Parameter Store to ensure privacy of userdata. - By default, a cloud-init boothook shell script is prepended to download - the userdata from Secrets Manager and additionally delete the secret. - type: boolean - secretCount: - description: SecretCount is the number of secrets used to form - the complete secret - format: int32 - type: integer - secretPrefix: - description: |- - SecretPrefix is the prefix for the secret name. This is stored - temporarily, and deleted when the machine registers as a node against - the workload cluster. - type: string - secureSecretsBackend: - description: |- - SecureSecretsBackend, when set to parameter-store will utilize the AWS Systems Manager - Parameter Storage to distribute secrets. By default or with the value of secrets-manager, - will use AWS Secrets Manager instead. - enum: - - secrets-manager - - ssm-parameter-store - type: string - type: object - iamInstanceProfile: - description: IAMInstanceProfile is a name of an IAM instance profile - to assign to the instance - type: string - ignition: - description: Ignition defined options related to the bootstrapping - systems where Ignition is used. - properties: - proxy: - description: |- - Proxy defines proxy settings for Ignition. - Only valid for Ignition versions 3.1 and above. - properties: - httpProxy: - description: |- - HTTPProxy is the HTTP proxy to use for Ignition. - A single URL that specifies the proxy server to use for HTTP and HTTPS requests, - unless overridden by the HTTPSProxy or NoProxy options. - type: string - httpsProxy: - description: |- - HTTPSProxy is the HTTPS proxy to use for Ignition. - A single URL that specifies the proxy server to use for HTTPS requests, - unless overridden by the NoProxy option. - type: string - noProxy: - description: |- - NoProxy is the list of domains to not proxy for Ignition. - Specifies a list of strings to hosts that should be excluded from proxying. - - - Each value is represented by: - - An IP address prefix (1.2.3.4) - - An IP address prefix in CIDR notation (1.2.3.4/8) - - A domain name - - A domain name matches that name and all subdomains - - A domain name with a leading . matches subdomains only - - A special DNS label (*), indicates that no proxying should be done - - - An IP address prefix and domain name can also include a literal port number (1.2.3.4:80). - items: - description: IgnitionNoProxy defines the list of domains - to not proxy for Ignition. - maxLength: 2048 - type: string - maxItems: 64 - type: array - type: object - storageType: - default: ClusterObjectStore - description: |- - StorageType defines how to store the boostrap user data for Ignition. - This can be used to instruct Ignition from where to fetch the user data to bootstrap an instance. - - - When omitted, the storage option will default to ClusterObjectStore. - - - When set to "ClusterObjectStore", if the capability is available and a Cluster ObjectStore configuration - is correctly provided in the Cluster object (under .spec.s3Bucket), - an object store will be used to store bootstrap user data. - - - When set to "UnencryptedUserData", EC2 Instance User Data will be used to store the machine bootstrap user data, unencrypted. - This option is considered less secure than others as user data may contain sensitive informations (keys, certificates, etc.) - and users with ec2:DescribeInstances permission or users running pods - that can access the ec2 metadata service have access to this sensitive information. - So this is only to be used at ones own risk, and only when other more secure options are not viable. - enum: - - ClusterObjectStore - - UnencryptedUserData - type: string - tls: - description: |- - TLS defines TLS settings for Ignition. - Only valid for Ignition versions 3.1 and above. - properties: - certificateAuthorities: - description: |- - CASources defines the list of certificate authorities to use for Ignition. - The value is the certificate bundle (in PEM format). The bundle can contain multiple concatenated certificates. - Supported schemes are http, https, tftp, s3, arn, gs, and `data` (RFC 2397) URL scheme. - items: - description: IgnitionCASource defines the source of the - certificate authority to use for Ignition. - maxLength: 65536 - type: string - maxItems: 64 - type: array - type: object - version: - default: "2.3" - description: Version defines which version of Ignition will be - used to generate bootstrap data. - enum: - - "2.3" - - "3.0" - - "3.1" - - "3.2" - - "3.3" - - "3.4" - type: string - type: object - imageLookupBaseOS: - description: |- - ImageLookupBaseOS is the name of the base operating system to use for - image lookup the AMI is not set. - type: string - imageLookupFormat: - description: |- - ImageLookupFormat is the AMI naming format to look up the image for this - machine It will be ignored if an explicit AMI is set. Supports - substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base OS and - kubernetes version, respectively. The BaseOS will be the value in - ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as - defined by the packages produced by kubernetes/release without v as a - prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default - image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* will end up - searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a - Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See - also: https://golang.org/pkg/text/template/ - type: string - imageLookupOrg: - description: ImageLookupOrg is the AWS Organization ID to use for - image lookup if AMI is not set. - type: string - instanceID: - description: InstanceID is the EC2 instance ID for this machine. - type: string - instanceMetadataOptions: - description: InstanceMetadataOptions is the metadata options for the - EC2 instance. - properties: - httpEndpoint: - default: enabled - description: |- - Enables or disables the HTTP metadata endpoint on your instances. - - - If you specify a value of disabled, you cannot access your instance metadata. - - - Default: enabled - enum: - - enabled - - disabled - type: string - httpPutResponseHopLimit: - default: 1 - description: |- - The desired HTTP PUT response hop limit for instance metadata requests. The - larger the number, the further instance metadata requests can travel. - - - Default: 1 - format: int64 - maximum: 64 - minimum: 1 - type: integer - httpTokens: - default: optional - description: |- - The state of token usage for your instance metadata requests. - - - If the state is optional, you can choose to retrieve instance metadata with - or without a session token on your request. If you retrieve the IAM role - credentials without a token, the version 1.0 role credentials are returned. - If you retrieve the IAM role credentials using a valid session token, the - version 2.0 role credentials are returned. - - - If the state is required, you must send a session token with any instance - metadata retrieval requests. In this state, retrieving the IAM role credentials - always returns the version 2.0 credentials; the version 1.0 credentials are - not available. - - - Default: optional - enum: - - optional - - required - type: string - instanceMetadataTags: - default: disabled - description: |- - Set to enabled to allow access to instance tags from the instance metadata. - Set to disabled to turn off access to instance tags from the instance metadata. - For more information, see Work with instance tags using the instance metadata - (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). - - - Default: disabled - enum: - - enabled - - disabled - type: string - type: object - instanceType: - description: 'InstanceType is the type of instance to create. Example: - m4.xlarge' - minLength: 2 - type: string - networkInterfaces: - description: |- - NetworkInterfaces is a list of ENIs to associate with the instance. - A maximum of 2 may be specified. - items: - type: string - maxItems: 2 - type: array - nonRootVolumes: - description: Configuration options for the non root storage volumes. - items: - description: Volume encapsulates the configuration options for the - storage device. - properties: - deviceName: - description: Device name - type: string - encrypted: - description: Encrypted is whether the volume should be encrypted - or not. - type: boolean - encryptionKey: - description: |- - EncryptionKey is the KMS key to use to encrypt the volume. Can be either a KMS key ID or ARN. - If Encrypted is set and this is omitted, the default AWS key will be used. - The key must already exist and be accessible by the controller. - type: string - iops: - description: IOPS is the number of IOPS requested for the disk. - Not applicable to all types. - format: int64 - type: integer - size: - description: |- - Size specifies size (in Gi) of the storage device. - Must be greater than the image snapshot size or 8 (whichever is greater). - format: int64 - minimum: 8 - type: integer - throughput: - description: Throughput to provision in MiB/s supported for - the volume type. Not applicable to all types. - format: int64 - type: integer - type: - description: Type is the type of the volume (e.g. gp2, io1, - etc...). - type: string - required: - - size - type: object - type: array - placementGroupName: - description: PlacementGroupName specifies the name of the placement - group in which to launch the instance. - type: string - placementGroupPartition: - description: |- - PlacementGroupPartition is the partition number within the placement group in which to launch the instance. - This value is only valid if the placement group, referred in `PlacementGroupName`, was created with - strategy set to partition. - format: int64 - maximum: 7 - minimum: 1 - type: integer - privateDnsName: - description: PrivateDNSName is the options for the instance hostname. - properties: - enableResourceNameDnsAAAARecord: - description: EnableResourceNameDNSAAAARecord indicates whether - to respond to DNS queries for instance hostnames with DNS AAAA - records. - type: boolean - enableResourceNameDnsARecord: - description: EnableResourceNameDNSARecord indicates whether to - respond to DNS queries for instance hostnames with DNS A records. - type: boolean - hostnameType: - description: The type of hostname to assign to an instance. - enum: - - ip-name - - resource-name - type: string - type: object - providerID: - description: ProviderID is the unique identifier as specified by the - cloud provider. - type: string - publicIP: - description: |- - PublicIP specifies whether the instance should get a public IP. - Precedence for this setting is as follows: - 1. This field if set - 2. Cluster/flavor setting - 3. Subnet default - type: boolean - rootVolume: - description: RootVolume encapsulates the configuration options for - the root volume - properties: - deviceName: - description: Device name - type: string - encrypted: - description: Encrypted is whether the volume should be encrypted - or not. - type: boolean - encryptionKey: - description: |- - EncryptionKey is the KMS key to use to encrypt the volume. Can be either a KMS key ID or ARN. - If Encrypted is set and this is omitted, the default AWS key will be used. - The key must already exist and be accessible by the controller. - type: string - iops: - description: IOPS is the number of IOPS requested for the disk. - Not applicable to all types. - format: int64 - type: integer - size: - description: |- - Size specifies size (in Gi) of the storage device. - Must be greater than the image snapshot size or 8 (whichever is greater). - format: int64 - minimum: 8 - type: integer - throughput: - description: Throughput to provision in MiB/s supported for the - volume type. Not applicable to all types. - format: int64 - type: integer - type: - description: Type is the type of the volume (e.g. gp2, io1, etc...). - type: string - required: - - size - type: object - securityGroupOverrides: - additionalProperties: - type: string - description: |- - SecurityGroupOverrides is an optional set of security groups to use for the node. - This is optional - if not provided security groups from the cluster will be used. - type: object - spotMarketOptions: - description: SpotMarketOptions allows users to configure instances - to be run using AWS Spot instances. - properties: - maxPrice: - description: MaxPrice defines the maximum price the user is willing - to pay for Spot VM instances - type: string - type: object - sshKeyName: - description: SSHKeyName is the name of the ssh key to attach to the - instance. Valid values are empty string (do not use SSH keys), a - valid SSH key name, or omitted (use the default SSH key name) - type: string - subnet: - description: |- - Subnet is a reference to the subnet to use for this instance. If not specified, - the cluster subnet will be used. - properties: - filters: - description: |- - Filters is a set of key/value pairs used to identify a resource - They are applied according to the rules defined by the AWS API: - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html - items: - description: Filter is a filter used to identify an AWS resource. - properties: - name: - description: Name of the filter. Filter names are case-sensitive. - type: string - values: - description: Values includes one or more filter values. - Filter values are case-sensitive. - items: - type: string - type: array - required: - - name - - values - type: object - type: array - id: - description: ID of resource - type: string - type: object - tenancy: - description: Tenancy indicates if instance should run on shared or - single-tenant hardware. - enum: - - default - - dedicated - - host - type: string - uncompressedUserData: - description: |- - UncompressedUserData specify whether the user data is gzip-compressed before it is sent to ec2 instance. - cloud-init has built-in support for gzip-compressed user data - user data stored in aws secret manager is always gzip-compressed. - type: boolean - required: - - instanceType - type: object - status: - description: AWSMachineStatus defines the observed state of AWSMachine. - properties: - addresses: - description: Addresses contains the AWS instance associated addresses. - items: - description: MachineAddress contains information for the node's - address. - properties: - address: - description: The machine address. - type: string - type: - description: Machine address type, one of Hostname, ExternalIP, - InternalIP, ExternalDNS or InternalDNS. - type: string - required: - - address - - type - type: object - type: array - conditions: - description: Conditions defines current service state of the AWSMachine. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - description: |- - FailureMessage will be set in the event that there is a terminal problem - reconciling the Machine and will contain a more verbose string suitable - for logging and human consumption. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - failureReason: - description: |- - FailureReason will be set in the event that there is a terminal problem - reconciling the Machine and will contain a succinct value suitable - for machine interpretation. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - instanceState: - description: InstanceState is the state of the AWS instance for this - machine. - type: string - interruptible: - description: |- - Interruptible reports that this machine is using spot instances and can therefore be interrupted by CAPI when it receives a notice that the spot instance is to be terminated by AWS. - This will be set to true when SpotMarketOptions is not nil (i.e. this machine is using a spot instance). - type: boolean - ready: - description: Ready is true when the provider resource is ready. - type: boolean - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-awsmachinetemplates.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-awsmachinetemplates.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index d30c52c4c..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-awsmachinetemplates.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,1038 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - labels: - cluster.x-k8s.io/v1beta1: v1beta2 - name: awsmachinetemplates.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AWSMachineTemplate - listKind: AWSMachineTemplateList - plural: awsmachinetemplates - shortNames: - - awsmt - singular: awsmachinetemplate - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: AWSMachineTemplate is the schema for the Amazon EC2 Machine Templates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AWSMachineTemplateSpec defines the desired state of AWSMachineTemplate. - properties: - template: - description: AWSMachineTemplateResource describes the data needed - to create am AWSMachine from a template. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: Spec is the specification of the desired behavior - of the machine. - properties: - additionalSecurityGroups: - description: |- - AdditionalSecurityGroups is an array of references to security groups that should be applied to the - instance. These security groups would be set in addition to any security groups defined - at the cluster level or in the actuator. It is possible to specify either IDs of Filters. Using Filters - will cause additional requests to AWS API and if tags change the attached security groups might change too. - items: - description: |- - AWSResourceReference is a reference to a specific AWS resource by ID or filters. - Only one of ID or Filters may be specified. Specifying more than one will result in - a validation error. - properties: - arn: - description: |- - ARN of resource. - Deprecated: This field has no function and is going to be removed in the next release. - type: string - filters: - description: |- - Filters is a set of key/value pairs used to identify a resource - They are applied according to the rules defined by the AWS API: - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html - items: - description: Filter is a filter used to identify an - AWS resource. - properties: - name: - description: Name of the filter. Filter names - are case-sensitive. - type: string - values: - description: Values includes one or more filter - values. Filter values are case-sensitive. - items: - type: string - type: array - required: - - name - - values - type: object - type: array - id: - description: ID of resource - type: string - type: object - type: array - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the - AWS provider. If both the AWSCluster and the AWSMachine specify the same tag name with different values, the - AWSMachine's value takes precedence. - type: object - ami: - description: AMI is the reference to the AMI from which to - create the machine instance. - properties: - eksLookupType: - description: EKSOptimizedLookupType If specified, will - look up an EKS Optimized image in SSM Parameter store - enum: - - AmazonLinux - - AmazonLinuxGPU - type: string - id: - description: ID of resource - type: string - type: object - cloudInit: - description: |- - CloudInit defines options related to the bootstrapping systems where - CloudInit is used. - properties: - insecureSkipSecretsManager: - description: |- - InsecureSkipSecretsManager, when set to true will not use AWS Secrets Manager - or AWS Systems Manager Parameter Store to ensure privacy of userdata. - By default, a cloud-init boothook shell script is prepended to download - the userdata from Secrets Manager and additionally delete the secret. - type: boolean - secretCount: - description: SecretCount is the number of secrets used - to form the complete secret - format: int32 - type: integer - secretPrefix: - description: |- - SecretPrefix is the prefix for the secret name. This is stored - temporarily, and deleted when the machine registers as a node against - the workload cluster. - type: string - secureSecretsBackend: - description: |- - SecureSecretsBackend, when set to parameter-store will utilize the AWS Systems Manager - Parameter Storage to distribute secrets. By default or with the value of secrets-manager, - will use AWS Secrets Manager instead. - enum: - - secrets-manager - - ssm-parameter-store - type: string - type: object - failureDomain: - description: |- - FailureDomain is the failure domain unique identifier this Machine should be attached to, as defined in Cluster API. - For this infrastructure provider, the ID is equivalent to an AWS Availability Zone. - If multiple subnets are matched for the availability zone, the first one returned is picked. - type: string - iamInstanceProfile: - description: IAMInstanceProfile is a name of an IAM instance - profile to assign to the instance - type: string - ignition: - description: Ignition defined options related to the bootstrapping - systems where Ignition is used. - properties: - version: - default: "2.3" - description: Version defines which version of Ignition - will be used to generate bootstrap data. - enum: - - "2.3" - type: string - type: object - imageLookupBaseOS: - description: |- - ImageLookupBaseOS is the name of the base operating system to use for - image lookup the AMI is not set. - type: string - imageLookupFormat: - description: |- - ImageLookupFormat is the AMI naming format to look up the image for this - machine It will be ignored if an explicit AMI is set. Supports - substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base OS and - kubernetes version, respectively. The BaseOS will be the value in - ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as - defined by the packages produced by kubernetes/release without v as a - prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default - image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* will end up - searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a - Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See - also: https://golang.org/pkg/text/template/ - type: string - imageLookupOrg: - description: ImageLookupOrg is the AWS Organization ID to - use for image lookup if AMI is not set. - type: string - instanceID: - description: InstanceID is the EC2 instance ID for this machine. - type: string - instanceType: - description: 'InstanceType is the type of instance to create. - Example: m4.xlarge' - minLength: 2 - type: string - networkInterfaces: - description: |- - NetworkInterfaces is a list of ENIs to associate with the instance. - A maximum of 2 may be specified. - items: - type: string - maxItems: 2 - type: array - nonRootVolumes: - description: Configuration options for the non root storage - volumes. - items: - description: Volume encapsulates the configuration options - for the storage device. - properties: - deviceName: - description: Device name - type: string - encrypted: - description: Encrypted is whether the volume should - be encrypted or not. - type: boolean - encryptionKey: - description: |- - EncryptionKey is the KMS key to use to encrypt the volume. Can be either a KMS key ID or ARN. - If Encrypted is set and this is omitted, the default AWS key will be used. - The key must already exist and be accessible by the controller. - type: string - iops: - description: IOPS is the number of IOPS requested for - the disk. Not applicable to all types. - format: int64 - type: integer - size: - description: |- - Size specifies size (in Gi) of the storage device. - Must be greater than the image snapshot size or 8 (whichever is greater). - format: int64 - minimum: 8 - type: integer - throughput: - description: Throughput to provision in MiB/s supported - for the volume type. Not applicable to all types. - format: int64 - type: integer - type: - description: Type is the type of the volume (e.g. gp2, - io1, etc...). - type: string - required: - - size - type: object - type: array - providerID: - description: ProviderID is the unique identifier as specified - by the cloud provider. - type: string - publicIP: - description: |- - PublicIP specifies whether the instance should get a public IP. - Precedence for this setting is as follows: - 1. This field if set - 2. Cluster/flavor setting - 3. Subnet default - type: boolean - rootVolume: - description: RootVolume encapsulates the configuration options - for the root volume - properties: - deviceName: - description: Device name - type: string - encrypted: - description: Encrypted is whether the volume should be - encrypted or not. - type: boolean - encryptionKey: - description: |- - EncryptionKey is the KMS key to use to encrypt the volume. Can be either a KMS key ID or ARN. - If Encrypted is set and this is omitted, the default AWS key will be used. - The key must already exist and be accessible by the controller. - type: string - iops: - description: IOPS is the number of IOPS requested for - the disk. Not applicable to all types. - format: int64 - type: integer - size: - description: |- - Size specifies size (in Gi) of the storage device. - Must be greater than the image snapshot size or 8 (whichever is greater). - format: int64 - minimum: 8 - type: integer - throughput: - description: Throughput to provision in MiB/s supported - for the volume type. Not applicable to all types. - format: int64 - type: integer - type: - description: Type is the type of the volume (e.g. gp2, - io1, etc...). - type: string - required: - - size - type: object - spotMarketOptions: - description: SpotMarketOptions allows users to configure instances - to be run using AWS Spot instances. - properties: - maxPrice: - description: MaxPrice defines the maximum price the user - is willing to pay for Spot VM instances - type: string - type: object - sshKeyName: - description: SSHKeyName is the name of the ssh key to attach - to the instance. Valid values are empty string (do not use - SSH keys), a valid SSH key name, or omitted (use the default - SSH key name) - type: string - subnet: - description: |- - Subnet is a reference to the subnet to use for this instance. If not specified, - the cluster subnet will be used. - properties: - arn: - description: |- - ARN of resource. - Deprecated: This field has no function and is going to be removed in the next release. - type: string - filters: - description: |- - Filters is a set of key/value pairs used to identify a resource - They are applied according to the rules defined by the AWS API: - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html - items: - description: Filter is a filter used to identify an - AWS resource. - properties: - name: - description: Name of the filter. Filter names are - case-sensitive. - type: string - values: - description: Values includes one or more filter - values. Filter values are case-sensitive. - items: - type: string - type: array - required: - - name - - values - type: object - type: array - id: - description: ID of resource - type: string - type: object - tenancy: - description: Tenancy indicates if instance should run on shared - or single-tenant hardware. - enum: - - default - - dedicated - - host - type: string - uncompressedUserData: - description: |- - UncompressedUserData specify whether the user data is gzip-compressed before it is sent to ec2 instance. - cloud-init has built-in support for gzip-compressed user data - user data stored in aws secret manager is always gzip-compressed. - type: boolean - required: - - instanceType - type: object - required: - - spec - type: object - required: - - template - type: object - status: - description: AWSMachineTemplateStatus defines a status for an AWSMachineTemplate. - properties: - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Capacity defines the resource capacity for this machine. - This value is used for autoscaling from zero operations as defined in: - https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20210310-opt-in-autoscaling-from-zero.md - type: object - type: object - type: object - served: false - storage: false - - name: v1beta2 - schema: - openAPIV3Schema: - description: AWSMachineTemplate is the schema for the Amazon EC2 Machine Templates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AWSMachineTemplateSpec defines the desired state of AWSMachineTemplate. - properties: - template: - description: AWSMachineTemplateResource describes the data needed - to create am AWSMachine from a template. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: Spec is the specification of the desired behavior - of the machine. - properties: - additionalSecurityGroups: - description: |- - AdditionalSecurityGroups is an array of references to security groups that should be applied to the - instance. These security groups would be set in addition to any security groups defined - at the cluster level or in the actuator. It is possible to specify either IDs of Filters. Using Filters - will cause additional requests to AWS API and if tags change the attached security groups might change too. - items: - description: |- - AWSResourceReference is a reference to a specific AWS resource by ID or filters. - Only one of ID or Filters may be specified. Specifying more than one will result in - a validation error. - properties: - filters: - description: |- - Filters is a set of key/value pairs used to identify a resource - They are applied according to the rules defined by the AWS API: - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html - items: - description: Filter is a filter used to identify an - AWS resource. - properties: - name: - description: Name of the filter. Filter names - are case-sensitive. - type: string - values: - description: Values includes one or more filter - values. Filter values are case-sensitive. - items: - type: string - type: array - required: - - name - - values - type: object - type: array - id: - description: ID of resource - type: string - type: object - type: array - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the - AWS provider. If both the AWSCluster and the AWSMachine specify the same tag name with different values, the - AWSMachine's value takes precedence. - type: object - ami: - description: AMI is the reference to the AMI from which to - create the machine instance. - properties: - eksLookupType: - description: EKSOptimizedLookupType If specified, will - look up an EKS Optimized image in SSM Parameter store - enum: - - AmazonLinux - - AmazonLinuxGPU - type: string - id: - description: ID of resource - type: string - type: object - cloudInit: - description: |- - CloudInit defines options related to the bootstrapping systems where - CloudInit is used. - properties: - insecureSkipSecretsManager: - description: |- - InsecureSkipSecretsManager, when set to true will not use AWS Secrets Manager - or AWS Systems Manager Parameter Store to ensure privacy of userdata. - By default, a cloud-init boothook shell script is prepended to download - the userdata from Secrets Manager and additionally delete the secret. - type: boolean - secretCount: - description: SecretCount is the number of secrets used - to form the complete secret - format: int32 - type: integer - secretPrefix: - description: |- - SecretPrefix is the prefix for the secret name. This is stored - temporarily, and deleted when the machine registers as a node against - the workload cluster. - type: string - secureSecretsBackend: - description: |- - SecureSecretsBackend, when set to parameter-store will utilize the AWS Systems Manager - Parameter Storage to distribute secrets. By default or with the value of secrets-manager, - will use AWS Secrets Manager instead. - enum: - - secrets-manager - - ssm-parameter-store - type: string - type: object - iamInstanceProfile: - description: IAMInstanceProfile is a name of an IAM instance - profile to assign to the instance - type: string - ignition: - description: Ignition defined options related to the bootstrapping - systems where Ignition is used. - properties: - proxy: - description: |- - Proxy defines proxy settings for Ignition. - Only valid for Ignition versions 3.1 and above. - properties: - httpProxy: - description: |- - HTTPProxy is the HTTP proxy to use for Ignition. - A single URL that specifies the proxy server to use for HTTP and HTTPS requests, - unless overridden by the HTTPSProxy or NoProxy options. - type: string - httpsProxy: - description: |- - HTTPSProxy is the HTTPS proxy to use for Ignition. - A single URL that specifies the proxy server to use for HTTPS requests, - unless overridden by the NoProxy option. - type: string - noProxy: - description: |- - NoProxy is the list of domains to not proxy for Ignition. - Specifies a list of strings to hosts that should be excluded from proxying. - - - Each value is represented by: - - An IP address prefix (1.2.3.4) - - An IP address prefix in CIDR notation (1.2.3.4/8) - - A domain name - - A domain name matches that name and all subdomains - - A domain name with a leading . matches subdomains only - - A special DNS label (*), indicates that no proxying should be done - - - An IP address prefix and domain name can also include a literal port number (1.2.3.4:80). - items: - description: IgnitionNoProxy defines the list of - domains to not proxy for Ignition. - maxLength: 2048 - type: string - maxItems: 64 - type: array - type: object - storageType: - default: ClusterObjectStore - description: |- - StorageType defines how to store the boostrap user data for Ignition. - This can be used to instruct Ignition from where to fetch the user data to bootstrap an instance. - - - When omitted, the storage option will default to ClusterObjectStore. - - - When set to "ClusterObjectStore", if the capability is available and a Cluster ObjectStore configuration - is correctly provided in the Cluster object (under .spec.s3Bucket), - an object store will be used to store bootstrap user data. - - - When set to "UnencryptedUserData", EC2 Instance User Data will be used to store the machine bootstrap user data, unencrypted. - This option is considered less secure than others as user data may contain sensitive informations (keys, certificates, etc.) - and users with ec2:DescribeInstances permission or users running pods - that can access the ec2 metadata service have access to this sensitive information. - So this is only to be used at ones own risk, and only when other more secure options are not viable. - enum: - - ClusterObjectStore - - UnencryptedUserData - type: string - tls: - description: |- - TLS defines TLS settings for Ignition. - Only valid for Ignition versions 3.1 and above. - properties: - certificateAuthorities: - description: |- - CASources defines the list of certificate authorities to use for Ignition. - The value is the certificate bundle (in PEM format). The bundle can contain multiple concatenated certificates. - Supported schemes are http, https, tftp, s3, arn, gs, and `data` (RFC 2397) URL scheme. - items: - description: IgnitionCASource defines the source - of the certificate authority to use for Ignition. - maxLength: 65536 - type: string - maxItems: 64 - type: array - type: object - version: - default: "2.3" - description: Version defines which version of Ignition - will be used to generate bootstrap data. - enum: - - "2.3" - - "3.0" - - "3.1" - - "3.2" - - "3.3" - - "3.4" - type: string - type: object - imageLookupBaseOS: - description: |- - ImageLookupBaseOS is the name of the base operating system to use for - image lookup the AMI is not set. - type: string - imageLookupFormat: - description: |- - ImageLookupFormat is the AMI naming format to look up the image for this - machine It will be ignored if an explicit AMI is set. Supports - substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base OS and - kubernetes version, respectively. The BaseOS will be the value in - ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as - defined by the packages produced by kubernetes/release without v as a - prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default - image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* will end up - searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a - Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See - also: https://golang.org/pkg/text/template/ - type: string - imageLookupOrg: - description: ImageLookupOrg is the AWS Organization ID to - use for image lookup if AMI is not set. - type: string - instanceID: - description: InstanceID is the EC2 instance ID for this machine. - type: string - instanceMetadataOptions: - description: InstanceMetadataOptions is the metadata options - for the EC2 instance. - properties: - httpEndpoint: - default: enabled - description: |- - Enables or disables the HTTP metadata endpoint on your instances. - - - If you specify a value of disabled, you cannot access your instance metadata. - - - Default: enabled - enum: - - enabled - - disabled - type: string - httpPutResponseHopLimit: - default: 1 - description: |- - The desired HTTP PUT response hop limit for instance metadata requests. The - larger the number, the further instance metadata requests can travel. - - - Default: 1 - format: int64 - maximum: 64 - minimum: 1 - type: integer - httpTokens: - default: optional - description: |- - The state of token usage for your instance metadata requests. - - - If the state is optional, you can choose to retrieve instance metadata with - or without a session token on your request. If you retrieve the IAM role - credentials without a token, the version 1.0 role credentials are returned. - If you retrieve the IAM role credentials using a valid session token, the - version 2.0 role credentials are returned. - - - If the state is required, you must send a session token with any instance - metadata retrieval requests. In this state, retrieving the IAM role credentials - always returns the version 2.0 credentials; the version 1.0 credentials are - not available. - - - Default: optional - enum: - - optional - - required - type: string - instanceMetadataTags: - default: disabled - description: |- - Set to enabled to allow access to instance tags from the instance metadata. - Set to disabled to turn off access to instance tags from the instance metadata. - For more information, see Work with instance tags using the instance metadata - (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). - - - Default: disabled - enum: - - enabled - - disabled - type: string - type: object - instanceType: - description: 'InstanceType is the type of instance to create. - Example: m4.xlarge' - minLength: 2 - type: string - networkInterfaces: - description: |- - NetworkInterfaces is a list of ENIs to associate with the instance. - A maximum of 2 may be specified. - items: - type: string - maxItems: 2 - type: array - nonRootVolumes: - description: Configuration options for the non root storage - volumes. - items: - description: Volume encapsulates the configuration options - for the storage device. - properties: - deviceName: - description: Device name - type: string - encrypted: - description: Encrypted is whether the volume should - be encrypted or not. - type: boolean - encryptionKey: - description: |- - EncryptionKey is the KMS key to use to encrypt the volume. Can be either a KMS key ID or ARN. - If Encrypted is set and this is omitted, the default AWS key will be used. - The key must already exist and be accessible by the controller. - type: string - iops: - description: IOPS is the number of IOPS requested for - the disk. Not applicable to all types. - format: int64 - type: integer - size: - description: |- - Size specifies size (in Gi) of the storage device. - Must be greater than the image snapshot size or 8 (whichever is greater). - format: int64 - minimum: 8 - type: integer - throughput: - description: Throughput to provision in MiB/s supported - for the volume type. Not applicable to all types. - format: int64 - type: integer - type: - description: Type is the type of the volume (e.g. gp2, - io1, etc...). - type: string - required: - - size - type: object - type: array - placementGroupName: - description: PlacementGroupName specifies the name of the - placement group in which to launch the instance. - type: string - placementGroupPartition: - description: |- - PlacementGroupPartition is the partition number within the placement group in which to launch the instance. - This value is only valid if the placement group, referred in `PlacementGroupName`, was created with - strategy set to partition. - format: int64 - maximum: 7 - minimum: 1 - type: integer - privateDnsName: - description: PrivateDNSName is the options for the instance - hostname. - properties: - enableResourceNameDnsAAAARecord: - description: EnableResourceNameDNSAAAARecord indicates - whether to respond to DNS queries for instance hostnames - with DNS AAAA records. - type: boolean - enableResourceNameDnsARecord: - description: EnableResourceNameDNSARecord indicates whether - to respond to DNS queries for instance hostnames with - DNS A records. - type: boolean - hostnameType: - description: The type of hostname to assign to an instance. - enum: - - ip-name - - resource-name - type: string - type: object - providerID: - description: ProviderID is the unique identifier as specified - by the cloud provider. - type: string - publicIP: - description: |- - PublicIP specifies whether the instance should get a public IP. - Precedence for this setting is as follows: - 1. This field if set - 2. Cluster/flavor setting - 3. Subnet default - type: boolean - rootVolume: - description: RootVolume encapsulates the configuration options - for the root volume - properties: - deviceName: - description: Device name - type: string - encrypted: - description: Encrypted is whether the volume should be - encrypted or not. - type: boolean - encryptionKey: - description: |- - EncryptionKey is the KMS key to use to encrypt the volume. Can be either a KMS key ID or ARN. - If Encrypted is set and this is omitted, the default AWS key will be used. - The key must already exist and be accessible by the controller. - type: string - iops: - description: IOPS is the number of IOPS requested for - the disk. Not applicable to all types. - format: int64 - type: integer - size: - description: |- - Size specifies size (in Gi) of the storage device. - Must be greater than the image snapshot size or 8 (whichever is greater). - format: int64 - minimum: 8 - type: integer - throughput: - description: Throughput to provision in MiB/s supported - for the volume type. Not applicable to all types. - format: int64 - type: integer - type: - description: Type is the type of the volume (e.g. gp2, - io1, etc...). - type: string - required: - - size - type: object - securityGroupOverrides: - additionalProperties: - type: string - description: |- - SecurityGroupOverrides is an optional set of security groups to use for the node. - This is optional - if not provided security groups from the cluster will be used. - type: object - spotMarketOptions: - description: SpotMarketOptions allows users to configure instances - to be run using AWS Spot instances. - properties: - maxPrice: - description: MaxPrice defines the maximum price the user - is willing to pay for Spot VM instances - type: string - type: object - sshKeyName: - description: SSHKeyName is the name of the ssh key to attach - to the instance. Valid values are empty string (do not use - SSH keys), a valid SSH key name, or omitted (use the default - SSH key name) - type: string - subnet: - description: |- - Subnet is a reference to the subnet to use for this instance. If not specified, - the cluster subnet will be used. - properties: - filters: - description: |- - Filters is a set of key/value pairs used to identify a resource - They are applied according to the rules defined by the AWS API: - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html - items: - description: Filter is a filter used to identify an - AWS resource. - properties: - name: - description: Name of the filter. Filter names are - case-sensitive. - type: string - values: - description: Values includes one or more filter - values. Filter values are case-sensitive. - items: - type: string - type: array - required: - - name - - values - type: object - type: array - id: - description: ID of resource - type: string - type: object - tenancy: - description: Tenancy indicates if instance should run on shared - or single-tenant hardware. - enum: - - default - - dedicated - - host - type: string - uncompressedUserData: - description: |- - UncompressedUserData specify whether the user data is gzip-compressed before it is sent to ec2 instance. - cloud-init has built-in support for gzip-compressed user data - user data stored in aws secret manager is always gzip-compressed. - type: boolean - required: - - instanceType - type: object - required: - - spec - type: object - required: - - template - type: object - status: - description: AWSMachineTemplateStatus defines a status for an AWSMachineTemplate. - properties: - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Capacity defines the resource capacity for this machine. - This value is used for autoscaling from zero operations as defined in: - https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20210310-opt-in-autoscaling-from-zero.md - type: object - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-azureclusteridentities.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-azureclusteridentities.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index c72d23012..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-azureclusteridentities.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,229 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: azureclusteridentities.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AzureClusterIdentity - listKind: AzureClusterIdentityList - plural: azureclusteridentities - singular: azureclusteridentity - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Type of AzureClusterIdentity - jsonPath: .spec.type - name: Type - type: string - - description: Time duration since creation of this AzureClusterIdentity - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: AzureClusterIdentity is the Schema for the azureclustersidentities - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureClusterIdentitySpec defines the parameters that are - used to create an AzureIdentity. - properties: - allowedNamespaces: - description: |- - AllowedNamespaces is used to identify the namespaces the clusters are allowed to use the identity from. - Namespaces can be selected either using an array of namespaces or with label selector. - An empty allowedNamespaces object indicates that AzureClusters can use this identity from any namespace. - If this object is nil, no namespaces will be allowed (default behaviour, if this field is not provided) - A namespace should be either in the NamespaceList or match with Selector to use the identity. - nullable: true - properties: - list: - description: A nil or empty list indicates that AzureCluster cannot - use the identity from any namespace. - items: - type: string - nullable: true - type: array - selector: - description: |- - Selector is a selector of namespaces that AzureCluster can - use this Identity from. This is a standard Kubernetes LabelSelector, - a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. - - - A nil or empty selector indicates that AzureCluster cannot use this - AzureClusterIdentity from any namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: object - clientID: - description: |- - ClientID is the service principal client ID. - Both User Assigned MSI and SP can use this field. - type: string - clientSecret: - description: ClientSecret is a secret reference which should contain - either a Service Principal password or certificate secret. - properties: - name: - description: name is unique within a namespace to reference a - secret resource. - type: string - namespace: - description: namespace defines the space within which the secret - name must be unique. - type: string - type: object - x-kubernetes-map-type: atomic - resourceID: - description: |- - ResourceID is the Azure resource ID for the User Assigned MSI resource. - Only applicable when type is UserAssignedMSI. - type: string - tenantID: - description: TenantID is the service principal primary tenant id. - type: string - type: - description: |- - Type is the type of Azure Identity used. - ServicePrincipal, ServicePrincipalCertificate, UserAssignedMSI, ManualServicePrincipal or WorkloadIdentity. - enum: - - ServicePrincipal - - UserAssignedMSI - - ManualServicePrincipal - - ServicePrincipalCertificate - - WorkloadIdentity - type: string - required: - - clientID - - tenantID - - type - type: object - status: - description: AzureClusterIdentityStatus defines the observed state of - AzureClusterIdentity. - properties: - conditions: - description: Conditions defines current service state of the AzureClusterIdentity. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-azureclusters.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-azureclusters.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index edc81e05d..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-azureclusters.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,1457 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - labels: - cluster.x-k8s.io/v1beta1: v1beta1 - name: azureclusters.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AzureCluster - listKind: AzureClusterList - plural: azureclusters - singular: azurecluster - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster to which this AzureCluster belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - priority: 1 - type: string - - jsonPath: .spec.resourceGroup - name: Resource Group - priority: 1 - type: string - - jsonPath: .spec.subscriptionID - name: SubscriptionID - priority: 1 - type: string - - jsonPath: .spec.location - name: Location - priority: 1 - type: string - - description: Control Plane Endpoint - jsonPath: .spec.controlPlaneEndpoint.host - name: Endpoint - priority: 1 - type: string - - description: Time duration since creation of this AzureCluster - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: AzureCluster is the Schema for the azureclusters API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureClusterSpec defines the desired state of AzureCluster. - properties: - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the - ones added by default. - type: object - azureEnvironment: - description: |- - AzureEnvironment is the name of the AzureCloud to be used. - The default value that would be used by most users is "AzurePublicCloud", other values are: - - ChinaCloud: "AzureChinaCloud" - - GermanCloud: "AzureGermanCloud" - - PublicCloud: "AzurePublicCloud" - - USGovernmentCloud: "AzureUSGovernmentCloud" - - - Note that values other than the default must also be accompanied by corresponding changes to the - aso-controller-settings Secret to configure ASO to refer to the non-Public cloud. ASO currently does - not support referring to multiple different clouds in a single installation. The following fields must - be defined in the Secret: - - AZURE_AUTHORITY_HOST - - AZURE_RESOURCE_MANAGER_ENDPOINT - - AZURE_RESOURCE_MANAGER_AUDIENCE - - - See the [ASO docs] for more details. - - - [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/ - type: string - bastionSpec: - description: BastionSpec encapsulates all things related to the Bastions - in the cluster. - properties: - azureBastion: - description: AzureBastion specifies how the Azure Bastion cloud - component should be configured. - properties: - enableTunneling: - default: false - description: EnableTunneling enables the native client support - feature for the Azure Bastion Host. Defaults to false. - type: boolean - name: - type: string - publicIP: - description: PublicIPSpec defines the inputs to create an - Azure public IP address. - properties: - dnsName: - type: string - ipTags: - items: - description: IPTag contains the IpTag associated with - the object. - properties: - tag: - description: 'Tag specifies the value of the IP - tag associated with the public IP. Example: SQL.' - type: string - type: - description: 'Type specifies the IP tag type. Example: - FirstPartyUsage.' - type: string - required: - - tag - - type - type: object - type: array - name: - type: string - required: - - name - type: object - sku: - default: Basic - description: BastionHostSkuName configures the tier of the - Azure Bastion Host. Can be either Basic or Standard. Defaults - to Basic. - enum: - - Basic - - Standard - type: string - subnet: - description: SubnetSpec configures an Azure subnet. - properties: - cidrBlocks: - description: CIDRBlocks defines the subnet's address space, - specified as one or more address prefixes in CIDR notation. - items: - type: string - type: array - id: - description: |- - ID is the Azure resource ID of the subnet. - READ-ONLY - type: string - name: - description: Name defines a name for the subnet resource. - type: string - natGateway: - description: NatGateway associated with this subnet. - properties: - id: - description: |- - ID is the Azure resource ID of the NAT gateway. - READ-ONLY - type: string - ip: - description: PublicIPSpec defines the inputs to create - an Azure public IP address. - properties: - dnsName: - type: string - ipTags: - items: - description: IPTag contains the IpTag associated - with the object. - properties: - tag: - description: 'Tag specifies the value of - the IP tag associated with the public - IP. Example: SQL.' - type: string - type: - description: 'Type specifies the IP tag - type. Example: FirstPartyUsage.' - type: string - required: - - tag - - type - type: object - type: array - name: - type: string - required: - - name - type: object - name: - type: string - required: - - name - type: object - privateEndpoints: - description: PrivateEndpoints defines a list of private - endpoints that should be attached to this subnet. - items: - description: PrivateEndpointSpec configures an Azure - Private Endpoint. - properties: - applicationSecurityGroups: - description: ApplicationSecurityGroups specifies - the Application security group in which the private - endpoint IP configuration is included. - items: - type: string - type: array - customNetworkInterfaceName: - description: CustomNetworkInterfaceName specifies - the network interface name associated with the - private endpoint. - type: string - location: - description: Location specifies the region to create - the private endpoint. - type: string - manualApproval: - description: |- - ManualApproval specifies if the connection approval needs to be done manually or not. - Set it true when the network admin does not have access to approve connections to the remote resource. - Defaults to false. - type: boolean - name: - description: Name specifies the name of the private - endpoint. - type: string - privateIPAddresses: - description: |- - PrivateIPAddresses specifies the IP addresses for the network interface associated with the private endpoint. - They have to be part of the subnet where the private endpoint is linked. - items: - type: string - type: array - privateLinkServiceConnections: - description: PrivateLinkServiceConnections specifies - Private Link Service Connections of the private - endpoint. - items: - description: PrivateLinkServiceConnection defines - the specification for a private link service - connection associated with a private endpoint. - properties: - groupIDs: - description: GroupIDs specifies the ID(s) - of the group(s) obtained from the remote - resource that this private endpoint should - connect to. - items: - type: string - type: array - name: - description: Name specifies the name of the - private link service. - type: string - privateLinkServiceID: - description: PrivateLinkServiceID specifies - the resource ID of the private link service. - type: string - requestMessage: - description: RequestMessage specifies a message - passed to the owner of the remote resource - with the private endpoint connection request. - maxLength: 140 - type: string - type: object - type: array - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - role: - description: Role defines the subnet role (eg. Node, ControlPlane) - enum: - - node - - control-plane - - bastion - - all - type: string - routeTable: - description: RouteTable defines the route table that should - be attached to this subnet. - properties: - id: - description: |- - ID is the Azure resource ID of the route table. - READ-ONLY - type: string - name: - type: string - required: - - name - type: object - securityGroup: - description: SecurityGroup defines the NSG (network security - group) that should be attached to this subnet. - properties: - id: - description: |- - ID is the Azure resource ID of the security group. - READ-ONLY - type: string - name: - type: string - securityRules: - description: SecurityRules is a slice of Azure security - rules for security groups. - items: - description: SecurityRule defines an Azure security - rule for security groups. - properties: - action: - default: Allow - description: Action specifies whether network - traffic is allowed or denied. Can either be - "Allow" or "Deny". Defaults to "Allow". - enum: - - Allow - - Deny - type: string - description: - description: A description for this rule. Restricted - to 140 chars. - type: string - destination: - description: Destination is the destination - address prefix. CIDR or destination IP range. - Asterix '*' can also be used to match all - source IPs. Default tags such as 'VirtualNetwork', - 'AzureLoadBalancer' and 'Internet' can also - be used. - type: string - destinationPorts: - description: DestinationPorts specifies the - destination port or range. Integer or range - between 0 and 65535. Asterix '*' can also - be used to match all ports. - type: string - direction: - description: Direction indicates whether the - rule applies to inbound, or outbound traffic. - "Inbound" or "Outbound". - enum: - - Inbound - - Outbound - type: string - name: - description: Name is a unique name within the - network security group. - type: string - priority: - description: Priority is a number between 100 - and 4096. Each rule should have a unique value - for priority. Rules are processed in priority - order, with lower numbers processed before - higher numbers. Once traffic matches a rule, - processing stops. - format: int32 - type: integer - protocol: - description: Protocol specifies the protocol - type. "Tcp", "Udp", "Icmp", or "*". - enum: - - Tcp - - Udp - - Icmp - - '*' - type: string - source: - description: Source specifies the CIDR or source - IP range. Asterix '*' can also be used to - match all source IPs. Default tags such as - 'VirtualNetwork', 'AzureLoadBalancer' and - 'Internet' can also be used. If this is an - ingress rule, specifies where network traffic - originates from. - type: string - sourcePorts: - description: SourcePorts specifies source port - or range. Integer or range between 0 and 65535. - Asterix '*' can also be used to match all - ports. - type: string - sources: - description: Sources specifies The CIDR or source - IP ranges. - items: - type: string - type: array - required: - - description - - direction - - name - - protocol - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - tags: - additionalProperties: - type: string - description: Tags defines a map of tags. - type: object - required: - - name - type: object - serviceEndpoints: - description: ServiceEndpoints is a slice of Virtual Network - service endpoints to enable for the subnets. - items: - description: ServiceEndpointSpec configures an Azure - Service Endpoint. - properties: - locations: - items: - type: string - type: array - service: - type: string - required: - - locations - - service - type: object - type: array - x-kubernetes-list-map-keys: - - service - x-kubernetes-list-type: map - required: - - name - - role - type: object - type: object - type: object - cloudProviderConfigOverrides: - description: |- - CloudProviderConfigOverrides is an optional set of configuration values that can be overridden in azure cloud provider config. - This is only a subset of options that are available in azure cloud provider config. - Some values for the cloud provider config are inferred from other parts of cluster api provider azure spec, and may not be available for overrides. - See: https://cloud-provider-azure.sigs.k8s.io/install/configs - Note: All cloud provider config values can be customized by creating the secret beforehand. CloudProviderConfigOverrides is only used when the secret is managed by the Azure Provider. - properties: - backOffs: - description: BackOffConfig indicates the back-off config options. - properties: - cloudProviderBackoff: - type: boolean - cloudProviderBackoffDuration: - type: integer - cloudProviderBackoffExponent: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - cloudProviderBackoffJitter: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - cloudProviderBackoffRetries: - type: integer - type: object - rateLimits: - items: - description: |- - RateLimitSpec represents the rate limit configuration for a particular kind of resource. - Eg. loadBalancerRateLimit is used to configure rate limits for load balancers. - This eventually gets converted to CloudProviderRateLimitConfig that cloud-provider-azure expects. - See: https://github.com/kubernetes-sigs/cloud-provider-azure/blob/d585c2031925b39c925624302f22f8856e29e352/pkg/provider/azure_ratelimit.go#L25 - We cannot use CloudProviderRateLimitConfig directly because floating point values are not supported in controller-tools. - See: https://github.com/kubernetes-sigs/controller-tools/issues/245 - properties: - config: - description: RateLimitConfig indicates the rate limit config - options. - properties: - cloudProviderRateLimit: - type: boolean - cloudProviderRateLimitBucket: - type: integer - cloudProviderRateLimitBucketWrite: - type: integer - cloudProviderRateLimitQPS: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - cloudProviderRateLimitQPSWrite: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - name: - description: Name is the name of the rate limit spec. - enum: - - defaultRateLimit - - routeRateLimit - - subnetsRateLimit - - interfaceRateLimit - - routeTableRateLimit - - loadBalancerRateLimit - - publicIPAddressRateLimit - - securityGroupRateLimit - - virtualMachineRateLimit - - storageAccountRateLimit - - diskRateLimit - - snapshotRateLimit - - virtualMachineScaleSetRateLimit - - virtualMachineSizesRateLimit - - availabilitySetRateLimit - type: string - required: - - name - type: object - type: array - type: object - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. It is not recommended to set - this when creating an AzureCluster as CAPZ will set this for you. However, if it is set, CAPZ will not change it. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - extendedLocation: - description: ExtendedLocation is an optional set of ExtendedLocation - properties for clusters on Azure public MEC. - properties: - name: - description: Name defines the name for the extended location. - type: string - type: - description: Type defines the type for the extended location. - enum: - - EdgeZone - type: string - required: - - name - - type - type: object - failureDomains: - additionalProperties: - description: |- - FailureDomainSpec is the Schema for Cluster API failure domains. - It allows controllers to understand how many failure domains a cluster can optionally span across. - properties: - attributes: - additionalProperties: - type: string - description: Attributes is a free form map of attributes an - infrastructure provider might use or require. - type: object - controlPlane: - description: ControlPlane determines if this failure domain - is suitable for use by control plane machines. - type: boolean - type: object - description: |- - FailureDomains is a list of failure domains in the cluster's region, used to restrict - eligibility to host the control plane. A FailureDomain maps to an availability zone, - which is a separated group of datacenters within a region. - See: https://learn.microsoft.com/azure/reliability/availability-zones-overview - type: object - identityRef: - description: IdentityRef is a reference to an AzureIdentity to be - used when reconciling this cluster - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - location: - type: string - networkSpec: - description: NetworkSpec encapsulates all things related to Azure - network. - properties: - apiServerLB: - description: APIServerLB is the configuration for the control-plane - load balancer. - properties: - backendPool: - description: BackendPool describes the backend pool of the - load balancer. - properties: - name: - description: |- - Name specifies the name of backend pool for the load balancer. If not specified, the default name will - be set, depending on the load balancer role. - type: string - type: object - frontendIPs: - items: - description: FrontendIP defines a load balancer frontend - IP configuration. - properties: - name: - minLength: 1 - type: string - privateIP: - type: string - publicIP: - description: PublicIPSpec defines the inputs to create - an Azure public IP address. - properties: - dnsName: - type: string - ipTags: - items: - description: IPTag contains the IpTag associated - with the object. - properties: - tag: - description: 'Tag specifies the value of the - IP tag associated with the public IP. Example: - SQL.' - type: string - type: - description: 'Type specifies the IP tag type. - Example: FirstPartyUsage.' - type: string - required: - - tag - - type - type: object - type: array - name: - type: string - required: - - name - type: object - required: - - name - type: object - type: array - frontendIPsCount: - description: FrontendIPsCount specifies the number of frontend - IP addresses for the load balancer. - format: int32 - type: integer - id: - description: |- - ID is the Azure resource ID of the load balancer. - READ-ONLY - type: string - idleTimeoutInMinutes: - description: IdleTimeoutInMinutes specifies the timeout for - the TCP idle connection. - format: int32 - type: integer - name: - type: string - sku: - description: SKU defines an Azure load balancer SKU. - type: string - type: - description: LBType defines an Azure load balancer Type. - type: string - type: object - controlPlaneOutboundLB: - description: |- - ControlPlaneOutboundLB is the configuration for the control-plane outbound load balancer. - This is different from APIServerLB, and is used only in private clusters (optionally) for enabling outbound traffic. - properties: - backendPool: - description: BackendPool describes the backend pool of the - load balancer. - properties: - name: - description: |- - Name specifies the name of backend pool for the load balancer. If not specified, the default name will - be set, depending on the load balancer role. - type: string - type: object - frontendIPs: - items: - description: FrontendIP defines a load balancer frontend - IP configuration. - properties: - name: - minLength: 1 - type: string - privateIP: - type: string - publicIP: - description: PublicIPSpec defines the inputs to create - an Azure public IP address. - properties: - dnsName: - type: string - ipTags: - items: - description: IPTag contains the IpTag associated - with the object. - properties: - tag: - description: 'Tag specifies the value of the - IP tag associated with the public IP. Example: - SQL.' - type: string - type: - description: 'Type specifies the IP tag type. - Example: FirstPartyUsage.' - type: string - required: - - tag - - type - type: object - type: array - name: - type: string - required: - - name - type: object - required: - - name - type: object - type: array - frontendIPsCount: - description: FrontendIPsCount specifies the number of frontend - IP addresses for the load balancer. - format: int32 - type: integer - id: - description: |- - ID is the Azure resource ID of the load balancer. - READ-ONLY - type: string - idleTimeoutInMinutes: - description: IdleTimeoutInMinutes specifies the timeout for - the TCP idle connection. - format: int32 - type: integer - name: - type: string - sku: - description: SKU defines an Azure load balancer SKU. - type: string - type: - description: LBType defines an Azure load balancer Type. - type: string - type: object - nodeOutboundLB: - description: NodeOutboundLB is the configuration for the node - outbound load balancer. - properties: - backendPool: - description: BackendPool describes the backend pool of the - load balancer. - properties: - name: - description: |- - Name specifies the name of backend pool for the load balancer. If not specified, the default name will - be set, depending on the load balancer role. - type: string - type: object - frontendIPs: - items: - description: FrontendIP defines a load balancer frontend - IP configuration. - properties: - name: - minLength: 1 - type: string - privateIP: - type: string - publicIP: - description: PublicIPSpec defines the inputs to create - an Azure public IP address. - properties: - dnsName: - type: string - ipTags: - items: - description: IPTag contains the IpTag associated - with the object. - properties: - tag: - description: 'Tag specifies the value of the - IP tag associated with the public IP. Example: - SQL.' - type: string - type: - description: 'Type specifies the IP tag type. - Example: FirstPartyUsage.' - type: string - required: - - tag - - type - type: object - type: array - name: - type: string - required: - - name - type: object - required: - - name - type: object - type: array - frontendIPsCount: - description: FrontendIPsCount specifies the number of frontend - IP addresses for the load balancer. - format: int32 - type: integer - id: - description: |- - ID is the Azure resource ID of the load balancer. - READ-ONLY - type: string - idleTimeoutInMinutes: - description: IdleTimeoutInMinutes specifies the timeout for - the TCP idle connection. - format: int32 - type: integer - name: - type: string - sku: - description: SKU defines an Azure load balancer SKU. - type: string - type: - description: LBType defines an Azure load balancer Type. - type: string - type: object - privateDNSZoneName: - description: PrivateDNSZoneName defines the zone name for the - Azure Private DNS. - type: string - subnets: - description: Subnets is the configuration for the control-plane - subnet and the node subnet. - items: - description: SubnetSpec configures an Azure subnet. - properties: - cidrBlocks: - description: CIDRBlocks defines the subnet's address space, - specified as one or more address prefixes in CIDR notation. - items: - type: string - type: array - id: - description: |- - ID is the Azure resource ID of the subnet. - READ-ONLY - type: string - name: - description: Name defines a name for the subnet resource. - type: string - natGateway: - description: NatGateway associated with this subnet. - properties: - id: - description: |- - ID is the Azure resource ID of the NAT gateway. - READ-ONLY - type: string - ip: - description: PublicIPSpec defines the inputs to create - an Azure public IP address. - properties: - dnsName: - type: string - ipTags: - items: - description: IPTag contains the IpTag associated - with the object. - properties: - tag: - description: 'Tag specifies the value of the - IP tag associated with the public IP. Example: - SQL.' - type: string - type: - description: 'Type specifies the IP tag type. - Example: FirstPartyUsage.' - type: string - required: - - tag - - type - type: object - type: array - name: - type: string - required: - - name - type: object - name: - type: string - required: - - name - type: object - privateEndpoints: - description: PrivateEndpoints defines a list of private - endpoints that should be attached to this subnet. - items: - description: PrivateEndpointSpec configures an Azure Private - Endpoint. - properties: - applicationSecurityGroups: - description: ApplicationSecurityGroups specifies the - Application security group in which the private - endpoint IP configuration is included. - items: - type: string - type: array - customNetworkInterfaceName: - description: CustomNetworkInterfaceName specifies - the network interface name associated with the private - endpoint. - type: string - location: - description: Location specifies the region to create - the private endpoint. - type: string - manualApproval: - description: |- - ManualApproval specifies if the connection approval needs to be done manually or not. - Set it true when the network admin does not have access to approve connections to the remote resource. - Defaults to false. - type: boolean - name: - description: Name specifies the name of the private - endpoint. - type: string - privateIPAddresses: - description: |- - PrivateIPAddresses specifies the IP addresses for the network interface associated with the private endpoint. - They have to be part of the subnet where the private endpoint is linked. - items: - type: string - type: array - privateLinkServiceConnections: - description: PrivateLinkServiceConnections specifies - Private Link Service Connections of the private - endpoint. - items: - description: PrivateLinkServiceConnection defines - the specification for a private link service connection - associated with a private endpoint. - properties: - groupIDs: - description: GroupIDs specifies the ID(s) of - the group(s) obtained from the remote resource - that this private endpoint should connect - to. - items: - type: string - type: array - name: - description: Name specifies the name of the - private link service. - type: string - privateLinkServiceID: - description: PrivateLinkServiceID specifies - the resource ID of the private link service. - type: string - requestMessage: - description: RequestMessage specifies a message - passed to the owner of the remote resource - with the private endpoint connection request. - maxLength: 140 - type: string - type: object - type: array - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - role: - description: Role defines the subnet role (eg. Node, ControlPlane) - enum: - - node - - control-plane - - bastion - - all - type: string - routeTable: - description: RouteTable defines the route table that should - be attached to this subnet. - properties: - id: - description: |- - ID is the Azure resource ID of the route table. - READ-ONLY - type: string - name: - type: string - required: - - name - type: object - securityGroup: - description: SecurityGroup defines the NSG (network security - group) that should be attached to this subnet. - properties: - id: - description: |- - ID is the Azure resource ID of the security group. - READ-ONLY - type: string - name: - type: string - securityRules: - description: SecurityRules is a slice of Azure security - rules for security groups. - items: - description: SecurityRule defines an Azure security - rule for security groups. - properties: - action: - default: Allow - description: Action specifies whether network - traffic is allowed or denied. Can either be - "Allow" or "Deny". Defaults to "Allow". - enum: - - Allow - - Deny - type: string - description: - description: A description for this rule. Restricted - to 140 chars. - type: string - destination: - description: Destination is the destination address - prefix. CIDR or destination IP range. Asterix - '*' can also be used to match all source IPs. - Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' - and 'Internet' can also be used. - type: string - destinationPorts: - description: DestinationPorts specifies the destination - port or range. Integer or range between 0 and - 65535. Asterix '*' can also be used to match - all ports. - type: string - direction: - description: Direction indicates whether the rule - applies to inbound, or outbound traffic. "Inbound" - or "Outbound". - enum: - - Inbound - - Outbound - type: string - name: - description: Name is a unique name within the - network security group. - type: string - priority: - description: Priority is a number between 100 - and 4096. Each rule should have a unique value - for priority. Rules are processed in priority - order, with lower numbers processed before higher - numbers. Once traffic matches a rule, processing - stops. - format: int32 - type: integer - protocol: - description: Protocol specifies the protocol type. - "Tcp", "Udp", "Icmp", or "*". - enum: - - Tcp - - Udp - - Icmp - - '*' - type: string - source: - description: Source specifies the CIDR or source - IP range. Asterix '*' can also be used to match - all source IPs. Default tags such as 'VirtualNetwork', - 'AzureLoadBalancer' and 'Internet' can also - be used. If this is an ingress rule, specifies - where network traffic originates from. - type: string - sourcePorts: - description: SourcePorts specifies source port - or range. Integer or range between 0 and 65535. - Asterix '*' can also be used to match all ports. - type: string - sources: - description: Sources specifies The CIDR or source - IP ranges. - items: - type: string - type: array - required: - - description - - direction - - name - - protocol - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - tags: - additionalProperties: - type: string - description: Tags defines a map of tags. - type: object - required: - - name - type: object - serviceEndpoints: - description: ServiceEndpoints is a slice of Virtual Network - service endpoints to enable for the subnets. - items: - description: ServiceEndpointSpec configures an Azure Service - Endpoint. - properties: - locations: - items: - type: string - type: array - service: - type: string - required: - - locations - - service - type: object - type: array - x-kubernetes-list-map-keys: - - service - x-kubernetes-list-type: map - required: - - name - - role - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - vnet: - description: Vnet is the configuration for the Azure virtual network. - properties: - cidrBlocks: - description: CIDRBlocks defines the virtual network's address - space, specified as one or more address prefixes in CIDR - notation. - items: - type: string - type: array - id: - description: |- - ID is the Azure resource ID of the virtual network. - READ-ONLY - type: string - name: - description: Name defines a name for the virtual network resource. - type: string - peerings: - description: Peerings defines a list of peerings of the newly - created virtual network with existing virtual networks. - items: - description: VnetPeeringSpec specifies an existing remote - virtual network to peer with the AzureCluster's virtual - network. - properties: - forwardPeeringProperties: - description: |- - ForwardPeeringProperties specifies VnetPeeringProperties for peering from the cluster's virtual network to the - remote virtual network. - properties: - allowForwardedTraffic: - description: |- - AllowForwardedTraffic specifies whether the forwarded traffic from the VMs in the local virtual network will be - allowed/disallowed in remote virtual network. - type: boolean - allowGatewayTransit: - description: |- - AllowGatewayTransit specifies if gateway links can be used in remote virtual networking to link to this virtual - network. - type: boolean - allowVirtualNetworkAccess: - description: |- - AllowVirtualNetworkAccess specifies whether the VMs in the local virtual network space would be able to access - the VMs in remote virtual network space. - type: boolean - useRemoteGateways: - description: |- - UseRemoteGateways specifies if remote gateways can be used on this virtual network. - If the flag is set to true, and allowGatewayTransit on remote peering is also set to true, the virtual network - will use the gateways of the remote virtual network for transit. Only one peering can have this flag set to true. - This flag cannot be set if virtual network already has a gateway. - type: boolean - type: object - remoteVnetName: - description: RemoteVnetName defines name of the remote - virtual network. - type: string - resourceGroup: - description: ResourceGroup is the resource group name - of the remote virtual network. - type: string - reversePeeringProperties: - description: |- - ReversePeeringProperties specifies VnetPeeringProperties for peering from the remote virtual network to the - cluster's virtual network. - properties: - allowForwardedTraffic: - description: |- - AllowForwardedTraffic specifies whether the forwarded traffic from the VMs in the local virtual network will be - allowed/disallowed in remote virtual network. - type: boolean - allowGatewayTransit: - description: |- - AllowGatewayTransit specifies if gateway links can be used in remote virtual networking to link to this virtual - network. - type: boolean - allowVirtualNetworkAccess: - description: |- - AllowVirtualNetworkAccess specifies whether the VMs in the local virtual network space would be able to access - the VMs in remote virtual network space. - type: boolean - useRemoteGateways: - description: |- - UseRemoteGateways specifies if remote gateways can be used on this virtual network. - If the flag is set to true, and allowGatewayTransit on remote peering is also set to true, the virtual network - will use the gateways of the remote virtual network for transit. Only one peering can have this flag set to true. - This flag cannot be set if virtual network already has a gateway. - type: boolean - type: object - required: - - remoteVnetName - type: object - type: array - resourceGroup: - description: |- - ResourceGroup is the name of the resource group of the existing virtual network - or the resource group where a managed virtual network should be created. - type: string - tags: - additionalProperties: - type: string - description: Tags is a collection of tags describing the resource. - type: object - required: - - name - type: object - type: object - resourceGroup: - type: string - subscriptionID: - type: string - required: - - location - type: object - status: - description: AzureClusterStatus defines the observed state of AzureCluster. - properties: - conditions: - description: Conditions defines current service state of the AzureCluster. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureDomains: - additionalProperties: - description: |- - FailureDomainSpec is the Schema for Cluster API failure domains. - It allows controllers to understand how many failure domains a cluster can optionally span across. - properties: - attributes: - additionalProperties: - type: string - description: Attributes is a free form map of attributes an - infrastructure provider might use or require. - type: object - controlPlane: - description: ControlPlane determines if this failure domain - is suitable for use by control plane machines. - type: boolean - type: object - description: |- - FailureDomains specifies the list of unique failure domains for the location/region of the cluster. - A FailureDomain maps to Availability Zone with an Azure Region (if the region support them). An - Availability Zone is a separate data center within a region and they can be used to ensure - the cluster is more resilient to failure. - See: https://learn.microsoft.com/azure/reliability/availability-zones-overview - This list will be used by Cluster API to try and spread the machines across the failure domains. - type: object - longRunningOperationStates: - description: |- - LongRunningOperationStates saves the states for Azure long-running operations so they can be continued on the - next reconciliation loop. - items: - description: Future contains the data needed for an Azure long-running - operation to continue across reconcile loops. - properties: - data: - description: Data is the base64 url encoded json Azure AutoRest - Future. - type: string - name: - description: |- - Name is the name of the Azure resource. - Together with the service name, this forms the unique identifier for the future. - type: string - resourceGroup: - description: ResourceGroup is the Azure resource group for the - resource. - type: string - serviceName: - description: |- - ServiceName is the name of the Azure service. - Together with the name of the resource, this forms the unique identifier for the future. - type: string - type: - description: Type describes the type of future, such as update, - create, delete, etc. - type: string - required: - - data - - name - - serviceName - - type - type: object - type: array - ready: - description: Ready is true when the provider resource is ready. - type: boolean - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-azureclustertemplates.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-azureclustertemplates.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index dd75a83ea..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-azureclustertemplates.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,955 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: azureclustertemplates.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AzureClusterTemplate - listKind: AzureClusterTemplateList - plural: azureclustertemplates - singular: azureclustertemplate - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: AzureClusterTemplate is the Schema for the azureclustertemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureClusterTemplateSpec defines the desired state of AzureClusterTemplate. - properties: - template: - description: AzureClusterTemplateResource describes the data needed - to create an AzureCluster from a template. - properties: - spec: - description: AzureClusterTemplateResourceSpec specifies an Azure - cluster template resource. - properties: - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the - ones added by default. - type: object - azureEnvironment: - description: |- - AzureEnvironment is the name of the AzureCloud to be used. - The default value that would be used by most users is "AzurePublicCloud", other values are: - - ChinaCloud: "AzureChinaCloud" - - GermanCloud: "AzureGermanCloud" - - PublicCloud: "AzurePublicCloud" - - USGovernmentCloud: "AzureUSGovernmentCloud" - - - Note that values other than the default must also be accompanied by corresponding changes to the - aso-controller-settings Secret to configure ASO to refer to the non-Public cloud. ASO currently does - not support referring to multiple different clouds in a single installation. The following fields must - be defined in the Secret: - - AZURE_AUTHORITY_HOST - - AZURE_RESOURCE_MANAGER_ENDPOINT - - AZURE_RESOURCE_MANAGER_AUDIENCE - - - See the [ASO docs] for more details. - - - [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/ - type: string - bastionSpec: - description: BastionSpec encapsulates all things related to - the Bastions in the cluster. - properties: - azureBastion: - description: AzureBastionTemplateSpec specifies a template - for an Azure Bastion host. - properties: - subnet: - description: SubnetTemplateSpec specifies a template - for a subnet. - properties: - cidrBlocks: - description: CIDRBlocks defines the subnet's address - space, specified as one or more address prefixes - in CIDR notation. - items: - type: string - type: array - name: - description: Name defines a name for the subnet - resource. - type: string - natGateway: - description: NatGateway associated with this subnet. - properties: - name: - type: string - required: - - name - type: object - privateEndpoints: - description: PrivateEndpoints defines a list of - private endpoints that should be attached to - this subnet. - items: - description: PrivateEndpointSpec configures - an Azure Private Endpoint. - properties: - applicationSecurityGroups: - description: ApplicationSecurityGroups specifies - the Application security group in which - the private endpoint IP configuration - is included. - items: - type: string - type: array - customNetworkInterfaceName: - description: CustomNetworkInterfaceName - specifies the network interface name associated - with the private endpoint. - type: string - location: - description: Location specifies the region - to create the private endpoint. - type: string - manualApproval: - description: |- - ManualApproval specifies if the connection approval needs to be done manually or not. - Set it true when the network admin does not have access to approve connections to the remote resource. - Defaults to false. - type: boolean - name: - description: Name specifies the name of - the private endpoint. - type: string - privateIPAddresses: - description: |- - PrivateIPAddresses specifies the IP addresses for the network interface associated with the private endpoint. - They have to be part of the subnet where the private endpoint is linked. - items: - type: string - type: array - privateLinkServiceConnections: - description: PrivateLinkServiceConnections - specifies Private Link Service Connections - of the private endpoint. - items: - description: PrivateLinkServiceConnection - defines the specification for a private - link service connection associated with - a private endpoint. - properties: - groupIDs: - description: GroupIDs specifies the - ID(s) of the group(s) obtained from - the remote resource that this private - endpoint should connect to. - items: - type: string - type: array - name: - description: Name specifies the name - of the private link service. - type: string - privateLinkServiceID: - description: PrivateLinkServiceID - specifies the resource ID of the - private link service. - type: string - requestMessage: - description: RequestMessage specifies - a message passed to the owner of - the remote resource with the private - endpoint connection request. - maxLength: 140 - type: string - type: object - type: array - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - role: - description: Role defines the subnet role (eg. - Node, ControlPlane) - enum: - - node - - control-plane - - bastion - - all - type: string - securityGroup: - description: SecurityGroup defines the NSG (network - security group) that should be attached to this - subnet. - properties: - securityRules: - description: SecurityRules is a slice of Azure - security rules for security groups. - items: - description: SecurityRule defines an Azure - security rule for security groups. - properties: - action: - default: Allow - description: Action specifies whether - network traffic is allowed or denied. - Can either be "Allow" or "Deny". Defaults - to "Allow". - enum: - - Allow - - Deny - type: string - description: - description: A description for this - rule. Restricted to 140 chars. - type: string - destination: - description: Destination is the destination - address prefix. CIDR or destination - IP range. Asterix '*' can also be - used to match all source IPs. Default - tags such as 'VirtualNetwork', 'AzureLoadBalancer' - and 'Internet' can also be used. - type: string - destinationPorts: - description: DestinationPorts specifies - the destination port or range. Integer - or range between 0 and 65535. Asterix - '*' can also be used to match all - ports. - type: string - direction: - description: Direction indicates whether - the rule applies to inbound, or outbound - traffic. "Inbound" or "Outbound". - enum: - - Inbound - - Outbound - type: string - name: - description: Name is a unique name within - the network security group. - type: string - priority: - description: Priority is a number between - 100 and 4096. Each rule should have - a unique value for priority. Rules - are processed in priority order, with - lower numbers processed before higher - numbers. Once traffic matches a rule, - processing stops. - format: int32 - type: integer - protocol: - description: Protocol specifies the - protocol type. "Tcp", "Udp", "Icmp", - or "*". - enum: - - Tcp - - Udp - - Icmp - - '*' - type: string - source: - description: Source specifies the CIDR - or source IP range. Asterix '*' can - also be used to match all source IPs. - Default tags such as 'VirtualNetwork', - 'AzureLoadBalancer' and 'Internet' - can also be used. If this is an ingress - rule, specifies where network traffic - originates from. - type: string - sourcePorts: - description: SourcePorts specifies source - port or range. Integer or range between - 0 and 65535. Asterix '*' can also - be used to match all ports. - type: string - sources: - description: Sources specifies The CIDR - or source IP ranges. - items: - type: string - type: array - required: - - description - - direction - - name - - protocol - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - tags: - additionalProperties: - type: string - description: Tags defines a map of tags. - type: object - type: object - serviceEndpoints: - description: ServiceEndpoints is a slice of Virtual - Network service endpoints to enable for the - subnets. - items: - description: ServiceEndpointSpec configures - an Azure Service Endpoint. - properties: - locations: - items: - type: string - type: array - service: - type: string - required: - - locations - - service - type: object - type: array - x-kubernetes-list-map-keys: - - service - x-kubernetes-list-type: map - required: - - name - - role - type: object - type: object - type: object - cloudProviderConfigOverrides: - description: |- - CloudProviderConfigOverrides is an optional set of configuration values that can be overridden in azure cloud provider config. - This is only a subset of options that are available in azure cloud provider config. - Some values for the cloud provider config are inferred from other parts of cluster api provider azure spec, and may not be available for overrides. - See: https://cloud-provider-azure.sigs.k8s.io/install/configs - Note: All cloud provider config values can be customized by creating the secret beforehand. CloudProviderConfigOverrides is only used when the secret is managed by the Azure Provider. - properties: - backOffs: - description: BackOffConfig indicates the back-off config - options. - properties: - cloudProviderBackoff: - type: boolean - cloudProviderBackoffDuration: - type: integer - cloudProviderBackoffExponent: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - cloudProviderBackoffJitter: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - cloudProviderBackoffRetries: - type: integer - type: object - rateLimits: - items: - description: |- - RateLimitSpec represents the rate limit configuration for a particular kind of resource. - Eg. loadBalancerRateLimit is used to configure rate limits for load balancers. - This eventually gets converted to CloudProviderRateLimitConfig that cloud-provider-azure expects. - See: https://github.com/kubernetes-sigs/cloud-provider-azure/blob/d585c2031925b39c925624302f22f8856e29e352/pkg/provider/azure_ratelimit.go#L25 - We cannot use CloudProviderRateLimitConfig directly because floating point values are not supported in controller-tools. - See: https://github.com/kubernetes-sigs/controller-tools/issues/245 - properties: - config: - description: RateLimitConfig indicates the rate - limit config options. - properties: - cloudProviderRateLimit: - type: boolean - cloudProviderRateLimitBucket: - type: integer - cloudProviderRateLimitBucketWrite: - type: integer - cloudProviderRateLimitQPS: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - cloudProviderRateLimitQPSWrite: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - name: - description: Name is the name of the rate limit - spec. - enum: - - defaultRateLimit - - routeRateLimit - - subnetsRateLimit - - interfaceRateLimit - - routeTableRateLimit - - loadBalancerRateLimit - - publicIPAddressRateLimit - - securityGroupRateLimit - - virtualMachineRateLimit - - storageAccountRateLimit - - diskRateLimit - - snapshotRateLimit - - virtualMachineScaleSetRateLimit - - virtualMachineSizesRateLimit - - availabilitySetRateLimit - type: string - required: - - name - type: object - type: array - type: object - extendedLocation: - description: ExtendedLocation is an optional set of ExtendedLocation - properties for clusters on Azure public MEC. - properties: - name: - description: Name defines the name for the extended location. - type: string - type: - description: Type defines the type for the extended location. - enum: - - EdgeZone - type: string - required: - - name - - type - type: object - failureDomains: - additionalProperties: - description: |- - FailureDomainSpec is the Schema for Cluster API failure domains. - It allows controllers to understand how many failure domains a cluster can optionally span across. - properties: - attributes: - additionalProperties: - type: string - description: Attributes is a free form map of attributes - an infrastructure provider might use or require. - type: object - controlPlane: - description: ControlPlane determines if this failure - domain is suitable for use by control plane machines. - type: boolean - type: object - description: |- - FailureDomains is a list of failure domains in the cluster's region, used to restrict - eligibility to host the control plane. A FailureDomain maps to an availability zone, - which is a separated group of datacenters within a region. - See: https://learn.microsoft.com/azure/reliability/availability-zones-overview - type: object - identityRef: - description: IdentityRef is a reference to an AzureIdentity - to be used when reconciling this cluster - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - location: - type: string - networkSpec: - description: NetworkSpec encapsulates all things related to - Azure network. - properties: - apiServerLB: - description: APIServerLB is the configuration for the - control-plane load balancer. - properties: - idleTimeoutInMinutes: - description: IdleTimeoutInMinutes specifies the timeout - for the TCP idle connection. - format: int32 - type: integer - sku: - description: SKU defines an Azure load balancer SKU. - type: string - type: - description: LBType defines an Azure load balancer - Type. - type: string - type: object - controlPlaneOutboundLB: - description: |- - ControlPlaneOutboundLB is the configuration for the control-plane outbound load balancer. - This is different from APIServerLB, and is used only in private clusters (optionally) for enabling outbound traffic. - properties: - idleTimeoutInMinutes: - description: IdleTimeoutInMinutes specifies the timeout - for the TCP idle connection. - format: int32 - type: integer - sku: - description: SKU defines an Azure load balancer SKU. - type: string - type: - description: LBType defines an Azure load balancer - Type. - type: string - type: object - nodeOutboundLB: - description: NodeOutboundLB is the configuration for the - node outbound load balancer. - properties: - idleTimeoutInMinutes: - description: IdleTimeoutInMinutes specifies the timeout - for the TCP idle connection. - format: int32 - type: integer - sku: - description: SKU defines an Azure load balancer SKU. - type: string - type: - description: LBType defines an Azure load balancer - Type. - type: string - type: object - privateDNSZoneName: - description: PrivateDNSZoneName defines the zone name - for the Azure Private DNS. - type: string - subnets: - description: Subnets is the configuration for the control-plane - subnet and the node subnet. - items: - description: SubnetTemplateSpec specifies a template - for a subnet. - properties: - cidrBlocks: - description: CIDRBlocks defines the subnet's address - space, specified as one or more address prefixes - in CIDR notation. - items: - type: string - type: array - name: - description: Name defines a name for the subnet - resource. - type: string - natGateway: - description: NatGateway associated with this subnet. - properties: - name: - type: string - required: - - name - type: object - privateEndpoints: - description: PrivateEndpoints defines a list of - private endpoints that should be attached to this - subnet. - items: - description: PrivateEndpointSpec configures an - Azure Private Endpoint. - properties: - applicationSecurityGroups: - description: ApplicationSecurityGroups specifies - the Application security group in which - the private endpoint IP configuration is - included. - items: - type: string - type: array - customNetworkInterfaceName: - description: CustomNetworkInterfaceName specifies - the network interface name associated with - the private endpoint. - type: string - location: - description: Location specifies the region - to create the private endpoint. - type: string - manualApproval: - description: |- - ManualApproval specifies if the connection approval needs to be done manually or not. - Set it true when the network admin does not have access to approve connections to the remote resource. - Defaults to false. - type: boolean - name: - description: Name specifies the name of the - private endpoint. - type: string - privateIPAddresses: - description: |- - PrivateIPAddresses specifies the IP addresses for the network interface associated with the private endpoint. - They have to be part of the subnet where the private endpoint is linked. - items: - type: string - type: array - privateLinkServiceConnections: - description: PrivateLinkServiceConnections - specifies Private Link Service Connections - of the private endpoint. - items: - description: PrivateLinkServiceConnection - defines the specification for a private - link service connection associated with - a private endpoint. - properties: - groupIDs: - description: GroupIDs specifies the - ID(s) of the group(s) obtained from - the remote resource that this private - endpoint should connect to. - items: - type: string - type: array - name: - description: Name specifies the name - of the private link service. - type: string - privateLinkServiceID: - description: PrivateLinkServiceID specifies - the resource ID of the private link - service. - type: string - requestMessage: - description: RequestMessage specifies - a message passed to the owner of the - remote resource with the private endpoint - connection request. - maxLength: 140 - type: string - type: object - type: array - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - role: - description: Role defines the subnet role (eg. Node, - ControlPlane) - enum: - - node - - control-plane - - bastion - - all - type: string - securityGroup: - description: SecurityGroup defines the NSG (network - security group) that should be attached to this - subnet. - properties: - securityRules: - description: SecurityRules is a slice of Azure - security rules for security groups. - items: - description: SecurityRule defines an Azure - security rule for security groups. - properties: - action: - default: Allow - description: Action specifies whether - network traffic is allowed or denied. - Can either be "Allow" or "Deny". Defaults - to "Allow". - enum: - - Allow - - Deny - type: string - description: - description: A description for this rule. - Restricted to 140 chars. - type: string - destination: - description: Destination is the destination - address prefix. CIDR or destination - IP range. Asterix '*' can also be used - to match all source IPs. Default tags - such as 'VirtualNetwork', 'AzureLoadBalancer' - and 'Internet' can also be used. - type: string - destinationPorts: - description: DestinationPorts specifies - the destination port or range. Integer - or range between 0 and 65535. Asterix - '*' can also be used to match all ports. - type: string - direction: - description: Direction indicates whether - the rule applies to inbound, or outbound - traffic. "Inbound" or "Outbound". - enum: - - Inbound - - Outbound - type: string - name: - description: Name is a unique name within - the network security group. - type: string - priority: - description: Priority is a number between - 100 and 4096. Each rule should have - a unique value for priority. Rules are - processed in priority order, with lower - numbers processed before higher numbers. - Once traffic matches a rule, processing - stops. - format: int32 - type: integer - protocol: - description: Protocol specifies the protocol - type. "Tcp", "Udp", "Icmp", or "*". - enum: - - Tcp - - Udp - - Icmp - - '*' - type: string - source: - description: Source specifies the CIDR - or source IP range. Asterix '*' can - also be used to match all source IPs. - Default tags such as 'VirtualNetwork', - 'AzureLoadBalancer' and 'Internet' can - also be used. If this is an ingress - rule, specifies where network traffic - originates from. - type: string - sourcePorts: - description: SourcePorts specifies source - port or range. Integer or range between - 0 and 65535. Asterix '*' can also be - used to match all ports. - type: string - sources: - description: Sources specifies The CIDR - or source IP ranges. - items: - type: string - type: array - required: - - description - - direction - - name - - protocol - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - tags: - additionalProperties: - type: string - description: Tags defines a map of tags. - type: object - type: object - serviceEndpoints: - description: ServiceEndpoints is a slice of Virtual - Network service endpoints to enable for the subnets. - items: - description: ServiceEndpointSpec configures an - Azure Service Endpoint. - properties: - locations: - items: - type: string - type: array - service: - type: string - required: - - locations - - service - type: object - type: array - x-kubernetes-list-map-keys: - - service - x-kubernetes-list-type: map - required: - - name - - role - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - vnet: - description: Vnet is the configuration for the Azure virtual - network. - properties: - cidrBlocks: - description: CIDRBlocks defines the virtual network's - address space, specified as one or more address - prefixes in CIDR notation. - items: - type: string - type: array - peerings: - description: Peerings defines a list of peerings of - the newly created virtual network with existing - virtual networks. - items: - description: VnetPeeringClassSpec specifies a virtual - network peering class. - properties: - forwardPeeringProperties: - description: |- - ForwardPeeringProperties specifies VnetPeeringProperties for peering from the cluster's virtual network to the - remote virtual network. - properties: - allowForwardedTraffic: - description: |- - AllowForwardedTraffic specifies whether the forwarded traffic from the VMs in the local virtual network will be - allowed/disallowed in remote virtual network. - type: boolean - allowGatewayTransit: - description: |- - AllowGatewayTransit specifies if gateway links can be used in remote virtual networking to link to this virtual - network. - type: boolean - allowVirtualNetworkAccess: - description: |- - AllowVirtualNetworkAccess specifies whether the VMs in the local virtual network space would be able to access - the VMs in remote virtual network space. - type: boolean - useRemoteGateways: - description: |- - UseRemoteGateways specifies if remote gateways can be used on this virtual network. - If the flag is set to true, and allowGatewayTransit on remote peering is also set to true, the virtual network - will use the gateways of the remote virtual network for transit. Only one peering can have this flag set to true. - This flag cannot be set if virtual network already has a gateway. - type: boolean - type: object - remoteVnetName: - description: RemoteVnetName defines name of - the remote virtual network. - type: string - resourceGroup: - description: ResourceGroup is the resource group - name of the remote virtual network. - type: string - reversePeeringProperties: - description: |- - ReversePeeringProperties specifies VnetPeeringProperties for peering from the remote virtual network to the - cluster's virtual network. - properties: - allowForwardedTraffic: - description: |- - AllowForwardedTraffic specifies whether the forwarded traffic from the VMs in the local virtual network will be - allowed/disallowed in remote virtual network. - type: boolean - allowGatewayTransit: - description: |- - AllowGatewayTransit specifies if gateway links can be used in remote virtual networking to link to this virtual - network. - type: boolean - allowVirtualNetworkAccess: - description: |- - AllowVirtualNetworkAccess specifies whether the VMs in the local virtual network space would be able to access - the VMs in remote virtual network space. - type: boolean - useRemoteGateways: - description: |- - UseRemoteGateways specifies if remote gateways can be used on this virtual network. - If the flag is set to true, and allowGatewayTransit on remote peering is also set to true, the virtual network - will use the gateways of the remote virtual network for transit. Only one peering can have this flag set to true. - This flag cannot be set if virtual network already has a gateway. - type: boolean - type: object - required: - - remoteVnetName - type: object - type: array - tags: - additionalProperties: - type: string - description: Tags is a collection of tags describing - the resource. - type: object - type: object - type: object - subscriptionID: - type: string - required: - - location - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-azuremachines.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-azuremachines.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index afa297103..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-azuremachines.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,871 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - labels: - cluster.x-k8s.io/v1beta1: v1beta1 - name: azuremachines.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AzureMachine - listKind: AzureMachineList - plural: azuremachines - singular: azuremachine - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster to which this AzureMachine belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - priority: 1 - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - priority: 1 - type: string - - description: Azure VM provisioning state - jsonPath: .status.vmState - name: State - type: string - - description: Machine object to which this AzureMachine belongs - jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name - name: Machine - priority: 1 - type: string - - description: Azure VM ID - jsonPath: .spec.providerID - name: VM ID - priority: 1 - type: string - - description: Azure VM Size - jsonPath: .spec.vmSize - name: VM Size - priority: 1 - type: string - - description: Time duration since creation of this AzureMachine - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: AzureMachine is the Schema for the azuremachines API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureMachineSpec defines the desired state of AzureMachine. - properties: - acceleratedNetworking: - description: 'Deprecated: AcceleratedNetworking should be set in the - networkInterfaces field.' - type: boolean - additionalCapabilities: - description: AdditionalCapabilities specifies additional capabilities - enabled or disabled on the virtual machine. - properties: - ultraSSDEnabled: - description: |- - UltraSSDEnabled enables or disables Azure UltraSSD capability for the virtual machine. - Defaults to true if Ultra SSD data disks are specified, - otherwise it doesn't set the capability on the VM. - type: boolean - type: object - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the - Azure provider. If both the AzureCluster and the AzureMachine specify the same tag name with different values, the - AzureMachine's value takes precedence. - type: object - allocatePublicIP: - description: AllocatePublicIP allows the ability to create dynamic - public ips for machines where this value is true. - type: boolean - capacityReservationGroupID: - description: |- - CapacityReservationGroupID specifies the capacity reservation group resource id that should be - used for allocating the virtual machine. - type: string - dataDisks: - description: DataDisk specifies the parameters that are used to add - one or more data disks to the machine - items: - description: DataDisk specifies the parameters that are used to - add one or more data disks to the machine. - properties: - cachingType: - description: CachingType specifies the caching requirements. - enum: - - None - - ReadOnly - - ReadWrite - type: string - diskSizeGB: - description: DiskSizeGB is the size in GB to assign to the data - disk. - format: int32 - type: integer - lun: - description: |- - Lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. - The value must be between 0 and 63. - format: int32 - type: integer - managedDisk: - description: ManagedDisk specifies the Managed Disk parameters - for the data disk. - properties: - diskEncryptionSet: - description: DiskEncryptionSet specifies the customer-managed - disk encryption set resource id for the managed disk. - properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription - type: string - type: object - securityProfile: - description: SecurityProfile specifies the security profile - for the managed disk. - properties: - diskEncryptionSet: - description: |- - DiskEncryptionSet specifies the customer-managed disk encryption set resource id for the - managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and - VMGuest blob. - properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription - type: string - type: object - securityEncryptionType: - description: |- - SecurityEncryptionType specifies the encryption type of the managed disk. - It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState - blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only. - When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule should be set to Enabled. - When set to DiskWithVMGuestState, EncryptionAtHost should be disabled, SecureBoot and - VirtualizedTrustedPlatformModule should be set to Enabled. - It can be set only for Confidential VMs. - enum: - - VMGuestStateOnly - - DiskWithVMGuestState - type: string - type: object - storageAccountType: - type: string - type: object - nameSuffix: - description: |- - NameSuffix is the suffix to be appended to the machine name to generate the disk name. - Each disk name will be in format _. - type: string - required: - - diskSizeGB - - nameSuffix - type: object - type: array - diagnostics: - description: |- - Diagnostics specifies the diagnostics settings for a virtual machine. - If not specified then Boot diagnostics (Managed) will be enabled. - properties: - boot: - description: |- - Boot configures the boot diagnostics settings for the virtual machine. - This allows to configure capturing serial output from the virtual machine on boot. - This is useful for debugging software based launch issues. - If not specified then Boot diagnostics (Managed) will be enabled. - properties: - storageAccountType: - description: |- - StorageAccountType determines if the storage account for storing the diagnostics data - should be disabled (Disabled), provisioned by Azure (Managed) or by the user (UserManaged). - enum: - - Managed - - UserManaged - - Disabled - type: string - userManaged: - description: UserManaged provides a reference to the user-managed - storage account. - properties: - storageAccountURI: - description: |- - StorageAccountURI is the URI of the user-managed storage account. - The URI typically will be `https://.blob.core.windows.net/` - but may differ if you are using Azure DNS zone endpoints. - You can find the correct endpoint by looking for the Blob Primary Endpoint in the - endpoints tab in the Azure console or with the CLI by issuing - `az storage account list --query='[].{name: name, "resource group": resourceGroup, "blob endpoint": primaryEndpoints.blob}'`. - maxLength: 1024 - pattern: ^https:// - type: string - required: - - storageAccountURI - type: object - required: - - storageAccountType - type: object - type: object - dnsServers: - description: DNSServers adds a list of DNS Server IP addresses to - the VM NICs. - items: - type: string - type: array - enableIPForwarding: - description: |- - EnableIPForwarding enables IP Forwarding in Azure which is required for some CNI's to send traffic from a pods on one machine - to another. This is required for IpV6 with Calico in combination with User Defined Routes (set by the Azure Cloud Controller - manager). Default is false for disabled. - type: boolean - failureDomain: - description: |- - FailureDomain is the failure domain unique identifier this Machine should be attached to, - as defined in Cluster API. This relates to an Azure Availability Zone - type: string - identity: - default: None - description: |- - Identity is the type of identity used for the virtual machine. - The type 'SystemAssigned' is an implicitly created identity. - The generated identity will be assigned a Subscription contributor role. - The type 'UserAssigned' is a standalone Azure resource provided by the user - and assigned to the VM - enum: - - None - - SystemAssigned - - UserAssigned - type: string - image: - description: |- - Image is used to provide details of an image to use during VM creation. - If image details are omitted the image will default the Azure Marketplace "capi" offer, - which is based on Ubuntu. - properties: - computeGallery: - description: ComputeGallery specifies an image to use from the - Azure Compute Gallery - properties: - gallery: - description: Gallery specifies the name of the compute image - gallery that contains the image - minLength: 1 - type: string - name: - description: Name is the name of the image - minLength: 1 - type: string - plan: - description: Plan contains plan information. - properties: - offer: - description: |- - Offer specifies the name of a group of related images created by the publisher. - For example, UbuntuServer, WindowsServer - minLength: 1 - type: string - publisher: - description: Publisher is the name of the organization - that created the image - minLength: 1 - type: string - sku: - description: |- - SKU specifies an instance of an offer, such as a major release of a distribution. - For example, 18.04-LTS, 2019-Datacenter - minLength: 1 - type: string - required: - - offer - - publisher - - sku - type: object - resourceGroup: - description: ResourceGroup specifies the resource group containing - the private compute gallery. - type: string - subscriptionID: - description: SubscriptionID is the identifier of the subscription - that contains the private compute gallery. - type: string - version: - description: |- - Version specifies the version of the marketplace image. The allowed formats - are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. - Specify 'latest' to use the latest version of an image available at deploy time. - Even if you use 'latest', the VM image will not automatically update after deploy - time even if a new version becomes available. - minLength: 1 - type: string - required: - - gallery - - name - - version - type: object - id: - description: ID specifies an image to use by ID - type: string - marketplace: - description: Marketplace specifies an image to use from the Azure - Marketplace - properties: - offer: - description: |- - Offer specifies the name of a group of related images created by the publisher. - For example, UbuntuServer, WindowsServer - minLength: 1 - type: string - publisher: - description: Publisher is the name of the organization that - created the image - minLength: 1 - type: string - sku: - description: |- - SKU specifies an instance of an offer, such as a major release of a distribution. - For example, 18.04-LTS, 2019-Datacenter - minLength: 1 - type: string - thirdPartyImage: - default: false - description: |- - ThirdPartyImage indicates the image is published by a third party publisher and a Plan - will be generated for it. - type: boolean - version: - description: |- - Version specifies the version of an image sku. The allowed formats - are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. - Specify 'latest' to use the latest version of an image available at deploy time. - Even if you use 'latest', the VM image will not automatically update after deploy - time even if a new version becomes available. - minLength: 1 - type: string - required: - - offer - - publisher - - sku - - version - type: object - sharedGallery: - description: |- - SharedGallery specifies an image to use from an Azure Shared Image Gallery - Deprecated: use ComputeGallery instead. - properties: - gallery: - description: Gallery specifies the name of the shared image - gallery that contains the image - minLength: 1 - type: string - name: - description: Name is the name of the image - minLength: 1 - type: string - offer: - description: |- - Offer specifies the name of a group of related images created by the publisher. - For example, UbuntuServer, WindowsServer - This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. - This is needed when the source image from which this SIG image was built requires the `Plan` to be used. - type: string - publisher: - description: |- - Publisher is the name of the organization that created the image. - This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. - This is needed when the source image from which this SIG image was built requires the `Plan` to be used. - type: string - resourceGroup: - description: ResourceGroup specifies the resource group containing - the shared image gallery - minLength: 1 - type: string - sku: - description: |- - SKU specifies an instance of an offer, such as a major release of a distribution. - For example, 18.04-LTS, 2019-Datacenter - This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. - This is needed when the source image from which this SIG image was built requires the `Plan` to be used. - type: string - subscriptionID: - description: SubscriptionID is the identifier of the subscription - that contains the shared image gallery - minLength: 1 - type: string - version: - description: |- - Version specifies the version of the marketplace image. The allowed formats - are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. - Specify 'latest' to use the latest version of an image available at deploy time. - Even if you use 'latest', the VM image will not automatically update after deploy - time even if a new version becomes available. - minLength: 1 - type: string - required: - - gallery - - name - - resourceGroup - - subscriptionID - - version - type: object - type: object - networkInterfaces: - description: |- - NetworkInterfaces specifies a list of network interface configurations. - If left unspecified, the VM will get a single network interface with a - single IPConfig in the subnet specified in the cluster's node subnet field. - The primary interface will be the first networkInterface specified (index 0) in the list. - items: - description: NetworkInterface defines a network interface. - properties: - acceleratedNetworking: - description: |- - AcceleratedNetworking enables or disables Azure accelerated networking. If omitted, it will be set based on - whether the requested VMSize supports accelerated networking. - If AcceleratedNetworking is set to true with a VMSize that does not support it, Azure will return an error. - type: boolean - privateIPConfigs: - description: |- - PrivateIPConfigs specifies the number of private IP addresses to attach to the interface. - Defaults to 1 if not specified. - type: integer - subnetName: - description: SubnetName specifies the subnet in which the new - network interface will be placed. - type: string - type: object - type: array - osDisk: - description: OSDisk specifies the parameters for the operating system - disk of the machine - properties: - cachingType: - description: CachingType specifies the caching requirements. - enum: - - None - - ReadOnly - - ReadWrite - type: string - diffDiskSettings: - description: DiffDiskSettings describe ephemeral disk settings - for the os disk. - properties: - option: - description: |- - Option enables ephemeral OS when set to "Local" - See https://learn.microsoft.com/azure/virtual-machines/ephemeral-os-disks for full details - enum: - - Local - type: string - required: - - option - type: object - diskSizeGB: - description: |- - DiskSizeGB is the size in GB to assign to the OS disk. - Will have a default of 30GB if not provided - format: int32 - type: integer - managedDisk: - description: ManagedDisk specifies the Managed Disk parameters - for the OS disk. - properties: - diskEncryptionSet: - description: DiskEncryptionSet specifies the customer-managed - disk encryption set resource id for the managed disk. - properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription - type: string - type: object - securityProfile: - description: SecurityProfile specifies the security profile - for the managed disk. - properties: - diskEncryptionSet: - description: |- - DiskEncryptionSet specifies the customer-managed disk encryption set resource id for the - managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and - VMGuest blob. - properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription - type: string - type: object - securityEncryptionType: - description: |- - SecurityEncryptionType specifies the encryption type of the managed disk. - It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState - blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only. - When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule should be set to Enabled. - When set to DiskWithVMGuestState, EncryptionAtHost should be disabled, SecureBoot and - VirtualizedTrustedPlatformModule should be set to Enabled. - It can be set only for Confidential VMs. - enum: - - VMGuestStateOnly - - DiskWithVMGuestState - type: string - type: object - storageAccountType: - type: string - type: object - osType: - type: string - required: - - osType - type: object - providerID: - description: ProviderID is the unique identifier as specified by the - cloud provider. - type: string - roleAssignmentName: - description: 'Deprecated: RoleAssignmentName should be set in the - systemAssignedIdentityRole field.' - type: string - securityProfile: - description: SecurityProfile specifies the Security profile settings - for a virtual machine. - properties: - encryptionAtHost: - description: |- - This field indicates whether Host Encryption should be enabled - or disabled for a virtual machine or virtual machine scale set. - This should be disabled when SecurityEncryptionType is set to DiskWithVMGuestState. - Default is disabled. - type: boolean - securityType: - description: |- - SecurityType specifies the SecurityType of the virtual machine. It has to be set to any specified value to - enable UefiSettings. The default behavior is: UefiSettings will not be enabled unless this property is set. - enum: - - ConfidentialVM - - TrustedLaunch - type: string - uefiSettings: - description: UefiSettings specifies the security settings like - secure boot and vTPM used while creating the virtual machine. - properties: - secureBootEnabled: - description: |- - SecureBootEnabled specifies whether secure boot should be enabled on the virtual machine. - Secure Boot verifies the digital signature of all boot components and halts the boot process if signature verification fails. - If omitted, the platform chooses a default, which is subject to change over time, currently that default is false. - type: boolean - vTpmEnabled: - description: |- - VTpmEnabled specifies whether vTPM should be enabled on the virtual machine. - When true it enables the virtualized trusted platform module measurements to create a known good boot integrity policy baseline. - The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. - This is required to be set to Enabled if SecurityEncryptionType is defined. - If omitted, the platform chooses a default, which is subject to change over time, currently that default is false. - type: boolean - type: object - type: object - spotVMOptions: - description: SpotVMOptions allows the ability to specify the Machine - should use a Spot VM - properties: - evictionPolicy: - description: EvictionPolicy defines the behavior of the virtual - machine when it is evicted. It can be either Delete or Deallocate. - enum: - - Deallocate - - Delete - type: string - maxPrice: - anyOf: - - type: integer - - type: string - description: MaxPrice defines the maximum price the user is willing - to pay for Spot VM instances - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - sshPublicKey: - description: |- - SSHPublicKey is the SSH public key string, base64-encoded to add to a Virtual Machine. Linux only. - Refer to documentation on how to set up SSH access on Windows instances. - type: string - subnetName: - description: 'Deprecated: SubnetName should be set in the networkInterfaces - field.' - type: string - systemAssignedIdentityRole: - description: SystemAssignedIdentityRole defines the role and scope - to assign to the system-assigned identity. - properties: - definitionID: - description: |- - DefinitionID is the ID of the role definition to create for a system assigned identity. It can be an Azure built-in role or a custom role. - Refer to built-in roles: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles - type: string - name: - description: |- - Name is the name of the role assignment to create for a system assigned identity. It can be any valid UUID. - If not specified, a random UUID will be generated. - type: string - scope: - description: |- - Scope is the scope that the role assignment or definition applies to. The scope can be any REST resource instance. - If not specified, the scope will be the subscription. - type: string - type: object - userAssignedIdentities: - description: |- - UserAssignedIdentities is a list of standalone Azure identities provided by the user - The lifecycle of a user-assigned identity is managed separately from the lifecycle of - the AzureMachine. - See https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli - items: - description: |- - UserAssignedIdentity defines the user-assigned identities provided - by the user to be assigned to Azure resources. - properties: - providerID: - description: |- - ProviderID is the identification ID of the user-assigned Identity, the format of an identity is: - 'azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}' - type: string - required: - - providerID - type: object - type: array - vmExtensions: - description: VMExtensions specifies a list of extensions to be added - to the virtual machine. - items: - description: VMExtension specifies the parameters for a custom VM - extension. - properties: - name: - description: Name is the name of the extension. - type: string - protectedSettings: - additionalProperties: - type: string - description: ProtectedSettings is a JSON formatted protected - settings for the extension. - type: object - publisher: - description: Publisher is the name of the extension handler - publisher. - type: string - settings: - additionalProperties: - type: string - description: Settings is a JSON formatted public settings for - the extension. - type: object - version: - description: Version specifies the version of the script handler. - type: string - required: - - name - - publisher - - version - type: object - type: array - vmSize: - type: string - required: - - osDisk - - vmSize - type: object - status: - description: AzureMachineStatus defines the observed state of AzureMachine. - properties: - addresses: - description: Addresses contains the Azure instance associated addresses. - items: - description: NodeAddress contains information for the node's address. - properties: - address: - description: The node address. - type: string - type: - description: Node address type, one of Hostname, ExternalIP - or InternalIP. - type: string - required: - - address - - type - type: object - type: array - conditions: - description: Conditions defines current service state of the AzureMachine. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - description: |- - ErrorMessage will be set in the event that there is a terminal problem - reconciling the Machine and will contain a more verbose string suitable - for logging and human consumption. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - failureReason: - description: |- - ErrorReason will be set in the event that there is a terminal problem - reconciling the Machine and will contain a succinct value suitable - for machine interpretation. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - longRunningOperationStates: - description: |- - LongRunningOperationStates saves the states for Azure long-running operations so they can be continued on the - next reconciliation loop. - items: - description: Future contains the data needed for an Azure long-running - operation to continue across reconcile loops. - properties: - data: - description: Data is the base64 url encoded json Azure AutoRest - Future. - type: string - name: - description: |- - Name is the name of the Azure resource. - Together with the service name, this forms the unique identifier for the future. - type: string - resourceGroup: - description: ResourceGroup is the Azure resource group for the - resource. - type: string - serviceName: - description: |- - ServiceName is the name of the Azure service. - Together with the name of the resource, this forms the unique identifier for the future. - type: string - type: - description: Type describes the type of future, such as update, - create, delete, etc. - type: string - required: - - data - - name - - serviceName - - type - type: object - type: array - ready: - description: Ready is true when the provider resource is ready. - type: boolean - vmState: - description: VMState is the provisioning state of the Azure virtual - machine. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-azuremachinetemplates.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-azuremachinetemplates.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index 3cc8bf189..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-azuremachinetemplates.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,742 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - labels: - cluster.x-k8s.io/v1beta1: v1beta1 - name: azuremachinetemplates.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AzureMachineTemplate - listKind: AzureMachineTemplateList - plural: azuremachinetemplates - singular: azuremachinetemplate - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: AzureMachineTemplate is the Schema for the azuremachinetemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureMachineTemplateSpec defines the desired state of AzureMachineTemplate. - properties: - template: - description: AzureMachineTemplateResource describes the data needed - to create an AzureMachine from a template. - properties: - metadata: - description: |- - ObjectMeta is metadata that all persisted resources must have, which includes all objects - users must create. This is a copy of customizable fields from metav1.ObjectMeta. - - - ObjectMeta is embedded in `Machine.Spec`, `MachineDeployment.Template` and `MachineSet.Template`, - which are not top-level Kubernetes objects. Given that metav1.ObjectMeta has lots of special cases - and read-only fields which end up in the generated CRD validation, having it as a subset simplifies - the API and some issues that can impact user experience. - - - During the [upgrade to controller-tools@v2](https://github.com/kubernetes-sigs/cluster-api/pull/1054) - for v1alpha2, we noticed a failure would occur running Cluster API test suite against the new CRDs, - specifically `spec.metadata.creationTimestamp in body must be of type string: "null"`. - The investigation showed that `controller-tools@v2` behaves differently than its previous version - when handling types from [metav1](k8s.io/apimachinery/pkg/apis/meta/v1) package. - - - In more details, we found that embedded (non-top level) types that embedded `metav1.ObjectMeta` - had validation properties, including for `creationTimestamp` (metav1.Time). - The `metav1.Time` type specifies a custom json marshaller that, when IsZero() is true, returns `null` - which breaks validation because the field isn't marked as nullable. - - - In future versions, controller-tools@v2 might allow overriding the type and validation for embedded - types. When that happens, this hack should be revisited. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: Spec is the specification of the desired behavior - of the machine. - properties: - acceleratedNetworking: - description: 'Deprecated: AcceleratedNetworking should be - set in the networkInterfaces field.' - type: boolean - additionalCapabilities: - description: AdditionalCapabilities specifies additional capabilities - enabled or disabled on the virtual machine. - properties: - ultraSSDEnabled: - description: |- - UltraSSDEnabled enables or disables Azure UltraSSD capability for the virtual machine. - Defaults to true if Ultra SSD data disks are specified, - otherwise it doesn't set the capability on the VM. - type: boolean - type: object - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the - Azure provider. If both the AzureCluster and the AzureMachine specify the same tag name with different values, the - AzureMachine's value takes precedence. - type: object - allocatePublicIP: - description: AllocatePublicIP allows the ability to create - dynamic public ips for machines where this value is true. - type: boolean - capacityReservationGroupID: - description: |- - CapacityReservationGroupID specifies the capacity reservation group resource id that should be - used for allocating the virtual machine. - type: string - dataDisks: - description: DataDisk specifies the parameters that are used - to add one or more data disks to the machine - items: - description: DataDisk specifies the parameters that are - used to add one or more data disks to the machine. - properties: - cachingType: - description: CachingType specifies the caching requirements. - enum: - - None - - ReadOnly - - ReadWrite - type: string - diskSizeGB: - description: DiskSizeGB is the size in GB to assign - to the data disk. - format: int32 - type: integer - lun: - description: |- - Lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. - The value must be between 0 and 63. - format: int32 - type: integer - managedDisk: - description: ManagedDisk specifies the Managed Disk - parameters for the data disk. - properties: - diskEncryptionSet: - description: DiskEncryptionSet specifies the customer-managed - disk encryption set resource id for the managed - disk. - properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription - type: string - type: object - securityProfile: - description: SecurityProfile specifies the security - profile for the managed disk. - properties: - diskEncryptionSet: - description: |- - DiskEncryptionSet specifies the customer-managed disk encryption set resource id for the - managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and - VMGuest blob. - properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription - type: string - type: object - securityEncryptionType: - description: |- - SecurityEncryptionType specifies the encryption type of the managed disk. - It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState - blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only. - When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule should be set to Enabled. - When set to DiskWithVMGuestState, EncryptionAtHost should be disabled, SecureBoot and - VirtualizedTrustedPlatformModule should be set to Enabled. - It can be set only for Confidential VMs. - enum: - - VMGuestStateOnly - - DiskWithVMGuestState - type: string - type: object - storageAccountType: - type: string - type: object - nameSuffix: - description: |- - NameSuffix is the suffix to be appended to the machine name to generate the disk name. - Each disk name will be in format _. - type: string - required: - - diskSizeGB - - nameSuffix - type: object - type: array - diagnostics: - description: |- - Diagnostics specifies the diagnostics settings for a virtual machine. - If not specified then Boot diagnostics (Managed) will be enabled. - properties: - boot: - description: |- - Boot configures the boot diagnostics settings for the virtual machine. - This allows to configure capturing serial output from the virtual machine on boot. - This is useful for debugging software based launch issues. - If not specified then Boot diagnostics (Managed) will be enabled. - properties: - storageAccountType: - description: |- - StorageAccountType determines if the storage account for storing the diagnostics data - should be disabled (Disabled), provisioned by Azure (Managed) or by the user (UserManaged). - enum: - - Managed - - UserManaged - - Disabled - type: string - userManaged: - description: UserManaged provides a reference to the - user-managed storage account. - properties: - storageAccountURI: - description: |- - StorageAccountURI is the URI of the user-managed storage account. - The URI typically will be `https://.blob.core.windows.net/` - but may differ if you are using Azure DNS zone endpoints. - You can find the correct endpoint by looking for the Blob Primary Endpoint in the - endpoints tab in the Azure console or with the CLI by issuing - `az storage account list --query='[].{name: name, "resource group": resourceGroup, "blob endpoint": primaryEndpoints.blob}'`. - maxLength: 1024 - pattern: ^https:// - type: string - required: - - storageAccountURI - type: object - required: - - storageAccountType - type: object - type: object - dnsServers: - description: DNSServers adds a list of DNS Server IP addresses - to the VM NICs. - items: - type: string - type: array - enableIPForwarding: - description: |- - EnableIPForwarding enables IP Forwarding in Azure which is required for some CNI's to send traffic from a pods on one machine - to another. This is required for IpV6 with Calico in combination with User Defined Routes (set by the Azure Cloud Controller - manager). Default is false for disabled. - type: boolean - failureDomain: - description: |- - FailureDomain is the failure domain unique identifier this Machine should be attached to, - as defined in Cluster API. This relates to an Azure Availability Zone - type: string - identity: - default: None - description: |- - Identity is the type of identity used for the virtual machine. - The type 'SystemAssigned' is an implicitly created identity. - The generated identity will be assigned a Subscription contributor role. - The type 'UserAssigned' is a standalone Azure resource provided by the user - and assigned to the VM - enum: - - None - - SystemAssigned - - UserAssigned - type: string - image: - description: |- - Image is used to provide details of an image to use during VM creation. - If image details are omitted the image will default the Azure Marketplace "capi" offer, - which is based on Ubuntu. - properties: - computeGallery: - description: ComputeGallery specifies an image to use - from the Azure Compute Gallery - properties: - gallery: - description: Gallery specifies the name of the compute - image gallery that contains the image - minLength: 1 - type: string - name: - description: Name is the name of the image - minLength: 1 - type: string - plan: - description: Plan contains plan information. - properties: - offer: - description: |- - Offer specifies the name of a group of related images created by the publisher. - For example, UbuntuServer, WindowsServer - minLength: 1 - type: string - publisher: - description: Publisher is the name of the organization - that created the image - minLength: 1 - type: string - sku: - description: |- - SKU specifies an instance of an offer, such as a major release of a distribution. - For example, 18.04-LTS, 2019-Datacenter - minLength: 1 - type: string - required: - - offer - - publisher - - sku - type: object - resourceGroup: - description: ResourceGroup specifies the resource - group containing the private compute gallery. - type: string - subscriptionID: - description: SubscriptionID is the identifier of the - subscription that contains the private compute gallery. - type: string - version: - description: |- - Version specifies the version of the marketplace image. The allowed formats - are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. - Specify 'latest' to use the latest version of an image available at deploy time. - Even if you use 'latest', the VM image will not automatically update after deploy - time even if a new version becomes available. - minLength: 1 - type: string - required: - - gallery - - name - - version - type: object - id: - description: ID specifies an image to use by ID - type: string - marketplace: - description: Marketplace specifies an image to use from - the Azure Marketplace - properties: - offer: - description: |- - Offer specifies the name of a group of related images created by the publisher. - For example, UbuntuServer, WindowsServer - minLength: 1 - type: string - publisher: - description: Publisher is the name of the organization - that created the image - minLength: 1 - type: string - sku: - description: |- - SKU specifies an instance of an offer, such as a major release of a distribution. - For example, 18.04-LTS, 2019-Datacenter - minLength: 1 - type: string - thirdPartyImage: - default: false - description: |- - ThirdPartyImage indicates the image is published by a third party publisher and a Plan - will be generated for it. - type: boolean - version: - description: |- - Version specifies the version of an image sku. The allowed formats - are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. - Specify 'latest' to use the latest version of an image available at deploy time. - Even if you use 'latest', the VM image will not automatically update after deploy - time even if a new version becomes available. - minLength: 1 - type: string - required: - - offer - - publisher - - sku - - version - type: object - sharedGallery: - description: |- - SharedGallery specifies an image to use from an Azure Shared Image Gallery - Deprecated: use ComputeGallery instead. - properties: - gallery: - description: Gallery specifies the name of the shared - image gallery that contains the image - minLength: 1 - type: string - name: - description: Name is the name of the image - minLength: 1 - type: string - offer: - description: |- - Offer specifies the name of a group of related images created by the publisher. - For example, UbuntuServer, WindowsServer - This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. - This is needed when the source image from which this SIG image was built requires the `Plan` to be used. - type: string - publisher: - description: |- - Publisher is the name of the organization that created the image. - This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. - This is needed when the source image from which this SIG image was built requires the `Plan` to be used. - type: string - resourceGroup: - description: ResourceGroup specifies the resource - group containing the shared image gallery - minLength: 1 - type: string - sku: - description: |- - SKU specifies an instance of an offer, such as a major release of a distribution. - For example, 18.04-LTS, 2019-Datacenter - This value will be used to add a `Plan` in the API request when creating the VM/VMSS resource. - This is needed when the source image from which this SIG image was built requires the `Plan` to be used. - type: string - subscriptionID: - description: SubscriptionID is the identifier of the - subscription that contains the shared image gallery - minLength: 1 - type: string - version: - description: |- - Version specifies the version of the marketplace image. The allowed formats - are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. - Specify 'latest' to use the latest version of an image available at deploy time. - Even if you use 'latest', the VM image will not automatically update after deploy - time even if a new version becomes available. - minLength: 1 - type: string - required: - - gallery - - name - - resourceGroup - - subscriptionID - - version - type: object - type: object - networkInterfaces: - description: |- - NetworkInterfaces specifies a list of network interface configurations. - If left unspecified, the VM will get a single network interface with a - single IPConfig in the subnet specified in the cluster's node subnet field. - The primary interface will be the first networkInterface specified (index 0) in the list. - items: - description: NetworkInterface defines a network interface. - properties: - acceleratedNetworking: - description: |- - AcceleratedNetworking enables or disables Azure accelerated networking. If omitted, it will be set based on - whether the requested VMSize supports accelerated networking. - If AcceleratedNetworking is set to true with a VMSize that does not support it, Azure will return an error. - type: boolean - privateIPConfigs: - description: |- - PrivateIPConfigs specifies the number of private IP addresses to attach to the interface. - Defaults to 1 if not specified. - type: integer - subnetName: - description: SubnetName specifies the subnet in which - the new network interface will be placed. - type: string - type: object - type: array - osDisk: - description: OSDisk specifies the parameters for the operating - system disk of the machine - properties: - cachingType: - description: CachingType specifies the caching requirements. - enum: - - None - - ReadOnly - - ReadWrite - type: string - diffDiskSettings: - description: DiffDiskSettings describe ephemeral disk - settings for the os disk. - properties: - option: - description: |- - Option enables ephemeral OS when set to "Local" - See https://learn.microsoft.com/azure/virtual-machines/ephemeral-os-disks for full details - enum: - - Local - type: string - required: - - option - type: object - diskSizeGB: - description: |- - DiskSizeGB is the size in GB to assign to the OS disk. - Will have a default of 30GB if not provided - format: int32 - type: integer - managedDisk: - description: ManagedDisk specifies the Managed Disk parameters - for the OS disk. - properties: - diskEncryptionSet: - description: DiskEncryptionSet specifies the customer-managed - disk encryption set resource id for the managed - disk. - properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription - type: string - type: object - securityProfile: - description: SecurityProfile specifies the security - profile for the managed disk. - properties: - diskEncryptionSet: - description: |- - DiskEncryptionSet specifies the customer-managed disk encryption set resource id for the - managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and - VMGuest blob. - properties: - id: - description: ID defines resourceID for diskEncryptionSet - resource. It must be in the same subscription - type: string - type: object - securityEncryptionType: - description: |- - SecurityEncryptionType specifies the encryption type of the managed disk. - It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState - blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only. - When set to VMGuestStateOnly, VirtualizedTrustedPlatformModule should be set to Enabled. - When set to DiskWithVMGuestState, EncryptionAtHost should be disabled, SecureBoot and - VirtualizedTrustedPlatformModule should be set to Enabled. - It can be set only for Confidential VMs. - enum: - - VMGuestStateOnly - - DiskWithVMGuestState - type: string - type: object - storageAccountType: - type: string - type: object - osType: - type: string - required: - - osType - type: object - providerID: - description: ProviderID is the unique identifier as specified - by the cloud provider. - type: string - roleAssignmentName: - description: 'Deprecated: RoleAssignmentName should be set - in the systemAssignedIdentityRole field.' - type: string - securityProfile: - description: SecurityProfile specifies the Security profile - settings for a virtual machine. - properties: - encryptionAtHost: - description: |- - This field indicates whether Host Encryption should be enabled - or disabled for a virtual machine or virtual machine scale set. - This should be disabled when SecurityEncryptionType is set to DiskWithVMGuestState. - Default is disabled. - type: boolean - securityType: - description: |- - SecurityType specifies the SecurityType of the virtual machine. It has to be set to any specified value to - enable UefiSettings. The default behavior is: UefiSettings will not be enabled unless this property is set. - enum: - - ConfidentialVM - - TrustedLaunch - type: string - uefiSettings: - description: UefiSettings specifies the security settings - like secure boot and vTPM used while creating the virtual - machine. - properties: - secureBootEnabled: - description: |- - SecureBootEnabled specifies whether secure boot should be enabled on the virtual machine. - Secure Boot verifies the digital signature of all boot components and halts the boot process if signature verification fails. - If omitted, the platform chooses a default, which is subject to change over time, currently that default is false. - type: boolean - vTpmEnabled: - description: |- - VTpmEnabled specifies whether vTPM should be enabled on the virtual machine. - When true it enables the virtualized trusted platform module measurements to create a known good boot integrity policy baseline. - The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. - This is required to be set to Enabled if SecurityEncryptionType is defined. - If omitted, the platform chooses a default, which is subject to change over time, currently that default is false. - type: boolean - type: object - type: object - spotVMOptions: - description: SpotVMOptions allows the ability to specify the - Machine should use a Spot VM - properties: - evictionPolicy: - description: EvictionPolicy defines the behavior of the - virtual machine when it is evicted. It can be either - Delete or Deallocate. - enum: - - Deallocate - - Delete - type: string - maxPrice: - anyOf: - - type: integer - - type: string - description: MaxPrice defines the maximum price the user - is willing to pay for Spot VM instances - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - sshPublicKey: - description: |- - SSHPublicKey is the SSH public key string, base64-encoded to add to a Virtual Machine. Linux only. - Refer to documentation on how to set up SSH access on Windows instances. - type: string - subnetName: - description: 'Deprecated: SubnetName should be set in the - networkInterfaces field.' - type: string - systemAssignedIdentityRole: - description: SystemAssignedIdentityRole defines the role and - scope to assign to the system-assigned identity. - properties: - definitionID: - description: |- - DefinitionID is the ID of the role definition to create for a system assigned identity. It can be an Azure built-in role or a custom role. - Refer to built-in roles: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles - type: string - name: - description: |- - Name is the name of the role assignment to create for a system assigned identity. It can be any valid UUID. - If not specified, a random UUID will be generated. - type: string - scope: - description: |- - Scope is the scope that the role assignment or definition applies to. The scope can be any REST resource instance. - If not specified, the scope will be the subscription. - type: string - type: object - userAssignedIdentities: - description: |- - UserAssignedIdentities is a list of standalone Azure identities provided by the user - The lifecycle of a user-assigned identity is managed separately from the lifecycle of - the AzureMachine. - See https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli - items: - description: |- - UserAssignedIdentity defines the user-assigned identities provided - by the user to be assigned to Azure resources. - properties: - providerID: - description: |- - ProviderID is the identification ID of the user-assigned Identity, the format of an identity is: - 'azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}' - type: string - required: - - providerID - type: object - type: array - vmExtensions: - description: VMExtensions specifies a list of extensions to - be added to the virtual machine. - items: - description: VMExtension specifies the parameters for a - custom VM extension. - properties: - name: - description: Name is the name of the extension. - type: string - protectedSettings: - additionalProperties: - type: string - description: ProtectedSettings is a JSON formatted protected - settings for the extension. - type: object - publisher: - description: Publisher is the name of the extension - handler publisher. - type: string - settings: - additionalProperties: - type: string - description: Settings is a JSON formatted public settings - for the extension. - type: object - version: - description: Version specifies the version of the script - handler. - type: string - required: - - name - - publisher - - version - type: object - type: array - vmSize: - type: string - required: - - osDisk - - vmSize - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-azuremanagedclusters.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-azuremanagedclusters.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index 0be51ac60..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-azuremanagedclusters.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: azuremanagedclusters.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AzureManagedCluster - listKind: AzureManagedClusterList - plural: azuremanagedclusters - shortNames: - - amc - singular: azuremanagedcluster - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster to which this AzureManagedCluster belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - jsonPath: .status.ready - name: Ready - type: string - - description: Time duration since creation of this AzureManagedCluster - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: AzureManagedCluster is the Schema for the azuremanagedclusters - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureManagedClusterSpec defines the desired state of AzureManagedCluster. - properties: - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. - Immutable, populated by the AKS API at create. - Because this field is programmatically set by CAPZ after resource creation, we define it as +optional - in the API schema to permit resource admission. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - type: object - status: - description: AzureManagedClusterStatus defines the observed state of AzureManagedCluster. - properties: - ready: - description: Ready is true when the provider resource is ready. - type: boolean - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-azuremanagedclustertemplates.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-azuremanagedclustertemplates.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index 84cc9adf8..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-azuremanagedclustertemplates.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,70 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: azuremanagedclustertemplates.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AzureManagedClusterTemplate - listKind: AzureManagedClusterTemplateList - plural: azuremanagedclustertemplates - shortNames: - - amct - singular: azuremanagedclustertemplate - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: AzureManagedClusterTemplate is the Schema for the AzureManagedClusterTemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureManagedClusterTemplateSpec defines the desired state - of AzureManagedClusterTemplate. - properties: - template: - description: AzureManagedClusterTemplateResource describes the data - needed to create an AzureManagedCluster from a template. - properties: - spec: - description: AzureManagedClusterTemplateResourceSpec specifies - an Azure managed cluster template resource. - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index d25a51526..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,1016 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AzureManagedControlPlane - listKind: AzureManagedControlPlaneList - plural: azuremanagedcontrolplanes - shortNames: - - amcp - singular: azuremanagedcontrolplane - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster to which this AzureManagedControlPlane belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - priority: 1 - type: string - - description: Time duration since creation of this AzureManagedControlPlane - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: AzureManagedControlPlane is the Schema for the azuremanagedcontrolplanes - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureManagedControlPlaneSpec defines the desired state of - AzureManagedControlPlane. - properties: - aadProfile: - description: AadProfile is Azure Active Directory configuration to - integrate with AKS for aad authentication. - properties: - adminGroupObjectIDs: - description: AdminGroupObjectIDs - AAD group object IDs that will - have admin role of the cluster. - items: - type: string - type: array - managed: - description: Managed - Whether to enable managed AAD. - type: boolean - required: - - adminGroupObjectIDs - - managed - type: object - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the - ones added by default. - type: object - addonProfiles: - description: AddonProfiles are the profiles of managed cluster add-on. - items: - description: AddonProfile represents a managed cluster add-on. - properties: - config: - additionalProperties: - type: string - description: Config - Key-value pairs for configuring the add-on. - type: object - enabled: - description: Enabled - Whether the add-on is enabled or not. - type: boolean - name: - description: Name - The name of the managed cluster add-on. - type: string - required: - - enabled - - name - type: object - type: array - apiServerAccessProfile: - description: |- - APIServerAccessProfile is the access profile for AKS API server. - Immutable except for `authorizedIPRanges`. - properties: - authorizedIPRanges: - description: AuthorizedIPRanges - Authorized IP Ranges to kubernetes - API server. - items: - type: string - type: array - enablePrivateCluster: - description: EnablePrivateCluster indicates whether to create - the cluster as a private cluster or not. - type: boolean - enablePrivateClusterPublicFQDN: - description: EnablePrivateClusterPublicFQDN indicates whether - to create additional public FQDN for private cluster or not. - type: boolean - privateDNSZone: - description: PrivateDNSZone enables private dns zone mode for - private cluster. - type: string - type: object - asoManagedClusterPatches: - description: |- - ASOManagedClusterPatches defines JSON merge patches to be applied to the generated ASO ManagedCluster resource. - WARNING: This is meant to be used sparingly to enable features for development and testing that are not - otherwise represented in the CAPZ API. Misconfiguration that conflicts with CAPZ's normal mode of - operation is possible. - items: - type: string - type: array - autoUpgradeProfile: - description: AutoUpgradeProfile defines the auto upgrade configuration. - properties: - upgradeChannel: - description: UpgradeChannel determines the type of upgrade channel - for automatically upgrading the cluster. - enum: - - node-image - - none - - patch - - rapid - - stable - type: string - type: object - autoscalerProfile: - description: AutoscalerProfile is the parameters to be applied to - the cluster-autoscaler when enabled - properties: - balanceSimilarNodeGroups: - description: BalanceSimilarNodeGroups - Valid values are 'true' - and 'false'. The default is false. - enum: - - "true" - - "false" - type: string - expander: - description: Expander - If not specified, the default is 'random'. - See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) - for more information. - enum: - - least-waste - - most-pods - - priority - - random - type: string - maxEmptyBulkDelete: - description: MaxEmptyBulkDelete - The default is 10. - type: string - maxGracefulTerminationSec: - description: MaxGracefulTerminationSec - The default is 600. - pattern: ^(\d+)$ - type: string - maxNodeProvisionTime: - description: MaxNodeProvisionTime - The default is '15m'. Values - must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. - pattern: ^(\d+)m$ - type: string - maxTotalUnreadyPercentage: - description: MaxTotalUnreadyPercentage - The default is 45. The - maximum is 100 and the minimum is 0. - maxLength: 3 - minLength: 1 - pattern: ^(\d+)$ - type: string - newPodScaleUpDelay: - description: NewPodScaleUpDelay - For scenarios like burst/batch - scale where you don't want CA to act before the kubernetes scheduler - could schedule all the pods, you can tell CA to ignore unscheduled - pods before they're a certain age. The default is '0s'. Values - must be an integer followed by a unit ('s' for seconds, 'm' - for minutes, 'h' for hours, etc). - type: string - okTotalUnreadyCount: - description: OkTotalUnreadyCount - This must be an integer. The - default is 3. - pattern: ^(\d+)$ - type: string - scaleDownDelayAfterAdd: - description: ScaleDownDelayAfterAdd - The default is '10m'. Values - must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. - pattern: ^(\d+)m$ - type: string - scaleDownDelayAfterDelete: - description: ScaleDownDelayAfterDelete - The default is the scan-interval. - Values must be an integer followed by an 's'. No unit of time - other than seconds (s) is supported. - pattern: ^(\d+)s$ - type: string - scaleDownDelayAfterFailure: - description: ScaleDownDelayAfterFailure - The default is '3m'. - Values must be an integer followed by an 'm'. No unit of time - other than minutes (m) is supported. - pattern: ^(\d+)m$ - type: string - scaleDownUnneededTime: - description: ScaleDownUnneededTime - The default is '10m'. Values - must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. - pattern: ^(\d+)m$ - type: string - scaleDownUnreadyTime: - description: ScaleDownUnreadyTime - The default is '20m'. Values - must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. - pattern: ^(\d+)m$ - type: string - scaleDownUtilizationThreshold: - description: ScaleDownUtilizationThreshold - The default is '0.5'. - type: string - scanInterval: - description: ScanInterval - How often cluster is reevaluated for - scale up or down. The default is '10s'. - pattern: ^(\d+)s$ - type: string - skipNodesWithLocalStorage: - description: SkipNodesWithLocalStorage - The default is false. - enum: - - "true" - - "false" - type: string - skipNodesWithSystemPods: - description: SkipNodesWithSystemPods - The default is true. - enum: - - "true" - - "false" - type: string - type: object - azureEnvironment: - description: |- - AzureEnvironment is the name of the AzureCloud to be used. - The default value that would be used by most users is "AzurePublicCloud", other values are: - - ChinaCloud: "AzureChinaCloud" - - PublicCloud: "AzurePublicCloud" - - USGovernmentCloud: "AzureUSGovernmentCloud" - - - Note that values other than the default must also be accompanied by corresponding changes to the - aso-controller-settings Secret to configure ASO to refer to the non-Public cloud. ASO currently does - not support referring to multiple different clouds in a single installation. The following fields must - be defined in the Secret: - - AZURE_AUTHORITY_HOST - - AZURE_RESOURCE_MANAGER_ENDPOINT - - AZURE_RESOURCE_MANAGER_AUDIENCE - - - See the [ASO docs] for more details. - - - [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/ - type: string - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. - Immutable, populated by the AKS API at create. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - disableLocalAccounts: - description: DisableLocalAccounts disables getting static credentials - for this cluster when set. Expected to only be used for AAD clusters. - type: boolean - dnsPrefix: - description: |- - DNSPrefix allows the user to customize dns prefix. - Immutable. - type: string - dnsServiceIP: - description: |- - DNSServiceIP is an IP address assigned to the Kubernetes DNS service. - It must be within the Kubernetes service address range specified in serviceCidr. - Immutable. - type: string - enablePreviewFeatures: - description: EnablePreviewFeatures enables preview features for the - cluster. - type: boolean - extensions: - description: Extensions is a list of AKS extensions to be installed - on the cluster. - items: - description: |- - AKSExtension represents the configuration for an AKS cluster extension. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/en-us/azure/aks/cluster-extensions - properties: - aksAssignedIdentityType: - description: AKSAssignedIdentityType is the type of the AKS - assigned identity. - enum: - - SystemAssigned - - UserAssigned - type: string - autoUpgradeMinorVersion: - default: true - description: AutoUpgradeMinorVersion is a flag to note if this - extension participates in auto upgrade of minor version, or - not. - type: boolean - configurationSettings: - additionalProperties: - type: string - description: ConfigurationSettings are the name-value pairs - for configuring this extension. - type: object - extensionType: - description: |- - ExtensionType is the type of the Extension of which this resource is an instance. - It must be one of the Extension Types registered with Microsoft.KubernetesConfiguration by the Extension publisher. - type: string - identity: - description: Identity is the identity type of the Extension - resource in an AKS cluster. - enum: - - SystemAssigned - type: string - name: - description: Name is the name of the extension. - type: string - plan: - description: Plan is the plan of the extension. - properties: - name: - description: Name is the user-defined name of the 3rd Party - Artifact that is being procured. - type: string - product: - description: Product is the name of the 3rd Party artifact - that is being procured. - type: string - promotionCode: - description: PromotionCode is a publisher-provided promotion - code as provisioned in Data Market for the said product/artifact. - type: string - publisher: - description: Publisher is the name of the publisher of the - 3rd Party Artifact that is being bought. - type: string - version: - description: Version is the version of the plan. - type: string - type: object - releaseTrain: - description: |- - ReleaseTrain is the release train this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - This is only used if autoUpgradeMinorVersion is ‘true’. - type: string - scope: - description: Scope is the scope at which this extension is enabled. - properties: - releaseNamespace: - description: |- - ReleaseNamespace is the namespace where the extension Release must be placed, for a Cluster-scoped extension. - Required for Cluster-scoped extensions. - type: string - scopeType: - description: ScopeType is the scope of the extension. It - can be either Cluster or Namespace, but not both. - enum: - - Cluster - - Namespace - type: string - targetNamespace: - description: |- - TargetNamespace is the namespace where the extension will be created for a Namespace-scoped extension. - Required for Namespace-scoped extensions. - type: string - required: - - scopeType - type: object - version: - description: Version is the version of the extension. - type: string - required: - - extensionType - - name - type: object - type: array - fleetsMember: - description: |- - FleetsMember is the spec for the fleet this cluster is a member of. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/en-us/azure/templates/microsoft.containerservice/2023-03-15-preview/fleets/members - properties: - group: - description: Group is the group this member belongs to for multi-cluster - update management. - type: string - managerName: - description: ManagerName is the name of the fleet manager. - type: string - managerResourceGroup: - description: ManagerResourceGroup is the resource group of the - fleet manager. - type: string - name: - description: Name is the name of the member. - type: string - required: - - managerName - - managerResourceGroup - type: object - httpProxyConfig: - description: |- - HTTPProxyConfig is the HTTP proxy configuration for the cluster. - Immutable. - properties: - httpProxy: - description: HTTPProxy is the HTTP proxy server endpoint to use. - type: string - httpsProxy: - description: HTTPSProxy is the HTTPS proxy server endpoint to - use. - type: string - noProxy: - description: NoProxy indicates the endpoints that should not go - through proxy. - items: - type: string - type: array - trustedCa: - description: TrustedCA is the alternative CA cert to use for connecting - to proxy servers. - type: string - type: object - identity: - description: Identity configuration used by the AKS control plane. - properties: - type: - description: Type - The Identity type to use. - enum: - - SystemAssigned - - UserAssigned - type: string - userAssignedIdentityResourceID: - description: UserAssignedIdentityResourceID - Identity ARM resource - ID when using user-assigned identity. - type: string - type: object - identityRef: - description: IdentityRef is a reference to a AzureClusterIdentity - to be used when reconciling this cluster - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - kubeletUserAssignedIdentity: - description: |- - KubeletUserAssignedIdentity is the user-assigned identity for kubelet. - For authentication with Azure Container Registry. - type: string - loadBalancerProfile: - description: LoadBalancerProfile is the profile of the cluster load - balancer. - properties: - allocatedOutboundPorts: - description: AllocatedOutboundPorts - Desired number of allocated - SNAT ports per VM. Allowed values must be in the range of 0 - to 64000 (inclusive). The default value is 0 which results in - Azure dynamically allocating ports. - type: integer - idleTimeoutInMinutes: - description: IdleTimeoutInMinutes - Desired outbound flow idle - timeout in minutes. Allowed values must be in the range of 4 - to 120 (inclusive). The default value is 30 minutes. - type: integer - managedOutboundIPs: - description: ManagedOutboundIPs - Desired managed outbound IPs - for the cluster load balancer. - type: integer - outboundIPPrefixes: - description: OutboundIPPrefixes - Desired outbound IP Prefix resources - for the cluster load balancer. - items: - type: string - type: array - outboundIPs: - description: OutboundIPs - Desired outbound IP resources for the - cluster load balancer. - items: - type: string - type: array - type: object - loadBalancerSKU: - default: Standard - description: |- - LoadBalancerSKU is the SKU of the loadBalancer to be provisioned. - Immutable. - enum: - - Basic - - Standard - type: string - location: - description: 'Location is a string matching one of the canonical Azure - region names. Examples: "westus2", "eastus".' - type: string - machineTemplate: - description: |- - MachineTemplate contains information about how machines - should be shaped when creating or updating a control plane. - For the AzureManagedControlPlaneTemplate, this field is used - only to fulfill the CAPI contract. - type: object - networkDataplane: - description: NetworkDataplane is the dataplane used for building the - Kubernetes network. - enum: - - azure - - cilium - type: string - networkPlugin: - description: NetworkPlugin used for building Kubernetes network. - enum: - - azure - - kubenet - - none - type: string - networkPluginMode: - description: |- - NetworkPluginMode is the mode the network plugin should use. - Allowed value is "overlay". - enum: - - overlay - type: string - networkPolicy: - description: NetworkPolicy used for building Kubernetes network. - enum: - - azure - - calico - - cilium - type: string - nodeResourceGroupName: - description: |- - NodeResourceGroupName is the name of the resource group - containing cluster IaaS resources. Will be populated to default - in webhook. - Immutable. - type: string - oidcIssuerProfile: - description: OIDCIssuerProfile is the OIDC issuer profile of the Managed - Cluster. - properties: - enabled: - description: Enabled is whether the OIDC issuer is enabled. - type: boolean - type: object - outboundType: - description: Outbound configuration used by Nodes. - enum: - - loadBalancer - - managedNATGateway - - userAssignedNATGateway - - userDefinedRouting - type: string - resourceGroupName: - description: |- - ResourceGroupName is the name of the Azure resource group for this AKS Cluster. - Immutable. - type: string - securityProfile: - description: SecurityProfile defines the security profile for cluster. - properties: - azureKeyVaultKms: - description: AzureKeyVaultKms defines Azure Key Vault Management - Services Profile for the security profile. - properties: - enabled: - description: Enabled enables the Azure Key Vault key management - service. The default is false. - type: boolean - keyID: - description: |- - KeyID defines the Identifier of Azure Key Vault key. - When Azure Key Vault key management service is enabled, this field is required and must be a valid key identifier. - type: string - keyVaultNetworkAccess: - default: Public - description: |- - KeyVaultNetworkAccess defines the network access of key vault. - The possible values are Public and Private. - Public means the key vault allows public access from all networks. - Private means the key vault disables public access and enables private link. The default value is Public. - type: string - keyVaultResourceID: - description: KeyVaultResourceID is the Resource ID of key - vault. When keyVaultNetworkAccess is Private, this field - is required and must be a valid resource ID. - type: string - required: - - enabled - - keyID - type: object - defender: - description: Defender settings for the security profile. - properties: - logAnalyticsWorkspaceResourceID: - description: |- - LogAnalyticsWorkspaceResourceID is the ID of the Log Analytics workspace that has to be associated with Microsoft Defender. - When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. - type: string - securityMonitoring: - description: SecurityMonitoring profile defines the Microsoft - Defender threat detection for Cloud settings for the security - profile. - properties: - enabled: - description: Enabled enables Defender threat detection - type: boolean - required: - - enabled - type: object - required: - - logAnalyticsWorkspaceResourceID - - securityMonitoring - type: object - imageCleaner: - description: ImageCleaner settings for the security profile. - properties: - enabled: - description: Enabled enables the Image Cleaner on AKS cluster. - type: boolean - intervalHours: - description: IntervalHours defines Image Cleaner scanning - interval in hours. Default value is 24 hours. - maximum: 2160 - minimum: 24 - type: integer - required: - - enabled - type: object - workloadIdentity: - description: Workloadidentity enables Kubernetes applications - to access Azure cloud resources securely with Azure AD. Ensure - to enable OIDC issuer while enabling Workload Identity - properties: - enabled: - description: Enabled enables the workload identity. - type: boolean - required: - - enabled - type: object - type: object - sku: - description: SKU is the SKU of the AKS to be provisioned. - properties: - tier: - description: Tier - Tier of an AKS cluster. - enum: - - Free - - Paid - - Standard - type: string - required: - - tier - type: object - sshPublicKey: - description: |- - SSHPublicKey is a string literal containing an ssh public key base64 encoded. - Use empty string to autogenerate new key. Use null value to not set key. - Immutable. - type: string - subscriptionID: - description: SubscriptionID is the GUID of the Azure subscription - that owns this cluster. - type: string - version: - description: Version defines the desired Kubernetes version. - minLength: 2 - type: string - virtualNetwork: - description: VirtualNetwork describes the virtual network for the - AKS cluster. It will be created if it does not already exist. - properties: - cidrBlock: - type: string - name: - description: Name is the name of the virtual network. - type: string - resourceGroup: - description: ResourceGroup is the name of the Azure resource group - for the VNet and Subnet. - type: string - subnet: - description: ManagedControlPlaneSubnet describes a subnet for - an AKS cluster. - properties: - cidrBlock: - type: string - name: - type: string - privateEndpoints: - description: PrivateEndpoints is a slice of Virtual Network - private endpoints to create for the subnets. - items: - description: PrivateEndpointSpec configures an Azure Private - Endpoint. - properties: - applicationSecurityGroups: - description: ApplicationSecurityGroups specifies the - Application security group in which the private endpoint - IP configuration is included. - items: - type: string - type: array - customNetworkInterfaceName: - description: CustomNetworkInterfaceName specifies the - network interface name associated with the private - endpoint. - type: string - location: - description: Location specifies the region to create - the private endpoint. - type: string - manualApproval: - description: |- - ManualApproval specifies if the connection approval needs to be done manually or not. - Set it true when the network admin does not have access to approve connections to the remote resource. - Defaults to false. - type: boolean - name: - description: Name specifies the name of the private - endpoint. - type: string - privateIPAddresses: - description: |- - PrivateIPAddresses specifies the IP addresses for the network interface associated with the private endpoint. - They have to be part of the subnet where the private endpoint is linked. - items: - type: string - type: array - privateLinkServiceConnections: - description: PrivateLinkServiceConnections specifies - Private Link Service Connections of the private endpoint. - items: - description: PrivateLinkServiceConnection defines - the specification for a private link service connection - associated with a private endpoint. - properties: - groupIDs: - description: GroupIDs specifies the ID(s) of the - group(s) obtained from the remote resource that - this private endpoint should connect to. - items: - type: string - type: array - name: - description: Name specifies the name of the private - link service. - type: string - privateLinkServiceID: - description: PrivateLinkServiceID specifies the - resource ID of the private link service. - type: string - requestMessage: - description: RequestMessage specifies a message - passed to the owner of the remote resource with - the private endpoint connection request. - maxLength: 140 - type: string - type: object - type: array - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - serviceEndpoints: - description: ServiceEndpoints is a slice of Virtual Network - service endpoints to enable for the subnets. - items: - description: ServiceEndpointSpec configures an Azure Service - Endpoint. - properties: - locations: - items: - type: string - type: array - service: - type: string - required: - - locations - - service - type: object - type: array - x-kubernetes-list-map-keys: - - service - x-kubernetes-list-type: map - required: - - cidrBlock - - name - type: object - required: - - cidrBlock - - name - type: object - required: - - identityRef - - location - - resourceGroupName - - version - type: object - status: - description: AzureManagedControlPlaneStatus defines the observed state - of AzureManagedControlPlane. - properties: - autoUpgradeVersion: - description: AutoUpgradeVersion is the Kubernetes version populated - after auto-upgrade based on the upgrade channel. - minLength: 2 - type: string - conditions: - description: Conditions defines current service state of the AzureManagedControlPlane. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - initialized: - description: |- - Initialized is true when the control plane is available for initial contact. - This may occur before the control plane is fully ready. - In the AzureManagedControlPlane implementation, these are identical. - type: boolean - longRunningOperationStates: - description: |- - LongRunningOperationStates saves the states for Azure long-running operations so they can be continued on the - next reconciliation loop. - items: - description: Future contains the data needed for an Azure long-running - operation to continue across reconcile loops. - properties: - data: - description: Data is the base64 url encoded json Azure AutoRest - Future. - type: string - name: - description: |- - Name is the name of the Azure resource. - Together with the service name, this forms the unique identifier for the future. - type: string - resourceGroup: - description: ResourceGroup is the Azure resource group for the - resource. - type: string - serviceName: - description: |- - ServiceName is the name of the Azure service. - Together with the name of the resource, this forms the unique identifier for the future. - type: string - type: - description: Type describes the type of future, such as update, - create, delete, etc. - type: string - required: - - data - - name - - serviceName - - type - type: object - type: array - oidcIssuerProfile: - description: OIDCIssuerProfile is the OIDC issuer profile of the Managed - Cluster. - properties: - issuerURL: - description: IssuerURL is the OIDC issuer url of the Managed Cluster. - type: string - type: object - ready: - description: Ready is true when the provider resource is ready. - type: boolean - version: - description: Version defines the Kubernetes version for the control - plane instance. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index 70e4afb84..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,885 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AzureManagedControlPlaneTemplate - listKind: AzureManagedControlPlaneTemplateList - plural: azuremanagedcontrolplanetemplates - shortNames: - - amcpt - singular: azuremanagedcontrolplanetemplate - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: AzureManagedControlPlaneTemplate is the Schema for the AzureManagedControlPlaneTemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureManagedControlPlaneTemplateSpec defines the desired - state of AzureManagedControlPlaneTemplate. - properties: - template: - description: AzureManagedControlPlaneTemplateResource describes the - data needed to create an AzureManagedCluster from a template. - properties: - spec: - description: AzureManagedControlPlaneTemplateResourceSpec specifies - an Azure managed control plane template resource. - properties: - aadProfile: - description: AadProfile is Azure Active Directory configuration - to integrate with AKS for aad authentication. - properties: - adminGroupObjectIDs: - description: AdminGroupObjectIDs - AAD group object IDs - that will have admin role of the cluster. - items: - type: string - type: array - managed: - description: Managed - Whether to enable managed AAD. - type: boolean - required: - - adminGroupObjectIDs - - managed - type: object - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the - ones added by default. - type: object - addonProfiles: - description: AddonProfiles are the profiles of managed cluster - add-on. - items: - description: AddonProfile represents a managed cluster add-on. - properties: - config: - additionalProperties: - type: string - description: Config - Key-value pairs for configuring - the add-on. - type: object - enabled: - description: Enabled - Whether the add-on is enabled - or not. - type: boolean - name: - description: Name - The name of the managed cluster - add-on. - type: string - required: - - enabled - - name - type: object - type: array - apiServerAccessProfile: - description: |- - APIServerAccessProfile is the access profile for AKS API server. - Immutable except for `authorizedIPRanges`. - properties: - authorizedIPRanges: - description: AuthorizedIPRanges - Authorized IP Ranges - to kubernetes API server. - items: - type: string - type: array - enablePrivateCluster: - description: EnablePrivateCluster indicates whether to - create the cluster as a private cluster or not. - type: boolean - enablePrivateClusterPublicFQDN: - description: EnablePrivateClusterPublicFQDN indicates - whether to create additional public FQDN for private - cluster or not. - type: boolean - privateDNSZone: - description: PrivateDNSZone enables private dns zone mode - for private cluster. - type: string - type: object - asoManagedClusterPatches: - description: |- - ASOManagedClusterPatches defines JSON merge patches to be applied to the generated ASO ManagedCluster resource. - WARNING: This is meant to be used sparingly to enable features for development and testing that are not - otherwise represented in the CAPZ API. Misconfiguration that conflicts with CAPZ's normal mode of - operation is possible. - items: - type: string - type: array - autoUpgradeProfile: - description: AutoUpgradeProfile defines the auto upgrade configuration. - properties: - upgradeChannel: - description: UpgradeChannel determines the type of upgrade - channel for automatically upgrading the cluster. - enum: - - node-image - - none - - patch - - rapid - - stable - type: string - type: object - autoscalerProfile: - description: AutoscalerProfile is the parameters to be applied - to the cluster-autoscaler when enabled - properties: - balanceSimilarNodeGroups: - description: BalanceSimilarNodeGroups - Valid values are - 'true' and 'false'. The default is false. - enum: - - "true" - - "false" - type: string - expander: - description: Expander - If not specified, the default - is 'random'. See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) - for more information. - enum: - - least-waste - - most-pods - - priority - - random - type: string - maxEmptyBulkDelete: - description: MaxEmptyBulkDelete - The default is 10. - type: string - maxGracefulTerminationSec: - description: MaxGracefulTerminationSec - The default is - 600. - pattern: ^(\d+)$ - type: string - maxNodeProvisionTime: - description: MaxNodeProvisionTime - The default is '15m'. - Values must be an integer followed by an 'm'. No unit - of time other than minutes (m) is supported. - pattern: ^(\d+)m$ - type: string - maxTotalUnreadyPercentage: - description: MaxTotalUnreadyPercentage - The default is - 45. The maximum is 100 and the minimum is 0. - maxLength: 3 - minLength: 1 - pattern: ^(\d+)$ - type: string - newPodScaleUpDelay: - description: NewPodScaleUpDelay - For scenarios like burst/batch - scale where you don't want CA to act before the kubernetes - scheduler could schedule all the pods, you can tell - CA to ignore unscheduled pods before they're a certain - age. The default is '0s'. Values must be an integer - followed by a unit ('s' for seconds, 'm' for minutes, - 'h' for hours, etc). - type: string - okTotalUnreadyCount: - description: OkTotalUnreadyCount - This must be an integer. - The default is 3. - pattern: ^(\d+)$ - type: string - scaleDownDelayAfterAdd: - description: ScaleDownDelayAfterAdd - The default is '10m'. - Values must be an integer followed by an 'm'. No unit - of time other than minutes (m) is supported. - pattern: ^(\d+)m$ - type: string - scaleDownDelayAfterDelete: - description: ScaleDownDelayAfterDelete - The default is - the scan-interval. Values must be an integer followed - by an 's'. No unit of time other than seconds (s) is - supported. - pattern: ^(\d+)s$ - type: string - scaleDownDelayAfterFailure: - description: ScaleDownDelayAfterFailure - The default - is '3m'. Values must be an integer followed by an 'm'. - No unit of time other than minutes (m) is supported. - pattern: ^(\d+)m$ - type: string - scaleDownUnneededTime: - description: ScaleDownUnneededTime - The default is '10m'. - Values must be an integer followed by an 'm'. No unit - of time other than minutes (m) is supported. - pattern: ^(\d+)m$ - type: string - scaleDownUnreadyTime: - description: ScaleDownUnreadyTime - The default is '20m'. - Values must be an integer followed by an 'm'. No unit - of time other than minutes (m) is supported. - pattern: ^(\d+)m$ - type: string - scaleDownUtilizationThreshold: - description: ScaleDownUtilizationThreshold - The default - is '0.5'. - type: string - scanInterval: - description: ScanInterval - How often cluster is reevaluated - for scale up or down. The default is '10s'. - pattern: ^(\d+)s$ - type: string - skipNodesWithLocalStorage: - description: SkipNodesWithLocalStorage - The default is - false. - enum: - - "true" - - "false" - type: string - skipNodesWithSystemPods: - description: SkipNodesWithSystemPods - The default is - true. - enum: - - "true" - - "false" - type: string - type: object - azureEnvironment: - description: |- - AzureEnvironment is the name of the AzureCloud to be used. - The default value that would be used by most users is "AzurePublicCloud", other values are: - - ChinaCloud: "AzureChinaCloud" - - PublicCloud: "AzurePublicCloud" - - USGovernmentCloud: "AzureUSGovernmentCloud" - - - Note that values other than the default must also be accompanied by corresponding changes to the - aso-controller-settings Secret to configure ASO to refer to the non-Public cloud. ASO currently does - not support referring to multiple different clouds in a single installation. The following fields must - be defined in the Secret: - - AZURE_AUTHORITY_HOST - - AZURE_RESOURCE_MANAGER_ENDPOINT - - AZURE_RESOURCE_MANAGER_AUDIENCE - - - See the [ASO docs] for more details. - - - [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/ - type: string - disableLocalAccounts: - description: DisableLocalAccounts disables getting static - credentials for this cluster when set. Expected to only - be used for AAD clusters. - type: boolean - dnsServiceIP: - description: |- - DNSServiceIP is an IP address assigned to the Kubernetes DNS service. - It must be within the Kubernetes service address range specified in serviceCidr. - Immutable. - type: string - enablePreviewFeatures: - description: EnablePreviewFeatures enables preview features - for the cluster. - type: boolean - extensions: - description: Extensions is a list of AKS extensions to be - installed on the cluster. - items: - description: |- - AKSExtension represents the configuration for an AKS cluster extension. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/en-us/azure/aks/cluster-extensions - properties: - aksAssignedIdentityType: - description: AKSAssignedIdentityType is the type of - the AKS assigned identity. - enum: - - SystemAssigned - - UserAssigned - type: string - autoUpgradeMinorVersion: - default: true - description: AutoUpgradeMinorVersion is a flag to note - if this extension participates in auto upgrade of - minor version, or not. - type: boolean - configurationSettings: - additionalProperties: - type: string - description: ConfigurationSettings are the name-value - pairs for configuring this extension. - type: object - extensionType: - description: |- - ExtensionType is the type of the Extension of which this resource is an instance. - It must be one of the Extension Types registered with Microsoft.KubernetesConfiguration by the Extension publisher. - type: string - identity: - description: Identity is the identity type of the Extension - resource in an AKS cluster. - enum: - - SystemAssigned - type: string - name: - description: Name is the name of the extension. - type: string - plan: - description: Plan is the plan of the extension. - properties: - name: - description: Name is the user-defined name of the - 3rd Party Artifact that is being procured. - type: string - product: - description: Product is the name of the 3rd Party - artifact that is being procured. - type: string - promotionCode: - description: PromotionCode is a publisher-provided - promotion code as provisioned in Data Market for - the said product/artifact. - type: string - publisher: - description: Publisher is the name of the publisher - of the 3rd Party Artifact that is being bought. - type: string - version: - description: Version is the version of the plan. - type: string - type: object - releaseTrain: - description: |- - ReleaseTrain is the release train this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - This is only used if autoUpgradeMinorVersion is ‘true’. - type: string - scope: - description: Scope is the scope at which this extension - is enabled. - properties: - releaseNamespace: - description: |- - ReleaseNamespace is the namespace where the extension Release must be placed, for a Cluster-scoped extension. - Required for Cluster-scoped extensions. - type: string - scopeType: - description: ScopeType is the scope of the extension. - It can be either Cluster or Namespace, but not - both. - enum: - - Cluster - - Namespace - type: string - targetNamespace: - description: |- - TargetNamespace is the namespace where the extension will be created for a Namespace-scoped extension. - Required for Namespace-scoped extensions. - type: string - required: - - scopeType - type: object - version: - description: Version is the version of the extension. - type: string - required: - - extensionType - - name - type: object - type: array - fleetsMember: - description: |- - FleetsMember is the spec for the fleet this cluster is a member of. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/en-us/azure/templates/microsoft.containerservice/2023-03-15-preview/fleets/members - properties: - group: - description: Group is the group this member belongs to - for multi-cluster update management. - type: string - managerName: - description: ManagerName is the name of the fleet manager. - type: string - managerResourceGroup: - description: ManagerResourceGroup is the resource group - of the fleet manager. - type: string - required: - - managerName - - managerResourceGroup - type: object - httpProxyConfig: - description: |- - HTTPProxyConfig is the HTTP proxy configuration for the cluster. - Immutable. - properties: - httpProxy: - description: HTTPProxy is the HTTP proxy server endpoint - to use. - type: string - httpsProxy: - description: HTTPSProxy is the HTTPS proxy server endpoint - to use. - type: string - noProxy: - description: NoProxy indicates the endpoints that should - not go through proxy. - items: - type: string - type: array - trustedCa: - description: TrustedCA is the alternative CA cert to use - for connecting to proxy servers. - type: string - type: object - identity: - description: Identity configuration used by the AKS control - plane. - properties: - type: - description: Type - The Identity type to use. - enum: - - SystemAssigned - - UserAssigned - type: string - userAssignedIdentityResourceID: - description: UserAssignedIdentityResourceID - Identity - ARM resource ID when using user-assigned identity. - type: string - type: object - identityRef: - description: IdentityRef is a reference to a AzureClusterIdentity - to be used when reconciling this cluster - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - kubeletUserAssignedIdentity: - description: |- - KubeletUserAssignedIdentity is the user-assigned identity for kubelet. - For authentication with Azure Container Registry. - type: string - loadBalancerProfile: - description: LoadBalancerProfile is the profile of the cluster - load balancer. - properties: - allocatedOutboundPorts: - description: AllocatedOutboundPorts - Desired number of - allocated SNAT ports per VM. Allowed values must be - in the range of 0 to 64000 (inclusive). The default - value is 0 which results in Azure dynamically allocating - ports. - type: integer - idleTimeoutInMinutes: - description: IdleTimeoutInMinutes - Desired outbound flow - idle timeout in minutes. Allowed values must be in the - range of 4 to 120 (inclusive). The default value is - 30 minutes. - type: integer - managedOutboundIPs: - description: ManagedOutboundIPs - Desired managed outbound - IPs for the cluster load balancer. - type: integer - outboundIPPrefixes: - description: OutboundIPPrefixes - Desired outbound IP - Prefix resources for the cluster load balancer. - items: - type: string - type: array - outboundIPs: - description: OutboundIPs - Desired outbound IP resources - for the cluster load balancer. - items: - type: string - type: array - type: object - loadBalancerSKU: - default: Standard - description: |- - LoadBalancerSKU is the SKU of the loadBalancer to be provisioned. - Immutable. - enum: - - Basic - - Standard - type: string - location: - description: 'Location is a string matching one of the canonical - Azure region names. Examples: "westus2", "eastus".' - type: string - machineTemplate: - description: |- - MachineTemplate contains information about how machines - should be shaped when creating or updating a control plane. - For the AzureManagedControlPlaneTemplate, this field is used - only to fulfill the CAPI contract. - type: object - networkDataplane: - description: NetworkDataplane is the dataplane used for building - the Kubernetes network. - enum: - - azure - - cilium - type: string - networkPlugin: - description: NetworkPlugin used for building Kubernetes network. - enum: - - azure - - kubenet - - none - type: string - networkPluginMode: - description: |- - NetworkPluginMode is the mode the network plugin should use. - Allowed value is "overlay". - enum: - - overlay - type: string - networkPolicy: - description: NetworkPolicy used for building Kubernetes network. - enum: - - azure - - calico - - cilium - type: string - oidcIssuerProfile: - description: OIDCIssuerProfile is the OIDC issuer profile - of the Managed Cluster. - properties: - enabled: - description: Enabled is whether the OIDC issuer is enabled. - type: boolean - type: object - outboundType: - description: Outbound configuration used by Nodes. - enum: - - loadBalancer - - managedNATGateway - - userAssignedNATGateway - - userDefinedRouting - type: string - resourceGroupName: - description: |- - ResourceGroupName is the name of the Azure resource group for this AKS Cluster. - Immutable. - type: string - securityProfile: - description: SecurityProfile defines the security profile - for cluster. - properties: - azureKeyVaultKms: - description: AzureKeyVaultKms defines Azure Key Vault - Management Services Profile for the security profile. - properties: - enabled: - description: Enabled enables the Azure Key Vault key - management service. The default is false. - type: boolean - keyID: - description: |- - KeyID defines the Identifier of Azure Key Vault key. - When Azure Key Vault key management service is enabled, this field is required and must be a valid key identifier. - type: string - keyVaultNetworkAccess: - default: Public - description: |- - KeyVaultNetworkAccess defines the network access of key vault. - The possible values are Public and Private. - Public means the key vault allows public access from all networks. - Private means the key vault disables public access and enables private link. The default value is Public. - type: string - keyVaultResourceID: - description: KeyVaultResourceID is the Resource ID - of key vault. When keyVaultNetworkAccess is Private, - this field is required and must be a valid resource - ID. - type: string - required: - - enabled - - keyID - type: object - defender: - description: Defender settings for the security profile. - properties: - logAnalyticsWorkspaceResourceID: - description: |- - LogAnalyticsWorkspaceResourceID is the ID of the Log Analytics workspace that has to be associated with Microsoft Defender. - When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. - type: string - securityMonitoring: - description: SecurityMonitoring profile defines the - Microsoft Defender threat detection for Cloud settings - for the security profile. - properties: - enabled: - description: Enabled enables Defender threat detection - type: boolean - required: - - enabled - type: object - required: - - logAnalyticsWorkspaceResourceID - - securityMonitoring - type: object - imageCleaner: - description: ImageCleaner settings for the security profile. - properties: - enabled: - description: Enabled enables the Image Cleaner on - AKS cluster. - type: boolean - intervalHours: - description: IntervalHours defines Image Cleaner scanning - interval in hours. Default value is 24 hours. - maximum: 2160 - minimum: 24 - type: integer - required: - - enabled - type: object - workloadIdentity: - description: Workloadidentity enables Kubernetes applications - to access Azure cloud resources securely with Azure - AD. Ensure to enable OIDC issuer while enabling Workload - Identity - properties: - enabled: - description: Enabled enables the workload identity. - type: boolean - required: - - enabled - type: object - type: object - sku: - description: SKU is the SKU of the AKS to be provisioned. - properties: - tier: - description: Tier - Tier of an AKS cluster. - enum: - - Free - - Paid - - Standard - type: string - required: - - tier - type: object - subscriptionID: - description: SubscriptionID is the GUID of the Azure subscription - that owns this cluster. - type: string - version: - description: Version defines the desired Kubernetes version. - minLength: 2 - type: string - virtualNetwork: - description: VirtualNetwork describes the virtual network - for the AKS cluster. It will be created if it does not already - exist. - properties: - cidrBlock: - type: string - name: - description: Name is the name of the virtual network. - type: string - resourceGroup: - description: ResourceGroup is the name of the Azure resource - group for the VNet and Subnet. - type: string - subnet: - description: ManagedControlPlaneSubnet describes a subnet - for an AKS cluster. - properties: - cidrBlock: - type: string - name: - type: string - privateEndpoints: - description: PrivateEndpoints is a slice of Virtual - Network private endpoints to create for the subnets. - items: - description: PrivateEndpointSpec configures an Azure - Private Endpoint. - properties: - applicationSecurityGroups: - description: ApplicationSecurityGroups specifies - the Application security group in which the - private endpoint IP configuration is included. - items: - type: string - type: array - customNetworkInterfaceName: - description: CustomNetworkInterfaceName specifies - the network interface name associated with - the private endpoint. - type: string - location: - description: Location specifies the region to - create the private endpoint. - type: string - manualApproval: - description: |- - ManualApproval specifies if the connection approval needs to be done manually or not. - Set it true when the network admin does not have access to approve connections to the remote resource. - Defaults to false. - type: boolean - name: - description: Name specifies the name of the - private endpoint. - type: string - privateIPAddresses: - description: |- - PrivateIPAddresses specifies the IP addresses for the network interface associated with the private endpoint. - They have to be part of the subnet where the private endpoint is linked. - items: - type: string - type: array - privateLinkServiceConnections: - description: PrivateLinkServiceConnections specifies - Private Link Service Connections of the private - endpoint. - items: - description: PrivateLinkServiceConnection - defines the specification for a private - link service connection associated with - a private endpoint. - properties: - groupIDs: - description: GroupIDs specifies the ID(s) - of the group(s) obtained from the remote - resource that this private endpoint - should connect to. - items: - type: string - type: array - name: - description: Name specifies the name of - the private link service. - type: string - privateLinkServiceID: - description: PrivateLinkServiceID specifies - the resource ID of the private link - service. - type: string - requestMessage: - description: RequestMessage specifies - a message passed to the owner of the - remote resource with the private endpoint - connection request. - maxLength: 140 - type: string - type: object - type: array - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - serviceEndpoints: - description: ServiceEndpoints is a slice of Virtual - Network service endpoints to enable for the subnets. - items: - description: ServiceEndpointSpec configures an Azure - Service Endpoint. - properties: - locations: - items: - type: string - type: array - service: - type: string - required: - - locations - - service - type: object - type: array - x-kubernetes-list-map-keys: - - service - x-kubernetes-list-type: map - required: - - cidrBlock - - name - type: object - required: - - cidrBlock - - name - type: object - required: - - identityRef - - location - - resourceGroupName - - version - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-azuremanagedmachinepools.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-azuremanagedmachinepools.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index 5e2a2d9e0..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-azuremanagedmachinepools.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,752 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: azuremanagedmachinepools.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AzureManagedMachinePool - listKind: AzureManagedMachinePoolList - plural: azuremanagedmachinepools - shortNames: - - ammp - singular: azuremanagedmachinepool - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster to which this AzureManagedMachinePool belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - priority: 1 - type: string - - description: Time duration since creation of this AzureManagedMachinePool - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.mode - name: Mode - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: AzureManagedMachinePool is the Schema for the azuremanagedmachinepools - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureManagedMachinePoolSpec defines the desired state of - AzureManagedMachinePool. - properties: - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to Azure resources managed by the - Azure provider, in addition to the ones added by default. - type: object - asoManagedClustersAgentPoolPatches: - description: |- - ASOManagedClustersAgentPoolPatches defines JSON merge patches to be applied to the generated ASO ManagedClustersAgentPool resource. - WARNING: This is meant to be used sparingly to enable features for development and testing that are not - otherwise represented in the CAPZ API. Misconfiguration that conflicts with CAPZ's normal mode of - operation is possible. - items: - type: string - type: array - availabilityZones: - description: |- - AvailabilityZones - Availability zones for nodes. Must use VirtualMachineScaleSets AgentPoolType. - Immutable. - items: - type: string - type: array - enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost indicates whether host encryption is enabled on the node pool. - Immutable. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/en-us/azure/aks/enable-host-encryption - type: boolean - enableFIPS: - description: |- - EnableFIPS indicates whether FIPS is enabled on the node pool. - Immutable. - type: boolean - enableNodePublicIP: - description: |- - EnableNodePublicIP controls whether or not nodes in the pool each have a public IP address. - Immutable. - type: boolean - enableUltraSSD: - description: |- - EnableUltraSSD enables the storage type UltraSSD_LRS for the agent pool. - Immutable. - type: boolean - kubeletConfig: - description: |- - KubeletConfig specifies the kubelet configurations for nodes. - Immutable. - properties: - allowedUnsafeSysctls: - description: |- - AllowedUnsafeSysctls - Allowlist of unsafe sysctls or unsafe sysctl patterns (ending in `*`). - Valid values match `kernel.shm*`, `kernel.msg*`, `kernel.sem`, `fs.mqueue.*`, or `net.*`. - items: - type: string - type: array - containerLogMaxFiles: - description: ContainerLogMaxFiles - The maximum number of container - log files that can be present for a container. The number must - be ≥ 2. - minimum: 2 - type: integer - containerLogMaxSizeMB: - description: ContainerLogMaxSizeMB - The maximum size in MB of - a container log file before it is rotated. - type: integer - cpuCfsQuota: - description: CPUCfsQuota - Enable CPU CFS quota enforcement for - containers that specify CPU limits. - type: boolean - cpuCfsQuotaPeriod: - description: |- - CPUCfsQuotaPeriod - Sets CPU CFS quota period value. - Must end in "ms", e.g. "100ms" - type: string - cpuManagerPolicy: - description: CPUManagerPolicy - CPU Manager policy to use. - enum: - - none - - static - type: string - failSwapOn: - description: FailSwapOn - If set to true it will make the Kubelet - fail to start if swap is enabled on the node. - type: boolean - imageGcHighThreshold: - description: |- - ImageGcHighThreshold - The percent of disk usage after which image garbage collection is always run. - Valid values are 0-100 (inclusive). - maximum: 100 - minimum: 0 - type: integer - imageGcLowThreshold: - description: |- - ImageGcLowThreshold - The percent of disk usage before which image garbage collection is never run. - Valid values are 0-100 (inclusive) and must be less than `imageGcHighThreshold`. - maximum: 100 - minimum: 0 - type: integer - podMaxPids: - description: |- - PodMaxPids - The maximum number of processes per pod. - Must not exceed kernel PID limit. -1 disables the limit. - minimum: -1 - type: integer - topologyManagerPolicy: - description: TopologyManagerPolicy - Topology Manager policy to - use. - enum: - - none - - best-effort - - restricted - - single-numa-node - type: string - type: object - kubeletDiskType: - description: |- - KubeletDiskType specifies the kubelet disk type. Default to OS. Possible values include: 'OS', 'Temporary'. - Requires Microsoft.ContainerService/KubeletDisk preview feature to be set. - Immutable. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#kubeletdisktype - enum: - - OS - - Temporary - type: string - linuxOSConfig: - description: |- - LinuxOSConfig specifies the custom Linux OS settings and configurations. - Immutable. - properties: - swapFileSizeMB: - description: |- - SwapFileSizeMB specifies size in MB of a swap file will be created on the agent nodes from this node pool. - Max value of SwapFileSizeMB should be the size of temporary disk(/dev/sdb). - Must be at least 1. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#temporary-disk - minimum: 1 - type: integer - sysctls: - description: Sysctl specifies the settings for Linux agent nodes. - properties: - fsAioMaxNr: - description: |- - FsAioMaxNr specifies the maximum number of system-wide asynchronous io requests. - Valid values are 65536-6553500 (inclusive). - Maps to fs.aio-max-nr. - maximum: 6553500 - minimum: 65536 - type: integer - fsFileMax: - description: |- - FsFileMax specifies the max number of file-handles that the Linux kernel will allocate, by increasing increases the maximum number of open files permitted. - Valid values are 8192-12000500 (inclusive). - Maps to fs.file-max. - maximum: 12000500 - minimum: 8192 - type: integer - fsInotifyMaxUserWatches: - description: |- - FsInotifyMaxUserWatches specifies the number of file watches allowed by the system. Each watch is roughly 90 bytes on a 32-bit kernel, and roughly 160 bytes on a 64-bit kernel. - Valid values are 781250-2097152 (inclusive). - Maps to fs.inotify.max_user_watches. - maximum: 2097152 - minimum: 781250 - type: integer - fsNrOpen: - description: |- - FsNrOpen specifies the maximum number of file-handles a process can allocate. - Valid values are 8192-20000500 (inclusive). - Maps to fs.nr_open. - maximum: 20000500 - minimum: 8192 - type: integer - kernelThreadsMax: - description: |- - KernelThreadsMax specifies the maximum number of all threads that can be created. - Valid values are 20-513785 (inclusive). - Maps to kernel.threads-max. - maximum: 513785 - minimum: 20 - type: integer - netCoreNetdevMaxBacklog: - description: |- - NetCoreNetdevMaxBacklog specifies maximum number of packets, queued on the INPUT side, when the interface receives packets faster than kernel can process them. - Valid values are 1000-3240000 (inclusive). - Maps to net.core.netdev_max_backlog. - maximum: 3240000 - minimum: 1000 - type: integer - netCoreOptmemMax: - description: |- - NetCoreOptmemMax specifies the maximum ancillary buffer size (option memory buffer) allowed per socket. - Socket option memory is used in a few cases to store extra structures relating to usage of the socket. - Valid values are 20480-4194304 (inclusive). - Maps to net.core.optmem_max. - maximum: 4194304 - minimum: 20480 - type: integer - netCoreRmemDefault: - description: |- - NetCoreRmemDefault specifies the default receive socket buffer size in bytes. - Valid values are 212992-134217728 (inclusive). - Maps to net.core.rmem_default. - maximum: 134217728 - minimum: 212992 - type: integer - netCoreRmemMax: - description: |- - NetCoreRmemMax specifies the maximum receive socket buffer size in bytes. - Valid values are 212992-134217728 (inclusive). - Maps to net.core.rmem_max. - maximum: 134217728 - minimum: 212992 - type: integer - netCoreSomaxconn: - description: |- - NetCoreSomaxconn specifies maximum number of connection requests that can be queued for any given listening socket. - An upper limit for the value of the backlog parameter passed to the listen(2)(https://man7.org/linux/man-pages/man2/listen.2.html) function. - If the backlog argument is greater than the somaxconn, then it's silently truncated to this limit. - Valid values are 4096-3240000 (inclusive). - Maps to net.core.somaxconn. - maximum: 3240000 - minimum: 4096 - type: integer - netCoreWmemDefault: - description: |- - NetCoreWmemDefault specifies the default send socket buffer size in bytes. - Valid values are 212992-134217728 (inclusive). - Maps to net.core.wmem_default. - maximum: 134217728 - minimum: 212992 - type: integer - netCoreWmemMax: - description: |- - NetCoreWmemMax specifies the maximum send socket buffer size in bytes. - Valid values are 212992-134217728 (inclusive). - Maps to net.core.wmem_max. - maximum: 134217728 - minimum: 212992 - type: integer - netIpv4IPLocalPortRange: - description: |- - NetIpv4IPLocalPortRange is used by TCP and UDP traffic to choose the local port on the agent node. - PortRange should be specified in the format "first last". - First, being an integer, must be between [1024 - 60999]. - Last, being an integer, must be between [32768 - 65000]. - Maps to net.ipv4.ip_local_port_range. - type: string - netIpv4NeighDefaultGcThresh1: - description: |- - NetIpv4NeighDefaultGcThresh1 specifies the minimum number of entries that may be in the ARP cache. - Garbage collection won't be triggered if the number of entries is below this setting. - Valid values are 128-80000 (inclusive). - Maps to net.ipv4.neigh.default.gc_thresh1. - maximum: 80000 - minimum: 128 - type: integer - netIpv4NeighDefaultGcThresh2: - description: |- - NetIpv4NeighDefaultGcThresh2 specifies soft maximum number of entries that may be in the ARP cache. - ARP garbage collection will be triggered about 5 seconds after reaching this soft maximum. - Valid values are 512-90000 (inclusive). - Maps to net.ipv4.neigh.default.gc_thresh2. - maximum: 90000 - minimum: 512 - type: integer - netIpv4NeighDefaultGcThresh3: - description: |- - NetIpv4NeighDefaultGcThresh3 specified hard maximum number of entries in the ARP cache. - Valid values are 1024-100000 (inclusive). - Maps to net.ipv4.neigh.default.gc_thresh3. - maximum: 100000 - minimum: 1024 - type: integer - netIpv4TCPFinTimeout: - description: |- - NetIpv4TCPFinTimeout specifies the length of time an orphaned connection will remain in the FIN_WAIT_2 state before it's aborted at the local end. - Valid values are 5-120 (inclusive). - Maps to net.ipv4.tcp_fin_timeout. - maximum: 120 - minimum: 5 - type: integer - netIpv4TCPKeepaliveProbes: - description: |- - NetIpv4TCPKeepaliveProbes specifies the number of keepalive probes TCP sends out, until it decides the connection is broken. - Valid values are 1-15 (inclusive). - Maps to net.ipv4.tcp_keepalive_probes. - maximum: 15 - minimum: 1 - type: integer - netIpv4TCPKeepaliveTime: - description: |- - NetIpv4TCPKeepaliveTime specifies the rate at which TCP sends out a keepalive message when keepalive is enabled. - Valid values are 30-432000 (inclusive). - Maps to net.ipv4.tcp_keepalive_time. - maximum: 432000 - minimum: 30 - type: integer - netIpv4TCPMaxSynBacklog: - description: |- - NetIpv4TCPMaxSynBacklog specifies the maximum number of queued connection requests that have still not received an acknowledgment from the connecting client. - If this number is exceeded, the kernel will begin dropping requests. - Valid values are 128-3240000 (inclusive). - Maps to net.ipv4.tcp_max_syn_backlog. - maximum: 3240000 - minimum: 128 - type: integer - netIpv4TCPMaxTwBuckets: - description: |- - NetIpv4TCPMaxTwBuckets specifies maximal number of timewait sockets held by system simultaneously. - If this number is exceeded, time-wait socket is immediately destroyed and warning is printed. - Valid values are 8000-1440000 (inclusive). - Maps to net.ipv4.tcp_max_tw_buckets. - maximum: 1440000 - minimum: 8000 - type: integer - netIpv4TCPTwReuse: - description: |- - NetIpv4TCPTwReuse is used to allow to reuse TIME-WAIT sockets for new connections when it's safe from protocol viewpoint. - Maps to net.ipv4.tcp_tw_reuse. - type: boolean - netIpv4TCPkeepaliveIntvl: - description: |- - NetIpv4TCPkeepaliveIntvl specifies the frequency of the probes sent out. - Multiplied by tcpKeepaliveprobes, it makes up the time to kill a connection that isn't responding, after probes started. - Valid values are 1-75 (inclusive). - Maps to net.ipv4.tcp_keepalive_intvl. - maximum: 75 - minimum: 1 - type: integer - netNetfilterNfConntrackBuckets: - description: |- - NetNetfilterNfConntrackBuckets specifies the size of hash table used by nf_conntrack module to record the established connection record of the TCP protocol. - Valid values are 65536-147456 (inclusive). - Maps to net.netfilter.nf_conntrack_buckets. - maximum: 147456 - minimum: 65536 - type: integer - netNetfilterNfConntrackMax: - description: |- - NetNetfilterNfConntrackMax specifies the maximum number of connections supported by the nf_conntrack module or the size of connection tracking table. - Valid values are 131072-1048576 (inclusive). - Maps to net.netfilter.nf_conntrack_max. - maximum: 1048576 - minimum: 131072 - type: integer - vmMaxMapCount: - description: |- - VMMaxMapCount specifies the maximum number of memory map areas a process may have. - Maps to vm.max_map_count. - Valid values are 65530-262144 (inclusive). - maximum: 262144 - minimum: 65530 - type: integer - vmSwappiness: - description: |- - VMSwappiness specifies aggressiveness of the kernel in swapping memory pages. - Higher values will increase aggressiveness, lower values decrease the amount of swap. - Valid values are 0-100 (inclusive). - Maps to vm.swappiness. - maximum: 100 - minimum: 0 - type: integer - vmVfsCachePressure: - description: |- - VMVfsCachePressure specifies the percentage value that controls tendency of the kernel to reclaim the memory, which is used for caching of directory and inode objects. - Valid values are 1-500 (inclusive). - Maps to vm.vfs_cache_pressure. - maximum: 500 - minimum: 1 - type: integer - type: object - transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag specifies whether the kernel should make aggressive use of memory compaction to make more hugepages available. - See also [Linux doc]. - - - [Linux doc]: https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge for more details. - enum: - - always - - defer - - defer+madvise - - madvise - - never - type: string - transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled specifies various modes of Transparent Hugepages. - See also [Linux doc]. - - - [Linux doc]: https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge for more details. - enum: - - always - - madvise - - never - type: string - type: object - maxPods: - description: |- - MaxPods specifies the kubelet `--max-pods` configuration for the node pool. - Immutable. - See also [AKS doc], [K8s doc]. - - - [AKS doc]: https://learn.microsoft.com/azure/aks/configure-azure-cni#configure-maximum---new-clusters - [K8s doc]: https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/ - type: integer - mode: - description: 'Mode represents the mode of an agent pool. Possible - values include: System, User.' - enum: - - System - - User - type: string - name: - description: |- - Name is the name of the agent pool. If not specified, CAPZ uses the name of the CR as the agent pool name. - Immutable. - type: string - nodeLabels: - additionalProperties: - type: string - description: |- - Node labels represent the labels for all of the nodes present in node pool. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/azure/aks/use-labels - type: object - nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID specifies the public IP prefix resource ID which VM nodes should use IPs from. - Immutable. - type: string - osDiskSizeGB: - description: |- - OSDiskSizeGB is the disk size for every machine in this agent pool. - If you specify 0, it will apply the default osDisk size according to the vmSize specified. - Immutable. - type: integer - osDiskType: - default: Managed - description: |- - OsDiskType specifies the OS disk type for each node in the pool. Allowed values are 'Ephemeral' and 'Managed' (default). - Immutable. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/azure/aks/cluster-configuration#ephemeral-os - enum: - - Ephemeral - - Managed - type: string - osType: - description: |- - OSType specifies the virtual machine operating system. Default to Linux. Possible values include: 'Linux', 'Windows'. - 'Windows' requires the AzureManagedControlPlane's `spec.networkPlugin` to be `azure`. - Immutable. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#ostype - enum: - - Linux - - Windows - type: string - providerIDList: - description: ProviderIDList is the unique identifier as specified - by the cloud provider. - items: - type: string - type: array - scaleDownMode: - default: Delete - description: 'ScaleDownMode affects the cluster autoscaler behavior. - Default to Delete. Possible values include: ''Deallocate'', ''Delete''' - enum: - - Deallocate - - Delete - type: string - scaleSetPriority: - description: |- - ScaleSetPriority specifies the ScaleSetPriority value. Default to Regular. Possible values include: 'Regular', 'Spot' - Immutable. - enum: - - Regular - - Spot - type: string - scaling: - description: Scaling specifies the autoscaling parameters for the - node pool. - properties: - maxSize: - description: MaxSize is the maximum number of nodes for auto-scaling. - type: integer - minSize: - description: MinSize is the minimum number of nodes for auto-scaling. - type: integer - type: object - sku: - description: |- - SKU is the size of the VMs in the node pool. - Immutable. - type: string - spotMaxPrice: - anyOf: - - type: integer - - type: string - description: |- - SpotMaxPrice defines max price to pay for spot instance. Possible values are any decimal value greater than zero or -1. - If you set the max price to be -1, the VM won't be evicted based on price. The price for the VM will be the current price - for spot or the price for a standard VM, which ever is less, as long as there's capacity and quota available. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - subnetName: - description: |- - SubnetName specifies the Subnet where the MachinePool will be placed - Immutable. - type: string - taints: - description: |- - Taints specifies the taints for nodes present in this agent pool. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/azure/aks/use-multiple-node-pools#setting-node-pool-taints - items: - description: Taint represents a Kubernetes taint. - properties: - effect: - description: Effect specifies the effect for the taint - enum: - - NoSchedule - - NoExecute - - PreferNoSchedule - type: string - key: - description: Key is the key of the taint - type: string - value: - description: Value is the value of the taint - type: string - required: - - effect - - key - - value - type: object - type: array - required: - - mode - - sku - type: object - status: - description: AzureManagedMachinePoolStatus defines the observed state - of AzureManagedMachinePool. - properties: - conditions: - description: Conditions defines current service state of the AzureManagedControlPlane. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - errorMessage: - description: |- - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - errorReason: - description: |- - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - longRunningOperationStates: - description: |- - LongRunningOperationStates saves the states for Azure long-running operations so they can be continued on the - next reconciliation loop. - items: - description: Future contains the data needed for an Azure long-running - operation to continue across reconcile loops. - properties: - data: - description: Data is the base64 url encoded json Azure AutoRest - Future. - type: string - name: - description: |- - Name is the name of the Azure resource. - Together with the service name, this forms the unique identifier for the future. - type: string - resourceGroup: - description: ResourceGroup is the Azure resource group for the - resource. - type: string - serviceName: - description: |- - ServiceName is the name of the Azure service. - Together with the name of the resource, this forms the unique identifier for the future. - type: string - type: - description: Type describes the type of future, such as update, - create, delete, etc. - type: string - required: - - data - - name - - serviceName - - type - type: object - type: array - ready: - description: Ready is true when the provider resource is ready. - type: boolean - replicas: - description: Replicas is the most recently observed number of replicas. - format: int32 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index 31fed717d..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,633 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: AzureManagedMachinePoolTemplate - listKind: AzureManagedMachinePoolTemplateList - plural: azuremanagedmachinepooltemplates - shortNames: - - ammpt - singular: azuremanagedmachinepooltemplate - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: AzureManagedMachinePoolTemplate is the Schema for the AzureManagedMachinePoolTemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AzureManagedMachinePoolTemplateSpec defines the desired state - of AzureManagedMachinePoolTemplate. - properties: - template: - description: AzureManagedMachinePoolTemplateResource describes the - data needed to create an AzureManagedCluster from a template. - properties: - spec: - description: AzureManagedMachinePoolTemplateResourceSpec specifies - an Azure managed control plane template resource. - properties: - additionalTags: - additionalProperties: - type: string - description: |- - AdditionalTags is an optional set of tags to add to Azure resources managed by the - Azure provider, in addition to the ones added by default. - type: object - asoManagedClustersAgentPoolPatches: - description: |- - ASOManagedClustersAgentPoolPatches defines JSON merge patches to be applied to the generated ASO ManagedClustersAgentPool resource. - WARNING: This is meant to be used sparingly to enable features for development and testing that are not - otherwise represented in the CAPZ API. Misconfiguration that conflicts with CAPZ's normal mode of - operation is possible. - items: - type: string - type: array - availabilityZones: - description: |- - AvailabilityZones - Availability zones for nodes. Must use VirtualMachineScaleSets AgentPoolType. - Immutable. - items: - type: string - type: array - enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost indicates whether host encryption is enabled on the node pool. - Immutable. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/en-us/azure/aks/enable-host-encryption - type: boolean - enableFIPS: - description: |- - EnableFIPS indicates whether FIPS is enabled on the node pool. - Immutable. - type: boolean - enableNodePublicIP: - description: |- - EnableNodePublicIP controls whether or not nodes in the pool each have a public IP address. - Immutable. - type: boolean - enableUltraSSD: - description: |- - EnableUltraSSD enables the storage type UltraSSD_LRS for the agent pool. - Immutable. - type: boolean - kubeletConfig: - description: |- - KubeletConfig specifies the kubelet configurations for nodes. - Immutable. - properties: - allowedUnsafeSysctls: - description: |- - AllowedUnsafeSysctls - Allowlist of unsafe sysctls or unsafe sysctl patterns (ending in `*`). - Valid values match `kernel.shm*`, `kernel.msg*`, `kernel.sem`, `fs.mqueue.*`, or `net.*`. - items: - type: string - type: array - containerLogMaxFiles: - description: ContainerLogMaxFiles - The maximum number - of container log files that can be present for a container. - The number must be ≥ 2. - minimum: 2 - type: integer - containerLogMaxSizeMB: - description: ContainerLogMaxSizeMB - The maximum size - in MB of a container log file before it is rotated. - type: integer - cpuCfsQuota: - description: CPUCfsQuota - Enable CPU CFS quota enforcement - for containers that specify CPU limits. - type: boolean - cpuCfsQuotaPeriod: - description: |- - CPUCfsQuotaPeriod - Sets CPU CFS quota period value. - Must end in "ms", e.g. "100ms" - type: string - cpuManagerPolicy: - description: CPUManagerPolicy - CPU Manager policy to - use. - enum: - - none - - static - type: string - failSwapOn: - description: FailSwapOn - If set to true it will make - the Kubelet fail to start if swap is enabled on the - node. - type: boolean - imageGcHighThreshold: - description: |- - ImageGcHighThreshold - The percent of disk usage after which image garbage collection is always run. - Valid values are 0-100 (inclusive). - maximum: 100 - minimum: 0 - type: integer - imageGcLowThreshold: - description: |- - ImageGcLowThreshold - The percent of disk usage before which image garbage collection is never run. - Valid values are 0-100 (inclusive) and must be less than `imageGcHighThreshold`. - maximum: 100 - minimum: 0 - type: integer - podMaxPids: - description: |- - PodMaxPids - The maximum number of processes per pod. - Must not exceed kernel PID limit. -1 disables the limit. - minimum: -1 - type: integer - topologyManagerPolicy: - description: TopologyManagerPolicy - Topology Manager - policy to use. - enum: - - none - - best-effort - - restricted - - single-numa-node - type: string - type: object - kubeletDiskType: - description: |- - KubeletDiskType specifies the kubelet disk type. Default to OS. Possible values include: 'OS', 'Temporary'. - Requires Microsoft.ContainerService/KubeletDisk preview feature to be set. - Immutable. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#kubeletdisktype - enum: - - OS - - Temporary - type: string - linuxOSConfig: - description: |- - LinuxOSConfig specifies the custom Linux OS settings and configurations. - Immutable. - properties: - swapFileSizeMB: - description: |- - SwapFileSizeMB specifies size in MB of a swap file will be created on the agent nodes from this node pool. - Max value of SwapFileSizeMB should be the size of temporary disk(/dev/sdb). - Must be at least 1. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#temporary-disk - minimum: 1 - type: integer - sysctls: - description: Sysctl specifies the settings for Linux agent - nodes. - properties: - fsAioMaxNr: - description: |- - FsAioMaxNr specifies the maximum number of system-wide asynchronous io requests. - Valid values are 65536-6553500 (inclusive). - Maps to fs.aio-max-nr. - maximum: 6553500 - minimum: 65536 - type: integer - fsFileMax: - description: |- - FsFileMax specifies the max number of file-handles that the Linux kernel will allocate, by increasing increases the maximum number of open files permitted. - Valid values are 8192-12000500 (inclusive). - Maps to fs.file-max. - maximum: 12000500 - minimum: 8192 - type: integer - fsInotifyMaxUserWatches: - description: |- - FsInotifyMaxUserWatches specifies the number of file watches allowed by the system. Each watch is roughly 90 bytes on a 32-bit kernel, and roughly 160 bytes on a 64-bit kernel. - Valid values are 781250-2097152 (inclusive). - Maps to fs.inotify.max_user_watches. - maximum: 2097152 - minimum: 781250 - type: integer - fsNrOpen: - description: |- - FsNrOpen specifies the maximum number of file-handles a process can allocate. - Valid values are 8192-20000500 (inclusive). - Maps to fs.nr_open. - maximum: 20000500 - minimum: 8192 - type: integer - kernelThreadsMax: - description: |- - KernelThreadsMax specifies the maximum number of all threads that can be created. - Valid values are 20-513785 (inclusive). - Maps to kernel.threads-max. - maximum: 513785 - minimum: 20 - type: integer - netCoreNetdevMaxBacklog: - description: |- - NetCoreNetdevMaxBacklog specifies maximum number of packets, queued on the INPUT side, when the interface receives packets faster than kernel can process them. - Valid values are 1000-3240000 (inclusive). - Maps to net.core.netdev_max_backlog. - maximum: 3240000 - minimum: 1000 - type: integer - netCoreOptmemMax: - description: |- - NetCoreOptmemMax specifies the maximum ancillary buffer size (option memory buffer) allowed per socket. - Socket option memory is used in a few cases to store extra structures relating to usage of the socket. - Valid values are 20480-4194304 (inclusive). - Maps to net.core.optmem_max. - maximum: 4194304 - minimum: 20480 - type: integer - netCoreRmemDefault: - description: |- - NetCoreRmemDefault specifies the default receive socket buffer size in bytes. - Valid values are 212992-134217728 (inclusive). - Maps to net.core.rmem_default. - maximum: 134217728 - minimum: 212992 - type: integer - netCoreRmemMax: - description: |- - NetCoreRmemMax specifies the maximum receive socket buffer size in bytes. - Valid values are 212992-134217728 (inclusive). - Maps to net.core.rmem_max. - maximum: 134217728 - minimum: 212992 - type: integer - netCoreSomaxconn: - description: |- - NetCoreSomaxconn specifies maximum number of connection requests that can be queued for any given listening socket. - An upper limit for the value of the backlog parameter passed to the listen(2)(https://man7.org/linux/man-pages/man2/listen.2.html) function. - If the backlog argument is greater than the somaxconn, then it's silently truncated to this limit. - Valid values are 4096-3240000 (inclusive). - Maps to net.core.somaxconn. - maximum: 3240000 - minimum: 4096 - type: integer - netCoreWmemDefault: - description: |- - NetCoreWmemDefault specifies the default send socket buffer size in bytes. - Valid values are 212992-134217728 (inclusive). - Maps to net.core.wmem_default. - maximum: 134217728 - minimum: 212992 - type: integer - netCoreWmemMax: - description: |- - NetCoreWmemMax specifies the maximum send socket buffer size in bytes. - Valid values are 212992-134217728 (inclusive). - Maps to net.core.wmem_max. - maximum: 134217728 - minimum: 212992 - type: integer - netIpv4IPLocalPortRange: - description: |- - NetIpv4IPLocalPortRange is used by TCP and UDP traffic to choose the local port on the agent node. - PortRange should be specified in the format "first last". - First, being an integer, must be between [1024 - 60999]. - Last, being an integer, must be between [32768 - 65000]. - Maps to net.ipv4.ip_local_port_range. - type: string - netIpv4NeighDefaultGcThresh1: - description: |- - NetIpv4NeighDefaultGcThresh1 specifies the minimum number of entries that may be in the ARP cache. - Garbage collection won't be triggered if the number of entries is below this setting. - Valid values are 128-80000 (inclusive). - Maps to net.ipv4.neigh.default.gc_thresh1. - maximum: 80000 - minimum: 128 - type: integer - netIpv4NeighDefaultGcThresh2: - description: |- - NetIpv4NeighDefaultGcThresh2 specifies soft maximum number of entries that may be in the ARP cache. - ARP garbage collection will be triggered about 5 seconds after reaching this soft maximum. - Valid values are 512-90000 (inclusive). - Maps to net.ipv4.neigh.default.gc_thresh2. - maximum: 90000 - minimum: 512 - type: integer - netIpv4NeighDefaultGcThresh3: - description: |- - NetIpv4NeighDefaultGcThresh3 specified hard maximum number of entries in the ARP cache. - Valid values are 1024-100000 (inclusive). - Maps to net.ipv4.neigh.default.gc_thresh3. - maximum: 100000 - minimum: 1024 - type: integer - netIpv4TCPFinTimeout: - description: |- - NetIpv4TCPFinTimeout specifies the length of time an orphaned connection will remain in the FIN_WAIT_2 state before it's aborted at the local end. - Valid values are 5-120 (inclusive). - Maps to net.ipv4.tcp_fin_timeout. - maximum: 120 - minimum: 5 - type: integer - netIpv4TCPKeepaliveProbes: - description: |- - NetIpv4TCPKeepaliveProbes specifies the number of keepalive probes TCP sends out, until it decides the connection is broken. - Valid values are 1-15 (inclusive). - Maps to net.ipv4.tcp_keepalive_probes. - maximum: 15 - minimum: 1 - type: integer - netIpv4TCPKeepaliveTime: - description: |- - NetIpv4TCPKeepaliveTime specifies the rate at which TCP sends out a keepalive message when keepalive is enabled. - Valid values are 30-432000 (inclusive). - Maps to net.ipv4.tcp_keepalive_time. - maximum: 432000 - minimum: 30 - type: integer - netIpv4TCPMaxSynBacklog: - description: |- - NetIpv4TCPMaxSynBacklog specifies the maximum number of queued connection requests that have still not received an acknowledgment from the connecting client. - If this number is exceeded, the kernel will begin dropping requests. - Valid values are 128-3240000 (inclusive). - Maps to net.ipv4.tcp_max_syn_backlog. - maximum: 3240000 - minimum: 128 - type: integer - netIpv4TCPMaxTwBuckets: - description: |- - NetIpv4TCPMaxTwBuckets specifies maximal number of timewait sockets held by system simultaneously. - If this number is exceeded, time-wait socket is immediately destroyed and warning is printed. - Valid values are 8000-1440000 (inclusive). - Maps to net.ipv4.tcp_max_tw_buckets. - maximum: 1440000 - minimum: 8000 - type: integer - netIpv4TCPTwReuse: - description: |- - NetIpv4TCPTwReuse is used to allow to reuse TIME-WAIT sockets for new connections when it's safe from protocol viewpoint. - Maps to net.ipv4.tcp_tw_reuse. - type: boolean - netIpv4TCPkeepaliveIntvl: - description: |- - NetIpv4TCPkeepaliveIntvl specifies the frequency of the probes sent out. - Multiplied by tcpKeepaliveprobes, it makes up the time to kill a connection that isn't responding, after probes started. - Valid values are 1-75 (inclusive). - Maps to net.ipv4.tcp_keepalive_intvl. - maximum: 75 - minimum: 1 - type: integer - netNetfilterNfConntrackBuckets: - description: |- - NetNetfilterNfConntrackBuckets specifies the size of hash table used by nf_conntrack module to record the established connection record of the TCP protocol. - Valid values are 65536-147456 (inclusive). - Maps to net.netfilter.nf_conntrack_buckets. - maximum: 147456 - minimum: 65536 - type: integer - netNetfilterNfConntrackMax: - description: |- - NetNetfilterNfConntrackMax specifies the maximum number of connections supported by the nf_conntrack module or the size of connection tracking table. - Valid values are 131072-1048576 (inclusive). - Maps to net.netfilter.nf_conntrack_max. - maximum: 1048576 - minimum: 131072 - type: integer - vmMaxMapCount: - description: |- - VMMaxMapCount specifies the maximum number of memory map areas a process may have. - Maps to vm.max_map_count. - Valid values are 65530-262144 (inclusive). - maximum: 262144 - minimum: 65530 - type: integer - vmSwappiness: - description: |- - VMSwappiness specifies aggressiveness of the kernel in swapping memory pages. - Higher values will increase aggressiveness, lower values decrease the amount of swap. - Valid values are 0-100 (inclusive). - Maps to vm.swappiness. - maximum: 100 - minimum: 0 - type: integer - vmVfsCachePressure: - description: |- - VMVfsCachePressure specifies the percentage value that controls tendency of the kernel to reclaim the memory, which is used for caching of directory and inode objects. - Valid values are 1-500 (inclusive). - Maps to vm.vfs_cache_pressure. - maximum: 500 - minimum: 1 - type: integer - type: object - transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag specifies whether the kernel should make aggressive use of memory compaction to make more hugepages available. - See also [Linux doc]. - - - [Linux doc]: https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge for more details. - enum: - - always - - defer - - defer+madvise - - madvise - - never - type: string - transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled specifies various modes of Transparent Hugepages. - See also [Linux doc]. - - - [Linux doc]: https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge for more details. - enum: - - always - - madvise - - never - type: string - type: object - maxPods: - description: |- - MaxPods specifies the kubelet `--max-pods` configuration for the node pool. - Immutable. - See also [AKS doc], [K8s doc]. - - - [AKS doc]: https://learn.microsoft.com/azure/aks/configure-azure-cni#configure-maximum---new-clusters - [K8s doc]: https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/ - type: integer - mode: - description: 'Mode represents the mode of an agent pool. Possible - values include: System, User.' - enum: - - System - - User - type: string - name: - description: |- - Name is the name of the agent pool. If not specified, CAPZ uses the name of the CR as the agent pool name. - Immutable. - type: string - nodeLabels: - additionalProperties: - type: string - description: |- - Node labels represent the labels for all of the nodes present in node pool. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/azure/aks/use-labels - type: object - nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID specifies the public IP prefix resource ID which VM nodes should use IPs from. - Immutable. - type: string - osDiskSizeGB: - description: |- - OSDiskSizeGB is the disk size for every machine in this agent pool. - If you specify 0, it will apply the default osDisk size according to the vmSize specified. - Immutable. - type: integer - osDiskType: - default: Managed - description: |- - OsDiskType specifies the OS disk type for each node in the pool. Allowed values are 'Ephemeral' and 'Managed' (default). - Immutable. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/azure/aks/cluster-configuration#ephemeral-os - enum: - - Ephemeral - - Managed - type: string - osType: - description: |- - OSType specifies the virtual machine operating system. Default to Linux. Possible values include: 'Linux', 'Windows'. - 'Windows' requires the AzureManagedControlPlane's `spec.networkPlugin` to be `azure`. - Immutable. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/rest/api/aks/agent-pools/create-or-update?tabs=HTTP#ostype - enum: - - Linux - - Windows - type: string - scaleDownMode: - default: Delete - description: 'ScaleDownMode affects the cluster autoscaler - behavior. Default to Delete. Possible values include: ''Deallocate'', - ''Delete''' - enum: - - Deallocate - - Delete - type: string - scaleSetPriority: - description: |- - ScaleSetPriority specifies the ScaleSetPriority value. Default to Regular. Possible values include: 'Regular', 'Spot' - Immutable. - enum: - - Regular - - Spot - type: string - scaling: - description: Scaling specifies the autoscaling parameters - for the node pool. - properties: - maxSize: - description: MaxSize is the maximum number of nodes for - auto-scaling. - type: integer - minSize: - description: MinSize is the minimum number of nodes for - auto-scaling. - type: integer - type: object - sku: - description: |- - SKU is the size of the VMs in the node pool. - Immutable. - type: string - spotMaxPrice: - anyOf: - - type: integer - - type: string - description: |- - SpotMaxPrice defines max price to pay for spot instance. Possible values are any decimal value greater than zero or -1. - If you set the max price to be -1, the VM won't be evicted based on price. The price for the VM will be the current price - for spot or the price for a standard VM, which ever is less, as long as there's capacity and quota available. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - subnetName: - description: |- - SubnetName specifies the Subnet where the MachinePool will be placed - Immutable. - type: string - taints: - description: |- - Taints specifies the taints for nodes present in this agent pool. - See also [AKS doc]. - - - [AKS doc]: https://learn.microsoft.com/azure/aks/use-multiple-node-pools#setting-node-pool-taints - items: - description: Taint represents a Kubernetes taint. - properties: - effect: - description: Effect specifies the effect for the taint - enum: - - NoSchedule - - NoExecute - - PreferNoSchedule - type: string - key: - description: Key is the key of the taint - type: string - value: - description: Value is the value of the taint - type: string - required: - - effect - - key - - value - type: object - type: array - required: - - mode - - sku - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-certificaterevocationrequests.certificates.hypershift.openshift.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-certificaterevocationrequests.certificates.hypershift.openshift.io.yaml deleted file mode 100644 index 066acc9a2..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-certificaterevocationrequests.certificates.hypershift.openshift.io.yaml +++ /dev/null @@ -1,177 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: certificaterevocationrequests.certificates.hypershift.openshift.io -spec: - group: certificates.hypershift.openshift.io - names: - kind: CertificateRevocationRequest - listKind: CertificateRevocationRequestList - plural: certificaterevocationrequests - shortNames: - - crr - - crrs - singular: certificaterevocationrequest - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - CertificateRevocationRequest defines the desired state of CertificateRevocationRequest. - A request denotes the user's desire to revoke a signer certificate of the class indicated in spec. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: CertificateRevocationRequestSpec defines the desired state - of CertificateRevocationRequest - properties: - signerClass: - description: |- - SignerClass identifies the class of signer to revoke. All the active signing CAs for the - signer class will be revoked. - enum: - - customer-break-glass - - sre-break-glass - type: string - x-kubernetes-validations: - - message: signerClass is immutable - rule: self == oldSelf - required: - - signerClass - type: object - status: - description: CertificateRevocationRequestStatus defines the observed state - of CertificateRevocationRequest - properties: - conditions: - description: Conditions contain details about the various aspects - of certificate revocation. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - previousSigner: - description: |- - PreviousSigner stores a reference to the previous signer certificate. We require - storing this data to ensure that we can validate that the old signer is no longer - valid before considering revocation complete. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - revocationTimestamp: - description: |- - RevocationTimestamp is the cut-off time for signing CAs to be revoked. All certificates that - are valid before this time will be revoked; all re-generated certificates will not be valid - at or before this time. - format: date-time - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-certificatesigningrequestapprovals.certificates.hypershift.openshift.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-certificatesigningrequestapprovals.certificates.hypershift.openshift.io.yaml deleted file mode 100644 index b2977a1ec..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-certificatesigningrequestapprovals.certificates.hypershift.openshift.io.yaml +++ /dev/null @@ -1,59 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: certificatesigningrequestapprovals.certificates.hypershift.openshift.io -spec: - group: certificates.hypershift.openshift.io - names: - kind: CertificateSigningRequestApproval - listKind: CertificateSigningRequestApprovalList - plural: certificatesigningrequestapprovals - shortNames: - - csra - - csras - singular: certificatesigningrequestapproval - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: CertificateSigningRequestApproval defines the desired state of - CertificateSigningRequestApproval - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: CertificateSigningRequestApprovalSpec defines the desired - state of CertificateSigningRequestApproval - type: object - status: - description: CertificateSigningRequestApprovalStatus defines the observed - state of CertificateSigningRequestApproval - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-certificatesigningrequestapprovals.hypershift.openshift.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-certificatesigningrequestapprovals.hypershift.openshift.io.yaml deleted file mode 100644 index 8412090a1..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-certificatesigningrequestapprovals.hypershift.openshift.io.yaml +++ /dev/null @@ -1,59 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: certificatesigningrequestapprovals.hypershift.openshift.io -spec: - group: hypershift.openshift.io - names: - kind: CertificateSigningRequestApproval - listKind: CertificateSigningRequestApprovalList - plural: certificatesigningrequestapprovals - shortNames: - - csra - - csras - singular: certificatesigningrequestapproval - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: CertificateSigningRequestApproval defines the desired state of - CertificateSigningRequestApproval - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: CertificateSigningRequestApprovalSpec defines the desired - state of CertificateSigningRequestApproval - type: object - status: - description: CertificateSigningRequestApprovalStatus defines the observed - state of CertificateSigningRequestApproval - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-clusterclasses.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-clusterclasses.cluster.x-k8s.io.yaml deleted file mode 100644 index 900d91415..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-clusterclasses.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,1635 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: clusterclasses.cluster.x-k8s.io -spec: - group: cluster.x-k8s.io - names: - categories: - - cluster-api - kind: ClusterClass - listKind: ClusterClassList - plural: clusterclasses - shortNames: - - cc - singular: clusterclass - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Time duration since creation of ClusterClass - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: ClusterClass is a template which can be used to create managed - topologies. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterClassSpec describes the desired state of the ClusterClass. - properties: - controlPlane: - description: |- - ControlPlane is a reference to a local struct that holds the details - for provisioning the Control Plane for the Cluster. - properties: - machineHealthCheck: - description: |- - MachineHealthCheck defines a MachineHealthCheck for this ControlPlaneClass. - This field is supported if and only if the ControlPlane provider template - referenced above is Machine based and supports setting replicas. - properties: - maxUnhealthy: - anyOf: - - type: integer - - type: string - description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by - "selector" are not healthy. - x-kubernetes-int-or-string: true - nodeStartupTimeout: - description: |- - Machines older than this duration without a node will be considered to have - failed and will be remediated. - If you wish to disable this feature, set the value explicitly to 0. - type: string - remediationTemplate: - description: |- - RemediationTemplate is a reference to a remediation template - provided by an infrastructure provider. - - - This field is completely optional, when filled, the MachineHealthCheck controller - creates a new object from the template referenced and hands off remediation of the machine to - a controller that lives outside of Cluster API. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - unhealthyConditions: - description: |- - UnhealthyConditions contains a list of the conditions that determine - whether a node is considered unhealthy. The conditions are combined in a - logical OR, i.e. if any of the conditions is met, the node is unhealthy. - items: - description: |- - UnhealthyCondition represents a Node condition type and value with a timeout - specified as a duration. When the named condition has been in the given - status for at least the timeout value, a node is considered unhealthy. - properties: - status: - minLength: 1 - type: string - timeout: - type: string - type: - minLength: 1 - type: string - required: - - status - - timeout - - type - type: object - type: array - unhealthyRange: - description: |- - Any further remediation is only allowed if the number of machines selected by "selector" as not healthy - is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. - Eg. "[3-5]" - This means that remediation will be allowed only when: - (a) there are at least 3 unhealthy machines (and) - (b) there are at most 5 unhealthy machines - pattern: ^\[[0-9]+-[0-9]+\]$ - type: string - type: object - machineInfrastructure: - description: |- - MachineInfrastructure defines the metadata and infrastructure information - for control plane machines. - - - This field is supported if and only if the control plane provider template - referenced above is Machine based and supports setting replicas. - properties: - ref: - description: |- - Ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - metadata: - description: |- - Metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane - if the ControlPlaneTemplate referenced is machine based. If not, it is applied only to the - ControlPlane. - At runtime this metadata is merged with the corresponding metadata from the topology. - - - This field is supported if and only if the control plane provider template - referenced is Machine based. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - namingStrategy: - description: NamingStrategy allows changing the naming pattern - used when creating the control plane provider object. - properties: - template: - description: |- - Template defines the template to use for generating the name of the ControlPlane object. - If not defined, it will fallback to `{{ .cluster.name }}-{{ .random }}`. - If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will - get concatenated with a random suffix of length 5. - The templating mechanism provides the following arguments: - * `.cluster.name`: The name of the cluster object. - * `.random`: A random alphanumeric string, without vowels, of length 5. - type: string - type: object - nodeDeletionTimeout: - description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - NOTE: This value can be overridden while defining a Cluster.Topology. - type: string - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - NOTE: This value can be overridden while defining a Cluster.Topology. - type: string - nodeVolumeDetachTimeout: - description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - NOTE: This value can be overridden while defining a Cluster.Topology. - type: string - ref: - description: |- - Ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - infrastructure: - description: |- - Infrastructure is a reference to a provider-specific template that holds - the details for provisioning infrastructure specific cluster - for the underlying provider. - The underlying provider is responsible for the implementation - of the template to an infrastructure cluster. - properties: - ref: - description: |- - Ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - patches: - description: |- - Patches defines the patches which are applied to customize - referenced templates of a ClusterClass. - Note: Patches will be applied in the order of the array. - items: - description: ClusterClassPatch defines a patch which is applied - to customize the referenced templates. - properties: - definitions: - description: |- - Definitions define inline patches. - Note: Patches will be applied in the order of the array. - Note: Exactly one of Definitions or External must be set. - items: - description: PatchDefinition defines a patch which is applied - to customize the referenced templates. - properties: - jsonPatches: - description: |- - JSONPatches defines the patches which should be applied on the templates - matching the selector. - Note: Patches will be applied in the order of the array. - items: - description: JSONPatch defines a JSON patch. - properties: - op: - description: |- - Op defines the operation of the patch. - Note: Only `add`, `replace` and `remove` are supported. - type: string - path: - description: |- - Path defines the path of the patch. - Note: Only the spec of a template can be patched, thus the path has to start with /spec/. - Note: For now the only allowed array modifications are `append` and `prepend`, i.e.: - * for op: `add`: only index 0 (prepend) and - (append) are allowed - * for op: `replace` or `remove`: no indexes are allowed - type: string - value: - description: |- - Value defines the value of the patch. - Note: Either Value or ValueFrom is required for add and replace - operations. Only one of them is allowed to be set at the same time. - Note: We have to use apiextensionsv1.JSON instead of our JSON type, - because controller-tools has a hard-coded schema for apiextensionsv1.JSON - which cannot be produced by another type (unset type field). - Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 - x-kubernetes-preserve-unknown-fields: true - valueFrom: - description: |- - ValueFrom defines the value of the patch. - Note: Either Value or ValueFrom is required for add and replace - operations. Only one of them is allowed to be set at the same time. - properties: - template: - description: |- - Template is the Go template to be used to calculate the value. - A template can reference variables defined in .spec.variables and builtin variables. - Note: The template must evaluate to a valid YAML or JSON value. - type: string - variable: - description: |- - Variable is the variable to be used as value. - Variable can be one of the variables defined in .spec.variables or a builtin variable. - type: string - type: object - required: - - op - - path - type: object - type: array - selector: - description: Selector defines on which templates the patch - should be applied. - properties: - apiVersion: - description: APIVersion filters templates by apiVersion. - type: string - kind: - description: Kind filters templates by kind. - type: string - matchResources: - description: MatchResources selects templates based - on where they are referenced. - properties: - controlPlane: - description: |- - ControlPlane selects templates referenced in .spec.ControlPlane. - Note: this will match the controlPlane and also the controlPlane - machineInfrastructure (depending on the kind and apiVersion). - type: boolean - infrastructureCluster: - description: InfrastructureCluster selects templates - referenced in .spec.infrastructure. - type: boolean - machineDeploymentClass: - description: |- - MachineDeploymentClass selects templates referenced in specific MachineDeploymentClasses in - .spec.workers.machineDeployments. - properties: - names: - description: Names selects templates by class - names. - items: - type: string - type: array - type: object - machinePoolClass: - description: |- - MachinePoolClass selects templates referenced in specific MachinePoolClasses in - .spec.workers.machinePools. - properties: - names: - description: Names selects templates by class - names. - items: - type: string - type: array - type: object - type: object - required: - - apiVersion - - kind - - matchResources - type: object - required: - - jsonPatches - - selector - type: object - type: array - description: - description: Description is a human-readable description of - this patch. - type: string - enabledIf: - description: |- - EnabledIf is a Go template to be used to calculate if a patch should be enabled. - It can reference variables defined in .spec.variables and builtin variables. - The patch will be enabled if the template evaluates to `true`, otherwise it will - be disabled. - If EnabledIf is not set, the patch will be enabled per default. - type: string - external: - description: |- - External defines an external patch. - Note: Exactly one of Definitions or External must be set. - properties: - discoverVariablesExtension: - description: DiscoverVariablesExtension references an extension - which is called to discover variables. - type: string - generateExtension: - description: GenerateExtension references an extension which - is called to generate patches. - type: string - settings: - additionalProperties: - type: string - description: |- - Settings defines key value pairs to be passed to the extensions. - Values defined here take precedence over the values defined in the - corresponding ExtensionConfig. - type: object - validateExtension: - description: ValidateExtension references an extension which - is called to validate the topology. - type: string - type: object - name: - description: Name of the patch. - type: string - required: - - name - type: object - type: array - variables: - description: |- - Variables defines the variables which can be configured - in the Cluster topology and are then used in patches. - items: - description: |- - ClusterClassVariable defines a variable which can - be configured in the Cluster topology and used in patches. - properties: - metadata: - description: |- - Metadata is the metadata of a variable. - It can be used to add additional data for higher level tools to - a ClusterClassVariable. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map that can be used to store and - retrieve arbitrary metadata. - They are not queryable. - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) variables. - type: object - type: object - name: - description: Name of the variable. - type: string - required: - description: |- - Required specifies if the variable is required. - Note: this applies to the variable as a whole and thus the - top-level object defined in the schema. If nested fields are - required, this will be specified inside the schema. - type: boolean - schema: - description: Schema defines the schema of the variable. - properties: - openAPIV3Schema: - description: |- - OpenAPIV3Schema defines the schema of a variable via OpenAPI v3 - schema. The schema is a subset of the schema used in - Kubernetes CRDs. - properties: - additionalProperties: - description: |- - AdditionalProperties specifies the schema of values in a map (keys are always strings). - NOTE: Can only be set if type is object. - NOTE: AdditionalProperties is mutually exclusive with Properties. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - default: - description: |- - Default is the default value of the variable. - NOTE: Can be set for all types. - x-kubernetes-preserve-unknown-fields: true - description: - description: Description is a human-readable description - of this variable. - type: string - enum: - description: |- - Enum is the list of valid values of the variable. - NOTE: Can be set for all types. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - example: - description: Example is an example for this variable. - x-kubernetes-preserve-unknown-fields: true - exclusiveMaximum: - description: |- - ExclusiveMaximum specifies if the Maximum is exclusive. - NOTE: Can only be set if type is integer or number. - type: boolean - exclusiveMinimum: - description: |- - ExclusiveMinimum specifies if the Minimum is exclusive. - NOTE: Can only be set if type is integer or number. - type: boolean - format: - description: |- - Format is an OpenAPI v3 format string. Unknown formats are ignored. - For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using) - https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go - NOTE: Can only be set if type is string. - type: string - items: - description: |- - Items specifies fields of an array. - NOTE: Can only be set if type is array. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - maxItems: - description: |- - MaxItems is the max length of an array variable. - NOTE: Can only be set if type is array. - format: int64 - type: integer - maxLength: - description: |- - MaxLength is the max length of a string variable. - NOTE: Can only be set if type is string. - format: int64 - type: integer - maximum: - description: |- - Maximum is the maximum of an integer or number variable. - If ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum. - If ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum. - NOTE: Can only be set if type is integer or number. - format: int64 - type: integer - minItems: - description: |- - MinItems is the min length of an array variable. - NOTE: Can only be set if type is array. - format: int64 - type: integer - minLength: - description: |- - MinLength is the min length of a string variable. - NOTE: Can only be set if type is string. - format: int64 - type: integer - minimum: - description: |- - Minimum is the minimum of an integer or number variable. - If ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum. - If ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum. - NOTE: Can only be set if type is integer or number. - format: int64 - type: integer - pattern: - description: |- - Pattern is the regex which a string variable must match. - NOTE: Can only be set if type is string. - type: string - properties: - description: |- - Properties specifies fields of an object. - NOTE: Can only be set if type is object. - NOTE: Properties is mutually exclusive with AdditionalProperties. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - required: - description: |- - Required specifies which fields of an object are required. - NOTE: Can only be set if type is object. - items: - type: string - type: array - type: - description: |- - Type is the type of the variable. - Valid values are: object, array, string, integer, number or boolean. - type: string - uniqueItems: - description: |- - UniqueItems specifies if items in an array must be unique. - NOTE: Can only be set if type is array. - type: boolean - x-kubernetes-preserve-unknown-fields: - description: |- - XPreserveUnknownFields allows setting fields in a variable object - which are not defined in the variable schema. This affects fields recursively, - except if nested properties or additionalProperties are specified in the schema. - type: boolean - required: - - type - type: object - required: - - openAPIV3Schema - type: object - required: - - name - - required - - schema - type: object - type: array - workers: - description: |- - Workers describes the worker nodes for the cluster. - It is a collection of node types which can be used to create - the worker nodes of the cluster. - properties: - machineDeployments: - description: |- - MachineDeployments is a list of machine deployment classes that can be used to create - a set of worker nodes. - items: - description: |- - MachineDeploymentClass serves as a template to define a set of worker nodes of the cluster - provisioned using the `ClusterClass`. - properties: - class: - description: |- - Class denotes a type of worker node present in the cluster, - this name MUST be unique within a ClusterClass and can be referenced - in the Cluster to create a managed MachineDeployment. - type: string - failureDomain: - description: |- - FailureDomain is the failure domain the machines will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. - type: string - machineHealthCheck: - description: MachineHealthCheck defines a MachineHealthCheck - for this MachineDeploymentClass. - properties: - maxUnhealthy: - anyOf: - - type: integer - - type: string - description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by - "selector" are not healthy. - x-kubernetes-int-or-string: true - nodeStartupTimeout: - description: |- - Machines older than this duration without a node will be considered to have - failed and will be remediated. - If you wish to disable this feature, set the value explicitly to 0. - type: string - remediationTemplate: - description: |- - RemediationTemplate is a reference to a remediation template - provided by an infrastructure provider. - - - This field is completely optional, when filled, the MachineHealthCheck controller - creates a new object from the template referenced and hands off remediation of the machine to - a controller that lives outside of Cluster API. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - unhealthyConditions: - description: |- - UnhealthyConditions contains a list of the conditions that determine - whether a node is considered unhealthy. The conditions are combined in a - logical OR, i.e. if any of the conditions is met, the node is unhealthy. - items: - description: |- - UnhealthyCondition represents a Node condition type and value with a timeout - specified as a duration. When the named condition has been in the given - status for at least the timeout value, a node is considered unhealthy. - properties: - status: - minLength: 1 - type: string - timeout: - type: string - type: - minLength: 1 - type: string - required: - - status - - timeout - - type - type: object - type: array - unhealthyRange: - description: |- - Any further remediation is only allowed if the number of machines selected by "selector" as not healthy - is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. - Eg. "[3-5]" - This means that remediation will be allowed only when: - (a) there are at least 3 unhealthy machines (and) - (b) there are at most 5 unhealthy machines - pattern: ^\[[0-9]+-[0-9]+\]$ - type: string - type: object - minReadySeconds: - description: |- - Minimum number of seconds for which a newly created machine should - be ready. - Defaults to 0 (machine will be considered available as soon as it - is ready) - NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. - format: int32 - type: integer - namingStrategy: - description: NamingStrategy allows changing the naming pattern - used when creating the MachineDeployment. - properties: - template: - description: |- - Template defines the template to use for generating the name of the MachineDeployment object. - If not defined, it will fallback to `{{ .cluster.name }}-{{ .machineDeployment.topologyName }}-{{ .random }}`. - If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will - get concatenated with a random suffix of length 5. - The templating mechanism provides the following arguments: - * `.cluster.name`: The name of the cluster object. - * `.random`: A random alphanumeric string, without vowels, of length 5. - * `.machineDeployment.topologyName`: The name of the MachineDeployment topology (Cluster.spec.topology.workers.machineDeployments[].name). - type: string - type: object - nodeDeletionTimeout: - description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. - type: string - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. - type: string - nodeVolumeDetachTimeout: - description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. - type: string - strategy: - description: |- - The deployment strategy to use to replace existing machines with - new ones. - NOTE: This value can be overridden while defining a Cluster.Topology using this MachineDeploymentClass. - properties: - rollingUpdate: - description: |- - Rolling update config params. Present only if - MachineDeploymentStrategyType = RollingUpdate. - properties: - deletePolicy: - description: |- - DeletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. - Valid values are "Random, "Newest", "Oldest" - When no value is supplied, the default DeletePolicy of MachineSet is used - enum: - - Random - - Newest - - Oldest - type: string - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be scheduled above the - desired number of machines. - Value can be an absolute number (ex: 5) or a percentage of - desired machines (ex: 10%). - This can not be 0 if MaxUnavailable is 0. - Absolute number is calculated from percentage by rounding up. - Defaults to 1. - Example: when this is set to 30%, the new MachineSet can be scaled - up immediately when the rolling update starts, such that the total - number of old and new machines do not exceed 130% of desired - machines. Once old machines have been killed, new MachineSet can - be scaled up further, ensuring that total number of machines running - at any time during the update is at most 130% of desired machines. - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of desired - machines (ex: 10%). - Absolute number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. - Defaults to 0. - Example: when this is set to 30%, the old MachineSet can be scaled - down to 70% of desired machines immediately when the rolling update - starts. Once new machines are ready, old MachineSet can be scaled - down further, followed by scaling up the new MachineSet, ensuring - that the total number of machines available at all times - during the update is at least 70% of desired machines. - x-kubernetes-int-or-string: true - type: object - type: - description: |- - Type of deployment. Allowed values are RollingUpdate and OnDelete. - The default is RollingUpdate. - enum: - - RollingUpdate - - OnDelete - type: string - type: object - template: - description: |- - Template is a local struct containing a collection of templates for creation of - MachineDeployment objects representing a set of worker nodes. - properties: - bootstrap: - description: |- - Bootstrap contains the bootstrap template reference to be used - for the creation of worker Machines. - properties: - ref: - description: |- - Ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - infrastructure: - description: |- - Infrastructure contains the infrastructure template reference to be used - for the creation of worker Machines. - properties: - ref: - description: |- - Ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - metadata: - description: |- - Metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. - At runtime this metadata is merged with the corresponding metadata from the topology. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - required: - - bootstrap - - infrastructure - type: object - required: - - class - - template - type: object - type: array - machinePools: - description: |- - MachinePools is a list of machine pool classes that can be used to create - a set of worker nodes. - items: - description: |- - MachinePoolClass serves as a template to define a pool of worker nodes of the cluster - provisioned using `ClusterClass`. - properties: - class: - description: |- - Class denotes a type of machine pool present in the cluster, - this name MUST be unique within a ClusterClass and can be referenced - in the Cluster to create a managed MachinePool. - type: string - failureDomains: - description: |- - FailureDomains is the list of failure domains the MachinePool should be attached to. - Must match a key in the FailureDomains map stored on the cluster object. - NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. - items: - type: string - type: array - minReadySeconds: - description: |- - Minimum number of seconds for which a newly created machine pool should - be ready. - Defaults to 0 (machine will be considered available as soon as it - is ready) - NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. - format: int32 - type: integer - namingStrategy: - description: NamingStrategy allows changing the naming pattern - used when creating the MachinePool. - properties: - template: - description: |- - Template defines the template to use for generating the name of the MachinePool object. - If not defined, it will fallback to `{{ .cluster.name }}-{{ .machinePool.topologyName }}-{{ .random }}`. - If the templated string exceeds 63 characters, it will be trimmed to 58 characters and will - get concatenated with a random suffix of length 5. - The templating mechanism provides the following arguments: - * `.cluster.name`: The name of the cluster object. - * `.random`: A random alphanumeric string, without vowels, of length 5. - * `.machinePool.topologyName`: The name of the MachinePool topology (Cluster.spec.topology.workers.machinePools[].name). - type: string - type: object - nodeDeletionTimeout: - description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine Pool is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. - type: string - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. - type: string - nodeVolumeDetachTimeout: - description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - NOTE: This value can be overridden while defining a Cluster.Topology using this MachinePoolClass. - type: string - template: - description: |- - Template is a local struct containing a collection of templates for creation of - MachinePools objects representing a pool of worker nodes. - properties: - bootstrap: - description: |- - Bootstrap contains the bootstrap template reference to be used - for the creation of the Machines in the MachinePool. - properties: - ref: - description: |- - Ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - infrastructure: - description: |- - Infrastructure contains the infrastructure template reference to be used - for the creation of the MachinePool. - properties: - ref: - description: |- - Ref is a required reference to a custom resource - offered by a provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - ref - type: object - metadata: - description: |- - Metadata is the metadata applied to the MachinePool. - At runtime this metadata is merged with the corresponding metadata from the topology. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - required: - - bootstrap - - infrastructure - type: object - required: - - class - - template - type: object - type: array - type: object - type: object - status: - description: ClusterClassStatus defines the observed state of the ClusterClass. - properties: - conditions: - description: Conditions defines current observed state of the ClusterClass. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - variables: - description: Variables is a list of ClusterClassStatusVariable that - are defined for the ClusterClass. - items: - description: ClusterClassStatusVariable defines a variable which - appears in the status of a ClusterClass. - properties: - definitions: - description: Definitions is a list of definitions for a variable. - items: - description: ClusterClassStatusVariableDefinition defines - a variable which appears in the status of a ClusterClass. - properties: - from: - description: |- - From specifies the origin of the variable definition. - This will be `inline` for variables defined in the ClusterClass or the name of a patch defined in the ClusterClass - for variables discovered from a DiscoverVariables runtime extensions. - type: string - metadata: - description: |- - Metadata is the metadata of a variable. - It can be used to add additional data for higher level tools to - a ClusterClassVariable. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map that can be used to store and - retrieve arbitrary metadata. - They are not queryable. - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) variables. - type: object - type: object - required: - description: |- - Required specifies if the variable is required. - Note: this applies to the variable as a whole and thus the - top-level object defined in the schema. If nested fields are - required, this will be specified inside the schema. - type: boolean - schema: - description: Schema defines the schema of the variable. - properties: - openAPIV3Schema: - description: |- - OpenAPIV3Schema defines the schema of a variable via OpenAPI v3 - schema. The schema is a subset of the schema used in - Kubernetes CRDs. - properties: - additionalProperties: - description: |- - AdditionalProperties specifies the schema of values in a map (keys are always strings). - NOTE: Can only be set if type is object. - NOTE: AdditionalProperties is mutually exclusive with Properties. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - default: - description: |- - Default is the default value of the variable. - NOTE: Can be set for all types. - x-kubernetes-preserve-unknown-fields: true - description: - description: Description is a human-readable description - of this variable. - type: string - enum: - description: |- - Enum is the list of valid values of the variable. - NOTE: Can be set for all types. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - example: - description: Example is an example for this variable. - x-kubernetes-preserve-unknown-fields: true - exclusiveMaximum: - description: |- - ExclusiveMaximum specifies if the Maximum is exclusive. - NOTE: Can only be set if type is integer or number. - type: boolean - exclusiveMinimum: - description: |- - ExclusiveMinimum specifies if the Minimum is exclusive. - NOTE: Can only be set if type is integer or number. - type: boolean - format: - description: |- - Format is an OpenAPI v3 format string. Unknown formats are ignored. - For a list of supported formats please see: (of the k8s.io/apiextensions-apiserver version we're currently using) - https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apiserver/validation/formats.go - NOTE: Can only be set if type is string. - type: string - items: - description: |- - Items specifies fields of an array. - NOTE: Can only be set if type is array. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - maxItems: - description: |- - MaxItems is the max length of an array variable. - NOTE: Can only be set if type is array. - format: int64 - type: integer - maxLength: - description: |- - MaxLength is the max length of a string variable. - NOTE: Can only be set if type is string. - format: int64 - type: integer - maximum: - description: |- - Maximum is the maximum of an integer or number variable. - If ExclusiveMaximum is false, the variable is valid if it is lower than, or equal to, the value of Maximum. - If ExclusiveMaximum is true, the variable is valid if it is strictly lower than the value of Maximum. - NOTE: Can only be set if type is integer or number. - format: int64 - type: integer - minItems: - description: |- - MinItems is the min length of an array variable. - NOTE: Can only be set if type is array. - format: int64 - type: integer - minLength: - description: |- - MinLength is the min length of a string variable. - NOTE: Can only be set if type is string. - format: int64 - type: integer - minimum: - description: |- - Minimum is the minimum of an integer or number variable. - If ExclusiveMinimum is false, the variable is valid if it is greater than, or equal to, the value of Minimum. - If ExclusiveMinimum is true, the variable is valid if it is strictly greater than the value of Minimum. - NOTE: Can only be set if type is integer or number. - format: int64 - type: integer - pattern: - description: |- - Pattern is the regex which a string variable must match. - NOTE: Can only be set if type is string. - type: string - properties: - description: |- - Properties specifies fields of an object. - NOTE: Can only be set if type is object. - NOTE: Properties is mutually exclusive with AdditionalProperties. - NOTE: This field uses PreserveUnknownFields and Schemaless, - because recursive validation is not possible. - x-kubernetes-preserve-unknown-fields: true - required: - description: |- - Required specifies which fields of an object are required. - NOTE: Can only be set if type is object. - items: - type: string - type: array - type: - description: |- - Type is the type of the variable. - Valid values are: object, array, string, integer, number or boolean. - type: string - uniqueItems: - description: |- - UniqueItems specifies if items in an array must be unique. - NOTE: Can only be set if type is array. - type: boolean - x-kubernetes-preserve-unknown-fields: - description: |- - XPreserveUnknownFields allows setting fields in a variable object - which are not defined in the variable schema. This affects fields recursively, - except if nested properties or additionalProperties are specified in the schema. - type: boolean - required: - - type - type: object - required: - - openAPIV3Schema - type: object - required: - - from - - required - - schema - type: object - type: array - definitionsConflict: - description: DefinitionsConflict specifies whether or not there - are conflicting definitions for a single variable name. - type: boolean - name: - description: Name is the name of the variable. - type: string - required: - - definitions - - name - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-clusterresourcesetbindings.addons.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-clusterresourcesetbindings.addons.cluster.x-k8s.io.yaml deleted file mode 100644 index a87670506..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-clusterresourcesetbindings.addons.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,121 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: clusterresourcesetbindings.addons.cluster.x-k8s.io -spec: - group: addons.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: ClusterResourceSetBinding - listKind: ClusterResourceSetBindingList - plural: clusterresourcesetbindings - singular: clusterresourcesetbinding - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Time duration since creation of ClusterResourceSetBinding - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: ClusterResourceSetBinding lists all matching ClusterResourceSets - with the cluster it belongs to. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterResourceSetBindingSpec defines the desired state of - ClusterResourceSetBinding. - properties: - bindings: - description: Bindings is a list of ClusterResourceSets and their resources. - items: - description: ResourceSetBinding keeps info on all of the resources - in a ClusterResourceSet. - properties: - clusterResourceSetName: - description: ClusterResourceSetName is the name of the ClusterResourceSet - that is applied to the owner cluster of the binding. - type: string - resources: - description: Resources is a list of resources that the ClusterResourceSet - has. - items: - description: ResourceBinding shows the status of a resource - that belongs to a ClusterResourceSet matched by the owner - cluster of the ClusterResourceSetBinding object. - properties: - applied: - description: Applied is to track if a resource is applied - to the cluster or not. - type: boolean - hash: - description: |- - Hash is the hash of a resource's data. This can be used to decide if a resource is changed. - For "ApplyOnce" ClusterResourceSet.spec.strategy, this is no-op as that strategy does not act on change. - type: string - kind: - description: 'Kind of the resource. Supported kinds are: - Secrets and ConfigMaps.' - enum: - - Secret - - ConfigMap - type: string - lastAppliedTime: - description: LastAppliedTime identifies when this resource - was last applied to the cluster. - format: date-time - type: string - name: - description: Name of the resource that is in the same - namespace with ClusterResourceSet object. - minLength: 1 - type: string - required: - - applied - - kind - - name - type: object - type: array - required: - - clusterResourceSetName - type: object - type: array - clusterName: - description: |- - ClusterName is the name of the Cluster this binding applies to. - Note: this field mandatory in v1beta2. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-clusterresourcesets.addons.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-clusterresourcesets.addons.cluster.x-k8s.io.yaml deleted file mode 100644 index 6be48a1a5..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-clusterresourcesets.addons.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,197 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: clusterresourcesets.addons.cluster.x-k8s.io -spec: - group: addons.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: ClusterResourceSet - listKind: ClusterResourceSetList - plural: clusterresourcesets - singular: clusterresourceset - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Time duration since creation of ClusterResourceSet - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: ClusterResourceSet is the Schema for the clusterresourcesets - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterResourceSetSpec defines the desired state of ClusterResourceSet. - properties: - clusterSelector: - description: |- - Label selector for Clusters. The Clusters that are - selected by this will be the ones affected by this ClusterResourceSet. - It must match the Cluster labels. This field is immutable. - Label selector cannot be empty. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - resources: - description: Resources is a list of Secrets/ConfigMaps where each - contains 1 or more resources to be applied to remote clusters. - items: - description: ResourceRef specifies a resource. - properties: - kind: - description: 'Kind of the resource. Supported kinds are: Secrets - and ConfigMaps.' - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the resource that is in the same namespace - with ClusterResourceSet object. - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - strategy: - description: Strategy is the strategy to be used during applying resources. - Defaults to ApplyOnce. This field is immutable. - enum: - - ApplyOnce - - Reconcile - type: string - required: - - clusterSelector - type: object - status: - description: ClusterResourceSetStatus defines the observed state of ClusterResourceSet. - properties: - conditions: - description: Conditions defines current state of the ClusterResourceSet. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration reflects the generation of the most - recently observed ClusterResourceSet. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-clusters.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-clusters.cluster.x-k8s.io.yaml deleted file mode 100644 index 20168a0f3..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-clusters.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,1000 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: clusters.cluster.x-k8s.io -spec: - group: cluster.x-k8s.io - names: - categories: - - cluster-api - kind: Cluster - listKind: ClusterList - plural: clusters - shortNames: - - cl - singular: cluster - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: ClusterClass of this Cluster, empty if the Cluster is not using - a ClusterClass - jsonPath: .spec.topology.class - name: ClusterClass - type: string - - description: Cluster status such as Pending/Provisioning/Provisioned/Deleting/Failed - jsonPath: .status.phase - name: Phase - type: string - - description: Time duration since creation of Cluster - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Kubernetes version associated with this Cluster - jsonPath: .spec.topology.version - name: Version - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: Cluster is the Schema for the clusters API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterSpec defines the desired state of Cluster. - properties: - clusterNetwork: - description: Cluster network configuration. - properties: - apiServerPort: - description: |- - APIServerPort specifies the port the API Server should bind to. - Defaults to 6443. - format: int32 - type: integer - pods: - description: The network ranges from which Pod networks are allocated. - properties: - cidrBlocks: - items: - type: string - type: array - required: - - cidrBlocks - type: object - serviceDomain: - description: Domain name for services. - type: string - services: - description: The network ranges from which service VIPs are allocated. - properties: - cidrBlocks: - items: - type: string - type: array - required: - - cidrBlocks - type: object - type: object - controlPlaneEndpoint: - description: ControlPlaneEndpoint represents the endpoint used to - communicate with the control plane. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - controlPlaneRef: - description: |- - ControlPlaneRef is an optional reference to a provider-specific resource that holds - the details for provisioning the Control Plane for a Cluster. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - infrastructureRef: - description: |- - InfrastructureRef is a reference to a provider-specific resource that holds the details - for provisioning infrastructure for a cluster in said provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - paused: - description: Paused can be used to prevent controllers from processing - the Cluster and all its associated objects. - type: boolean - topology: - description: |- - This encapsulates the topology for the cluster. - NOTE: It is required to enable the ClusterTopology - feature gate flag to activate managed topologies support; - this feature is highly experimental, and parts of it might still be not implemented. - properties: - class: - description: The name of the ClusterClass object to create the - topology. - type: string - controlPlane: - description: ControlPlane describes the cluster control plane. - properties: - machineHealthCheck: - description: |- - MachineHealthCheck allows to enable, disable and override - the MachineHealthCheck configuration in the ClusterClass for this control plane. - properties: - enable: - description: |- - Enable controls if a MachineHealthCheck should be created for the target machines. - - - If false: No MachineHealthCheck will be created. - - - If not set(default): A MachineHealthCheck will be created if it is defined here or - in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created. - - - If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will - block if `enable` is true and no MachineHealthCheck definition is available. - type: boolean - maxUnhealthy: - anyOf: - - type: integer - - type: string - description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by - "selector" are not healthy. - x-kubernetes-int-or-string: true - nodeStartupTimeout: - description: |- - Machines older than this duration without a node will be considered to have - failed and will be remediated. - If you wish to disable this feature, set the value explicitly to 0. - type: string - remediationTemplate: - description: |- - RemediationTemplate is a reference to a remediation template - provided by an infrastructure provider. - - - This field is completely optional, when filled, the MachineHealthCheck controller - creates a new object from the template referenced and hands off remediation of the machine to - a controller that lives outside of Cluster API. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - unhealthyConditions: - description: |- - UnhealthyConditions contains a list of the conditions that determine - whether a node is considered unhealthy. The conditions are combined in a - logical OR, i.e. if any of the conditions is met, the node is unhealthy. - items: - description: |- - UnhealthyCondition represents a Node condition type and value with a timeout - specified as a duration. When the named condition has been in the given - status for at least the timeout value, a node is considered unhealthy. - properties: - status: - minLength: 1 - type: string - timeout: - type: string - type: - minLength: 1 - type: string - required: - - status - - timeout - - type - type: object - type: array - unhealthyRange: - description: |- - Any further remediation is only allowed if the number of machines selected by "selector" as not healthy - is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. - Eg. "[3-5]" - This means that remediation will be allowed only when: - (a) there are at least 3 unhealthy machines (and) - (b) there are at most 5 unhealthy machines - pattern: ^\[[0-9]+-[0-9]+\]$ - type: string - type: object - metadata: - description: |- - Metadata is the metadata applied to the ControlPlane and the Machines of the ControlPlane - if the ControlPlaneTemplate referenced by the ClusterClass is machine based. If not, it - is applied only to the ControlPlane. - At runtime this metadata is merged with the corresponding metadata from the ClusterClass. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - nodeDeletionTimeout: - description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - type: string - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - nodeVolumeDetachTimeout: - description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - type: string - replicas: - description: |- - Replicas is the number of control plane nodes. - If the value is nil, the ControlPlane object is created without the number of Replicas - and it's assumed that the control plane controller does not implement support for this field. - When specified against a control plane provider that lacks support for this field, this value will be ignored. - format: int32 - type: integer - type: object - rolloutAfter: - description: |- - RolloutAfter performs a rollout of the entire cluster one component at a time, - control plane first and then machine deployments. - - - Deprecated: This field has no function and is going to be removed in the next apiVersion. - format: date-time - type: string - variables: - description: |- - Variables can be used to customize the Cluster through - patches. They must comply to the corresponding - VariableClasses defined in the ClusterClass. - items: - description: |- - ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a - Variable definition in the ClusterClass `status` variables. - properties: - definitionFrom: - description: |- - DefinitionFrom specifies where the definition of this Variable is from. DefinitionFrom is `inline` when the - definition is from the ClusterClass `.spec.variables` or the name of a patch defined in the ClusterClass - `.spec.patches` where the patch is external and provides external variables. - This field is mandatory if the variable has `DefinitionsConflict: true` in ClusterClass `status.variables[]` - type: string - name: - description: Name of the variable. - type: string - value: - description: |- - Value of the variable. - Note: the value will be validated against the schema of the corresponding ClusterClassVariable - from the ClusterClass. - Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a - hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, - i.e. it is not possible to have no type field. - Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 - x-kubernetes-preserve-unknown-fields: true - required: - - name - - value - type: object - type: array - version: - description: The Kubernetes version of the cluster. - type: string - workers: - description: |- - Workers encapsulates the different constructs that form the worker nodes - for the cluster. - properties: - machineDeployments: - description: MachineDeployments is a list of machine deployments - in the cluster. - items: - description: |- - MachineDeploymentTopology specifies the different parameters for a set of worker nodes in the topology. - This set of nodes is managed by a MachineDeployment object whose lifecycle is managed by the Cluster controller. - properties: - class: - description: |- - Class is the name of the MachineDeploymentClass used to create the set of worker nodes. - This should match one of the deployment classes defined in the ClusterClass object - mentioned in the `Cluster.Spec.Class` field. - type: string - failureDomain: - description: |- - FailureDomain is the failure domain the machines will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - machineHealthCheck: - description: |- - MachineHealthCheck allows to enable, disable and override - the MachineHealthCheck configuration in the ClusterClass for this MachineDeployment. - properties: - enable: - description: |- - Enable controls if a MachineHealthCheck should be created for the target machines. - - - If false: No MachineHealthCheck will be created. - - - If not set(default): A MachineHealthCheck will be created if it is defined here or - in the associated ClusterClass. If no MachineHealthCheck is defined then none will be created. - - - If true: A MachineHealthCheck is guaranteed to be created. Cluster validation will - block if `enable` is true and no MachineHealthCheck definition is available. - type: boolean - maxUnhealthy: - anyOf: - - type: integer - - type: string - description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by - "selector" are not healthy. - x-kubernetes-int-or-string: true - nodeStartupTimeout: - description: |- - Machines older than this duration without a node will be considered to have - failed and will be remediated. - If you wish to disable this feature, set the value explicitly to 0. - type: string - remediationTemplate: - description: |- - RemediationTemplate is a reference to a remediation template - provided by an infrastructure provider. - - - This field is completely optional, when filled, the MachineHealthCheck controller - creates a new object from the template referenced and hands off remediation of the machine to - a controller that lives outside of Cluster API. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - unhealthyConditions: - description: |- - UnhealthyConditions contains a list of the conditions that determine - whether a node is considered unhealthy. The conditions are combined in a - logical OR, i.e. if any of the conditions is met, the node is unhealthy. - items: - description: |- - UnhealthyCondition represents a Node condition type and value with a timeout - specified as a duration. When the named condition has been in the given - status for at least the timeout value, a node is considered unhealthy. - properties: - status: - minLength: 1 - type: string - timeout: - type: string - type: - minLength: 1 - type: string - required: - - status - - timeout - - type - type: object - type: array - unhealthyRange: - description: |- - Any further remediation is only allowed if the number of machines selected by "selector" as not healthy - is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. - Eg. "[3-5]" - This means that remediation will be allowed only when: - (a) there are at least 3 unhealthy machines (and) - (b) there are at most 5 unhealthy machines - pattern: ^\[[0-9]+-[0-9]+\]$ - type: string - type: object - metadata: - description: |- - Metadata is the metadata applied to the MachineDeployment and the machines of the MachineDeployment. - At runtime this metadata is merged with the corresponding metadata from the ClusterClass. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - minReadySeconds: - description: |- - Minimum number of seconds for which a newly created machine should - be ready. - Defaults to 0 (machine will be considered available as soon as it - is ready) - format: int32 - type: integer - name: - description: |- - Name is the unique identifier for this MachineDeploymentTopology. - The value is used with other unique identifiers to create a MachineDeployment's Name - (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length, - the values are hashed together. - type: string - nodeDeletionTimeout: - description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - type: string - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - nodeVolumeDetachTimeout: - description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - type: string - replicas: - description: |- - Replicas is the number of worker nodes belonging to this set. - If the value is nil, the MachineDeployment is created without the number of Replicas (defaulting to 1) - and it's assumed that an external entity (like cluster autoscaler) is responsible for the management - of this value. - format: int32 - type: integer - strategy: - description: |- - The deployment strategy to use to replace existing machines with - new ones. - properties: - rollingUpdate: - description: |- - Rolling update config params. Present only if - MachineDeploymentStrategyType = RollingUpdate. - properties: - deletePolicy: - description: |- - DeletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. - Valid values are "Random, "Newest", "Oldest" - When no value is supplied, the default DeletePolicy of MachineSet is used - enum: - - Random - - Newest - - Oldest - type: string - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be scheduled above the - desired number of machines. - Value can be an absolute number (ex: 5) or a percentage of - desired machines (ex: 10%). - This can not be 0 if MaxUnavailable is 0. - Absolute number is calculated from percentage by rounding up. - Defaults to 1. - Example: when this is set to 30%, the new MachineSet can be scaled - up immediately when the rolling update starts, such that the total - number of old and new machines do not exceed 130% of desired - machines. Once old machines have been killed, new MachineSet can - be scaled up further, ensuring that total number of machines running - at any time during the update is at most 130% of desired machines. - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of desired - machines (ex: 10%). - Absolute number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. - Defaults to 0. - Example: when this is set to 30%, the old MachineSet can be scaled - down to 70% of desired machines immediately when the rolling update - starts. Once new machines are ready, old MachineSet can be scaled - down further, followed by scaling up the new MachineSet, ensuring - that the total number of machines available at all times - during the update is at least 70% of desired machines. - x-kubernetes-int-or-string: true - type: object - type: - description: |- - Type of deployment. Allowed values are RollingUpdate and OnDelete. - The default is RollingUpdate. - enum: - - RollingUpdate - - OnDelete - type: string - type: object - variables: - description: Variables can be used to customize the - MachineDeployment through patches. - properties: - overrides: - description: Overrides can be used to override Cluster - level variables. - items: - description: |- - ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a - Variable definition in the ClusterClass `status` variables. - properties: - definitionFrom: - description: |- - DefinitionFrom specifies where the definition of this Variable is from. DefinitionFrom is `inline` when the - definition is from the ClusterClass `.spec.variables` or the name of a patch defined in the ClusterClass - `.spec.patches` where the patch is external and provides external variables. - This field is mandatory if the variable has `DefinitionsConflict: true` in ClusterClass `status.variables[]` - type: string - name: - description: Name of the variable. - type: string - value: - description: |- - Value of the variable. - Note: the value will be validated against the schema of the corresponding ClusterClassVariable - from the ClusterClass. - Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a - hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, - i.e. it is not possible to have no type field. - Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 - x-kubernetes-preserve-unknown-fields: true - required: - - name - - value - type: object - type: array - type: object - required: - - class - - name - type: object - type: array - machinePools: - description: MachinePools is a list of machine pools in the - cluster. - items: - description: |- - MachinePoolTopology specifies the different parameters for a pool of worker nodes in the topology. - This pool of nodes is managed by a MachinePool object whose lifecycle is managed by the Cluster controller. - properties: - class: - description: |- - Class is the name of the MachinePoolClass used to create the pool of worker nodes. - This should match one of the deployment classes defined in the ClusterClass object - mentioned in the `Cluster.Spec.Class` field. - type: string - failureDomains: - description: |- - FailureDomains is the list of failure domains the machine pool will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - items: - type: string - type: array - metadata: - description: |- - Metadata is the metadata applied to the MachinePool. - At runtime this metadata is merged with the corresponding metadata from the ClusterClass. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - minReadySeconds: - description: |- - Minimum number of seconds for which a newly created machine pool should - be ready. - Defaults to 0 (machine will be considered available as soon as it - is ready) - format: int32 - type: integer - name: - description: |- - Name is the unique identifier for this MachinePoolTopology. - The value is used with other unique identifiers to create a MachinePool's Name - (e.g. cluster's name, etc). In case the name is greater than the allowed maximum length, - the values are hashed together. - type: string - nodeDeletionTimeout: - description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the MachinePool - hosts after the MachinePool is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - type: string - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - nodeVolumeDetachTimeout: - description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - type: string - replicas: - description: |- - Replicas is the number of nodes belonging to this pool. - If the value is nil, the MachinePool is created without the number of Replicas (defaulting to 1) - and it's assumed that an external entity (like cluster autoscaler) is responsible for the management - of this value. - format: int32 - type: integer - variables: - description: Variables can be used to customize the - MachinePool through patches. - properties: - overrides: - description: Overrides can be used to override Cluster - level variables. - items: - description: |- - ClusterVariable can be used to customize the Cluster through patches. Each ClusterVariable is associated with a - Variable definition in the ClusterClass `status` variables. - properties: - definitionFrom: - description: |- - DefinitionFrom specifies where the definition of this Variable is from. DefinitionFrom is `inline` when the - definition is from the ClusterClass `.spec.variables` or the name of a patch defined in the ClusterClass - `.spec.patches` where the patch is external and provides external variables. - This field is mandatory if the variable has `DefinitionsConflict: true` in ClusterClass `status.variables[]` - type: string - name: - description: Name of the variable. - type: string - value: - description: |- - Value of the variable. - Note: the value will be validated against the schema of the corresponding ClusterClassVariable - from the ClusterClass. - Note: We have to use apiextensionsv1.JSON instead of a custom JSON type, because controller-tools has a - hard-coded schema for apiextensionsv1.JSON which cannot be produced by another type via controller-tools, - i.e. it is not possible to have no type field. - Ref: https://github.com/kubernetes-sigs/controller-tools/blob/d0e03a142d0ecdd5491593e941ee1d6b5d91dba6/pkg/crd/known_types.go#L106-L111 - x-kubernetes-preserve-unknown-fields: true - required: - - name - - value - type: object - type: array - type: object - required: - - class - - name - type: object - type: array - type: object - required: - - class - - version - type: object - type: object - status: - description: ClusterStatus defines the observed state of Cluster. - properties: - conditions: - description: Conditions defines current service state of the cluster. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - controlPlaneReady: - description: ControlPlaneReady defines if the control plane is ready. - type: boolean - failureDomains: - additionalProperties: - description: |- - FailureDomainSpec is the Schema for Cluster API failure domains. - It allows controllers to understand how many failure domains a cluster can optionally span across. - properties: - attributes: - additionalProperties: - type: string - description: Attributes is a free form map of attributes an - infrastructure provider might use or require. - type: object - controlPlane: - description: ControlPlane determines if this failure domain - is suitable for use by control plane machines. - type: boolean - type: object - description: FailureDomains is a slice of failure domain objects synced - from the infrastructure provider. - type: object - failureMessage: - description: |- - FailureMessage indicates that there is a fatal problem reconciling the - state, and will be set to a descriptive error message. - type: string - failureReason: - description: |- - FailureReason indicates that there is a fatal problem reconciling the - state, and will be set to a token value suitable for - programmatic interpretation. - type: string - infrastructureReady: - description: InfrastructureReady is the state of the infrastructure - provider. - type: boolean - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - phase: - description: |- - Phase represents the current phase of cluster actuation. - E.g. Pending, Running, Terminating, Failed etc. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-clustersizingconfigurations.scheduling.hypershift.openshift.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-clustersizingconfigurations.scheduling.hypershift.openshift.io.yaml deleted file mode 100644 index 3c4df36a6..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-clustersizingconfigurations.scheduling.hypershift.openshift.io.yaml +++ /dev/null @@ -1,332 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: clustersizingconfigurations.scheduling.hypershift.openshift.io -spec: - group: scheduling.hypershift.openshift.io - names: - kind: ClusterSizingConfiguration - listKind: ClusterSizingConfigurationList - plural: clustersizingconfigurations - shortNames: - - csc - - cscs - singular: clustersizingconfiguration - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - ClusterSizingConfiguration defines the desired state of ClusterSizingConfiguration. - Configuration options here allow management cluster administrators to define sizing classes for hosted clusters and - how the system should adapt hosted cluster functionality based on size. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ClusterSizingConfigurationSpec defines the desired state - of ClusterSizingConfiguration - properties: - concurrency: - description: |- - Concurrency defines the bounds of allowed behavior for clusters transitioning between sizes. - Transitions will require that request-serving pods be re-scheduled between nodes, so each - transition incurs a small user-facing cost as well as a cost to the management cluster. Use - the concurrency configuration options to manage how many transitions can be occurring. - These limits do not apply to new clusters entering the fleet. - If unset, a sensible default will be provided. - properties: - limit: - default: 5 - description: Limit is the maximum allowed number of cluster size - transitions during the sliding window. - format: int32 - minimum: 1 - type: integer - slidingWindow: - default: 10m - description: SlidingWindow is the window over which the concurrency - bound is enforced. - pattern: ^([0-9]+(\.[0-9]+)?(s|m|h))+$ - type: string - type: object - nonRequestServingNodesBufferPerZone: - anyOf: - - type: integer - - type: string - description: |- - NonRequestServingNodesBufferPerZone is the number of extra nodes to allocate for non request serving - workloads per zone. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - sizes: - description: |- - Sizes holds the different t-shirt size classes into which guest clusters will be sorted. - Each size class applies to guest clusters using node count criteria; it is required that - the entire interval between [0,+inf) be covered by the set of sizes provided here. - items: - description: SizeConfiguration holds options for clusters of a given - size. - properties: - criteria: - description: Criteria defines the node count range for clusters - to fall into this t-shirt size class. - properties: - from: - description: From is the inclusive lower limit to node count - for a cluster to be considered a particular size. - format: int32 - minimum: 0 - type: integer - to: - description: |- - To is the inclusive upper limit to node count for a cluster to be considered a particular size. - If unset, this size class will match clusters of all sizes greater than the lower limit. - format: int32 - minimum: 0 - type: integer - required: - - from - type: object - x-kubernetes-validations: - - message: lower limit must be less than or equal to the upper - limit - rule: '!has(self.to) || self.from <= self.to' - effects: - description: Effects define the effects on a cluster being considered - part of this t-shirt size class. - properties: - APICriticalPriorityClassName: - description: |- - APICriticalPriorityClassName is the priority class for pods in the API request serving path. - This includes Kube API Server, OpenShift APIServer, etc. - type: string - controlPlanePriorityClassName: - description: ControlPlanePriorityClassName is the priority - class to use for most control plane pods - type: string - etcdPriorityClassName: - description: EtcdPriorityClassName is the priority class - to use for etcd pods - type: string - kasGoMemLimit: - anyOf: - - type: integer - - type: string - description: KASGoMemLimit is the value to set for the $GOMEMLIMIT - of the Kube APIServer container - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - machineHealthCheckTimeout: - description: |- - MachineHealthCheckTimeout specifies an optional timeout for machinehealthchecks created - for HostedClusters with this specific size. - type: string - resourceRequests: - description: ResourceRequests allows specifying resource - requests for control plane pods. - items: - properties: - containerName: - description: ContainerName is the name of the container - to which the resource request applies. - type: string - cpu: - anyOf: - - type: integer - - type: string - description: CPU is the amount of CPU to request for - the container. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - deploymentName: - description: DeploymentName is the name of the deployment - to which the resource request applies. - type: string - memory: - anyOf: - - type: integer - - type: string - description: Memory is the amount of memory to request - for the container. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - required: - - containerName - - deploymentName - type: object - type: array - type: object - management: - description: Management configures the management aspects of - this size class on the management plane. - properties: - nonRequestServingNodesPerZone: - anyOf: - - type: integer - - type: string - description: |- - NonRequestServingNodesPerZone is the number of nodes to allocate for non request serving workloads - per HostedCluster. This will likely be a fraction of a node (ie. 0.2) to allow 5 HostedClusters in - a single node. The total number of nodes needed per HostedCluster is this number multiplied by 3 - (number of zones). - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - placeholders: - description: |- - Placeholders configures the number of dummy workloads that will be scheduled irrespective of - HostedClusters in order to keep a set of nodes ready to accept new cluster creation and scheduling. - minimum: 0 - type: integer - type: object - name: - description: Name is the t-shirt size name. - type: string - required: - - criteria - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: exactly one size class must have a lower limit of zero - rule: self.exists_one(i, i.criteria.from == 0) - - message: exactly one size class must have no upper limit - rule: self.exists_one(i, !has(i.criteria.to)) - transitionDelay: - description: |- - TransitionDelay configures how quickly the system reacts to clusters transitioning between size classes. - It may be advantageous, for instance, to have a near-instant scale-down for clusters that begin to - use fewer resources, but allow for some lag on scale-up to ensure that the use is sustained before - incurring the larger cost for scale-up. - properties: - decrease: - default: 10m - description: |- - Decrease defines the minimum period of time to wait between a cluster's size decreasing and - the t-shirt size assigned to it being updated to reflect the new size. - pattern: ^([0-9]+(\.[0-9]+)?(s|m|h))+$ - type: string - increase: - default: 30s - description: |- - Increase defines the minimum period of time to wait between a cluster's size increasing and - the t-shirt size assigned to it being updated to reflect the new size. - pattern: ^([0-9]+(\.[0-9]+)?(s|m|h))+$ - type: string - type: object - type: object - status: - description: ClusterSizingConfigurationStatus defines the observed state - of ClusterSizingConfiguration - properties: - conditions: - description: Conditions contain details about the various aspects - of cluster sizing. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - x-kubernetes-validations: - - message: exactly one configuration may exist and must be named 'cluster' - rule: self.metadata.name == 'cluster' - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-hostedclusters.hypershift.openshift.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-hostedclusters.hypershift.openshift.io.yaml deleted file mode 100644 index 858630f54..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-hostedclusters.hypershift.openshift.io.yaml +++ /dev/null @@ -1,10260 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: hostedclusters.hypershift.openshift.io -spec: - group: hypershift.openshift.io - names: - kind: HostedCluster - listKind: HostedClusterList - plural: hostedclusters - shortNames: - - hc - - hcs - singular: hostedcluster - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Version - jsonPath: .status.version.history[?(@.state=="Completed")].version - name: Version - type: string - - description: KubeConfig Secret - jsonPath: .status.kubeconfig.name - name: KubeConfig - type: string - - description: Progress - jsonPath: .status.version.history[?(@.state!="")].state - name: Progress - type: string - - description: Available - jsonPath: .status.conditions[?(@.type=="Available")].status - name: Available - type: string - - description: Progressing - jsonPath: .status.conditions[?(@.type=="Progressing")].status - name: Progressing - type: string - - description: Message - jsonPath: .status.conditions[?(@.type=="Available")].message - name: Message - type: string - deprecated: true - deprecationWarning: v1alpha1 is a deprecated version for HostedCluster - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - HostedCluster is the primary representation of a HyperShift cluster and encapsulates - the control plane and common data plane configuration. Creating a HostedCluster - results in a fully functional OpenShift control plane with no attached nodes. - To support workloads (e.g. pods), a HostedCluster may have one or more associated - NodePool resources. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Spec is the desired behavior of the HostedCluster. - properties: - additionalTrustBundle: - description: |- - AdditionalTrustBundle is a reference to a ConfigMap containing a - PEM-encoded X.509 certificate bundle that will be added to the hosted controlplane and nodes - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - auditWebhook: - description: |- - AuditWebhook contains metadata for configuring an audit webhook endpoint - for a cluster to process cluster audit events. It references a secret that - contains the webhook information for the audit webhook endpoint. It is a - secret because if the endpoint has mTLS the kubeconfig will contain client - keys. The kubeconfig needs to be stored in the secret with a secret key - name that corresponds to the constant AuditWebhookKubeconfigKey. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - autoscaling: - description: |- - Autoscaling specifies auto-scaling behavior that applies to all NodePools - associated with the control plane. - properties: - maxNodeProvisionTime: - description: |- - MaxNodeProvisionTime is the maximum time to wait for node provisioning - before considering the provisioning to be unsuccessful, expressed as a Go - duration string. The default is 15 minutes. - pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ - type: string - maxNodesTotal: - description: |- - MaxNodesTotal is the maximum allowable number of nodes across all NodePools - for a HostedCluster. The autoscaler will not grow the cluster beyond this - number. - format: int32 - minimum: 0 - type: integer - maxPodGracePeriod: - description: |- - MaxPodGracePeriod is the maximum seconds to wait for graceful pod - termination before scaling down a NodePool. The default is 600 seconds. - format: int32 - minimum: 0 - type: integer - podPriorityThreshold: - description: |- - PodPriorityThreshold enables users to schedule "best-effort" pods, which - shouldn't trigger autoscaler actions, but only run when there are spare - resources available. The default is -10. - - - See the following for more details: - https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#how-does-cluster-autoscaler-work-with-pod-priority-and-preemption - format: int32 - type: integer - type: object - channel: - description: |- - channel is an identifier for explicitly requesting that a non-default - set of updates be applied to this cluster. The default channel will be - contain stable updates that are appropriate for production clusters. - type: string - clusterID: - description: |- - ClusterID uniquely identifies this cluster. This is expected to be - an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in - hexadecimal values). - As with a Kubernetes metadata.uid, this ID uniquely identifies this - cluster in space and time. - This value identifies the cluster in metrics pushed to telemetry and - metrics produced by the control plane operators. If a value is not - specified, an ID is generated. After initial creation, the value is - immutable. - pattern: '[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}' - type: string - configuration: - description: |- - Configuration specifies configuration for individual OCP components in the - cluster, represented as embedded resources that correspond to the openshift - configuration API. - properties: - apiServer: - description: |- - APIServer holds configuration (like serving certificates, client CA and CORS domains) - shared by all API servers in the system, among them especially kube-apiserver - and openshift-apiserver. - properties: - additionalCORSAllowedOrigins: - description: |- - additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the - API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth - server from JavaScript applications. - The values are regular expressions that correspond to the Golang regular expression language. - items: - type: string - type: array - audit: - default: - profile: Default - description: |- - audit specifies the settings for audit configuration to be applied to all OpenShift-provided - API servers in the cluster. - properties: - customRules: - description: |- - customRules specify profiles per group. These profile take precedence over the - top-level profile field if they apply. They are evaluation from top to bottom and - the first one that matches, applies. - items: - description: |- - AuditCustomRule describes a custom rule for an audit profile that takes precedence over - the top-level profile. - properties: - group: - description: group is a name of group a request - user must be member of in order to this profile - to apply. - minLength: 1 - type: string - profile: - description: |- - profile specifies the name of the desired audit policy configuration to be deployed to - all OpenShift-provided API servers in the cluster. - - - The following profiles are provided: - - Default: the existing default policy. - - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for - write requests (create, update, patch). - - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response - HTTP payloads for read requests (get, list). - - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. - - - If unset, the 'Default' profile is used as the default. - enum: - - Default - - WriteRequestBodies - - AllRequestBodies - - None - type: string - required: - - group - - profile - type: object - type: array - x-kubernetes-list-map-keys: - - group - x-kubernetes-list-type: map - profile: - default: Default - description: |- - profile specifies the name of the desired top-level audit profile to be applied to all requests - sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, - openshift-apiserver and oauth-apiserver), with the exception of those requests that match - one or more of the customRules. - - - The following profiles are provided: - - Default: default policy which means MetaData level logging with the exception of events - (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody - level). - - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for - write requests (create, update, patch). - - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response - HTTP payloads for read requests (get, list). - - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. - - - Warning: It is not recommended to disable audit logging by using the `None` profile unless you - are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. - If you disable audit logging and a support situation arises, you might need to enable audit logging - and reproduce the issue in order to troubleshoot properly. - - - If unset, the 'Default' profile is used as the default. - enum: - - Default - - WriteRequestBodies - - AllRequestBodies - - None - type: string - type: object - clientCA: - description: |- - clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for - incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. - You usually only have to set this if you have your own PKI you wish to honor client certificates from. - The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - - ConfigMap.Data["ca-bundle.crt"] - CA bundle. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - encryption: - description: encryption allows the configuration of encryption - of resources at the datastore layer. - properties: - type: - description: |- - type defines what encryption type should be used to encrypt resources at the datastore layer. - When this field is unset (i.e. when it is set to the empty string), identity is implied. - The behavior of unset can and will change over time. Even if encryption is enabled by default, - the meaning of unset may change to a different encryption type based on changes in best practices. - - - When encryption is enabled, all sensitive resources shipped with the platform are encrypted. - This list of sensitive resources can and will change over time. The current authoritative list is: - - - 1. secrets - 2. configmaps - 3. routes.route.openshift.io - 4. oauthaccesstokens.oauth.openshift.io - 5. oauthauthorizetokens.oauth.openshift.io - enum: - - "" - - identity - - aescbc - - aesgcm - type: string - type: object - servingCerts: - description: |- - servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates - will be used for serving secure traffic. - properties: - namedCertificates: - description: |- - namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. - If no named certificates are provided, or no named certificates match the server name as understood by a client, - the defaultServingCertificate will be used. - items: - description: APIServerNamedServingCert maps a server - DNS name, as understood by a client, to a certificate. - properties: - names: - description: |- - names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to - serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. - Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names. - items: - type: string - type: array - servingCertificate: - description: |- - servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. - The secret must exist in the openshift-config namespace and contain the following required fields: - - Secret.Data["tls.key"] - TLS private key. - - Secret.Data["tls.crt"] - TLS certificate. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - type: object - type: array - type: object - tlsSecurityProfile: - description: |- - tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. - - - If unset, a default (which may change between releases) is chosen. Note that only Old, - Intermediate and Custom profiles are currently supported, and the maximum available - minTLSVersion is VersionTLS12. - properties: - custom: - description: |- - custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: - - - ciphers: - - - - ECDHE-ECDSA-CHACHA20-POLY1305 - - - - ECDHE-RSA-CHACHA20-POLY1305 - - - - ECDHE-RSA-AES128-GCM-SHA256 - - - - ECDHE-ECDSA-AES128-GCM-SHA256 - - - minTLSVersion: VersionTLS11 - nullable: true - properties: - ciphers: - description: |- - ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): - - - ciphers: - - DES-CBC3-SHA - items: - type: string - type: array - minTLSVersion: - description: |- - minTLSVersion is used to specify the minimal version of the TLS protocol - that is negotiated during the TLS handshake. For example, to use TLS - versions 1.1, 1.2 and 1.3 (yaml): - - - minTLSVersion: VersionTLS11 - - - NOTE: currently the highest minTLSVersion allowed is VersionTLS12 - enum: - - VersionTLS10 - - VersionTLS11 - - VersionTLS12 - - VersionTLS13 - type: string - type: object - intermediate: - description: |- - intermediate is a TLS security profile based on: - - - https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 - - - and looks like this (yaml): - - - ciphers: - - - - TLS_AES_128_GCM_SHA256 - - - - TLS_AES_256_GCM_SHA384 - - - - TLS_CHACHA20_POLY1305_SHA256 - - - - ECDHE-ECDSA-AES128-GCM-SHA256 - - - - ECDHE-RSA-AES128-GCM-SHA256 - - - - ECDHE-ECDSA-AES256-GCM-SHA384 - - - - ECDHE-RSA-AES256-GCM-SHA384 - - - - ECDHE-ECDSA-CHACHA20-POLY1305 - - - - ECDHE-RSA-CHACHA20-POLY1305 - - - - DHE-RSA-AES128-GCM-SHA256 - - - - DHE-RSA-AES256-GCM-SHA384 - - - minTLSVersion: VersionTLS12 - nullable: true - type: object - modern: - description: |- - modern is a TLS security profile based on: - - - https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility - - - and looks like this (yaml): - - - ciphers: - - - - TLS_AES_128_GCM_SHA256 - - - - TLS_AES_256_GCM_SHA384 - - - - TLS_CHACHA20_POLY1305_SHA256 - - - minTLSVersion: VersionTLS13 - nullable: true - type: object - old: - description: |- - old is a TLS security profile based on: - - - https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility - - - and looks like this (yaml): - - - ciphers: - - - - TLS_AES_128_GCM_SHA256 - - - - TLS_AES_256_GCM_SHA384 - - - - TLS_CHACHA20_POLY1305_SHA256 - - - - ECDHE-ECDSA-AES128-GCM-SHA256 - - - - ECDHE-RSA-AES128-GCM-SHA256 - - - - ECDHE-ECDSA-AES256-GCM-SHA384 - - - - ECDHE-RSA-AES256-GCM-SHA384 - - - - ECDHE-ECDSA-CHACHA20-POLY1305 - - - - ECDHE-RSA-CHACHA20-POLY1305 - - - - DHE-RSA-AES128-GCM-SHA256 - - - - DHE-RSA-AES256-GCM-SHA384 - - - - DHE-RSA-CHACHA20-POLY1305 - - - - ECDHE-ECDSA-AES128-SHA256 - - - - ECDHE-RSA-AES128-SHA256 - - - - ECDHE-ECDSA-AES128-SHA - - - - ECDHE-RSA-AES128-SHA - - - - ECDHE-ECDSA-AES256-SHA384 - - - - ECDHE-RSA-AES256-SHA384 - - - - ECDHE-ECDSA-AES256-SHA - - - - ECDHE-RSA-AES256-SHA - - - - DHE-RSA-AES128-SHA256 - - - - DHE-RSA-AES256-SHA256 - - - - AES128-GCM-SHA256 - - - - AES256-GCM-SHA384 - - - - AES128-SHA256 - - - - AES256-SHA256 - - - - AES128-SHA - - - - AES256-SHA - - - - DES-CBC3-SHA - - - minTLSVersion: VersionTLS10 - nullable: true - type: object - type: - description: |- - type is one of Old, Intermediate, Modern or Custom. Custom provides - the ability to specify individual TLS security profile parameters. - Old, Intermediate and Modern are TLS security profiles based on: - - - https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations - - - The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers - are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be - reduced. - - - Note that the Modern profile is currently not supported because it is not - yet well adopted by common software libraries. - enum: - - Old - - Intermediate - - Modern - - Custom - type: string - type: object - type: object - authentication: - description: |- - Authentication specifies cluster-wide settings for authentication (like OAuth and - webhook token authenticators). - properties: - oauthMetadata: - description: |- - oauthMetadata contains the discovery endpoint data for OAuth 2.0 - Authorization Server Metadata for an external OAuth server. - This discovery document can be viewed from its served location: - oc get --raw '/.well-known/oauth-authorization-server' - For further details, see the IETF Draft: - https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - If oauthMetadata.name is non-empty, this value has precedence - over any metadata reference stored in status. - The key "oauthMetadata" is used to locate the data. - If specified and the config map or expected key is not found, no metadata is served. - If the specified metadata is not valid, no metadata is served. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - oidcProviders: - description: |- - OIDCProviders are OIDC identity providers that can issue tokens - for this cluster - Can only be set if "Type" is set to "OIDC". - - - At most one provider can be configured. - items: - properties: - claimMappings: - description: |- - ClaimMappings describes rules on how to transform information from an - ID token into a cluster identity - properties: - groups: - description: |- - Groups is a name of the claim that should be used to construct - groups for the cluster identity. - The referenced claim must use array of strings values. - properties: - claim: - description: Claim is a JWT token claim to be - used in the mapping - type: string - prefix: - description: |- - Prefix is a string to prefix the value from the token in the result of the - claim mapping. - - - By default, no prefixing occurs. - - - Example: if `prefix` is set to "myoidc:"" and the `claim` in JWT contains - an array of strings "a", "b" and "c", the mapping will result in an - array of string "myoidc:a", "myoidc:b" and "myoidc:c". - type: string - required: - - claim - type: object - username: - description: |- - Username is a name of the claim that should be used to construct - usernames for the cluster identity. - - - Default value: "sub" - properties: - claim: - description: Claim is a JWT token claim to be - used in the mapping - type: string - prefix: - properties: - prefixString: - minLength: 1 - type: string - required: - - prefixString - type: object - prefixPolicy: - description: |- - PrefixPolicy specifies how a prefix should apply. - - - By default, claims other than `email` will be prefixed with the issuer URL to - prevent naming clashes with other plugins. - - - Set to "NoPrefix" to disable prefixing. - - - Example: - (1) `prefix` is set to "myoidc:" and `claim` is set to "username". - If the JWT claim `username` contains value `userA`, the resulting - mapped value will be "myoidc:userA". - (2) `prefix` is set to "myoidc:" and `claim` is set to "email". If the - JWT `email` claim contains value "userA@myoidc.tld", the resulting - mapped value will be "myoidc:userA@myoidc.tld". - (3) `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`, - the JWT claims include "username":"userA" and "email":"userA@myoidc.tld", - and `claim` is set to: - (a) "username": the mapped value will be "https://myoidc.tld#userA" - (b) "email": the mapped value will be "userA@myoidc.tld" - enum: - - "" - - NoPrefix - - Prefix - type: string - required: - - claim - type: object - x-kubernetes-validations: - - message: prefix must be set if prefixPolicy is - 'Prefix', but must remain unset otherwise - rule: 'has(self.prefixPolicy) && self.prefixPolicy - == ''Prefix'' ? (has(self.prefix) && size(self.prefix.prefixString) - > 0) : !has(self.prefix)' - type: object - claimValidationRules: - description: ClaimValidationRules are rules that are - applied to validate token claims to authenticate users. - items: - properties: - requiredClaim: - description: |- - RequiredClaim allows configuring a required claim name and its expected - value - properties: - claim: - description: |- - Claim is a name of a required claim. Only claims with string values are - supported. - minLength: 1 - type: string - requiredValue: - description: RequiredValue is the required - value for the claim. - minLength: 1 - type: string - required: - - claim - - requiredValue - type: object - type: - default: RequiredClaim - description: Type sets the type of the validation - rule - enum: - - RequiredClaim - type: string - type: object - type: array - x-kubernetes-list-type: atomic - issuer: - description: Issuer describes atributes of the OIDC - token issuer - properties: - audiences: - description: |- - Audiences is an array of audiences that the token was issued for. - Valid tokens must include at least one of these values in their - "aud" claim. - Must be set to exactly one value. - items: - minLength: 1 - type: string - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: set - issuerCertificateAuthority: - description: |- - CertificateAuthority is a reference to a config map in the - configuration namespace. The .data of the configMap must contain - the "ca-bundle.crt" key. - If unset, system trust is used instead. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - issuerURL: - description: |- - URL is the serving URL of the token issuer. - Must use the https:// scheme. - pattern: ^https:\/\/[^\s] - type: string - required: - - audiences - - issuerURL - type: object - name: - description: Name of the OIDC provider - minLength: 1 - type: string - oidcClients: - description: |- - OIDCClients contains configuration for the platform's clients that - need to request tokens from the issuer - items: - properties: - clientID: - description: ClientID is the identifier of the - OIDC client from the OIDC provider - minLength: 1 - type: string - clientSecret: - description: |- - ClientSecret refers to a secret in the `openshift-config` namespace that - contains the client secret in the `clientSecret` key of the `.data` field - properties: - name: - description: name is the metadata.name of - the referenced secret - type: string - required: - - name - type: object - componentName: - description: |- - ComponentName is the name of the component that is supposed to consume this - client configuration - maxLength: 256 - minLength: 1 - type: string - componentNamespace: - description: |- - ComponentNamespace is the namespace of the component that is supposed to consume this - client configuration - maxLength: 63 - minLength: 1 - type: string - extraScopes: - description: ExtraScopes is an optional set of - scopes to request tokens with. - items: - type: string - type: array - x-kubernetes-list-type: set - required: - - clientID - - componentName - - componentNamespace - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - componentNamespace - - componentName - x-kubernetes-list-type: map - required: - - issuer - - name - type: object - maxItems: 1 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - serviceAccountIssuer: - description: |- - serviceAccountIssuer is the identifier of the bound service account token - issuer. - The default is https://kubernetes.default.svc - WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the - previous issuer value. Instead, the tokens issued by previous service account issuer will continue to - be trusted for a time period chosen by the platform (currently set to 24h). - This time period is subject to change over time. - This allows internal components to transition to use new service account issuer without service distruption. - type: string - type: - description: |- - type identifies the cluster managed, user facing authentication mode in use. - Specifically, it manages the component that responds to login attempts. - The default is IntegratedOAuth. - type: string - webhookTokenAuthenticator: - description: |- - webhookTokenAuthenticator configures a remote token reviewer. - These remote authentication webhooks can be used to verify bearer tokens - via the tokenreviews.authentication.k8s.io REST API. This is required to - honor bearer tokens that are provisioned by an external authentication service. - - - Can only be set if "Type" is set to "None". - properties: - kubeConfig: - description: |- - kubeConfig references a secret that contains kube config file data which - describes how to access the remote webhook service. - The namespace for the referenced secret is openshift-config. - - - For further details, see: - - - https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - - - The key "kubeConfig" is used to locate the data. - If the secret or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook is not honored. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - required: - - kubeConfig - type: object - webhookTokenAuthenticators: - description: webhookTokenAuthenticators is DEPRECATED, setting - it has no effect. - items: - description: |- - deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. - It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field. - properties: - kubeConfig: - description: |- - kubeConfig contains kube config file data which describes how to access the remote webhook service. - For further details, see: - https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - The key "kubeConfig" is used to locate the data. - If the secret or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook is not honored. - The namespace for this secret is determined by the point of use. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - type: array - x-kubernetes-list-type: atomic - type: object - configMapRefs: - description: |- - ConfigMapRefs holds references to any configmaps referenced by - configuration entries. Entries can reference the configmaps using local - object references. - - - Deprecated - This field is deprecated and will be removed in a future release - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - type: array - featureGate: - description: FeatureGate holds cluster-wide information about - feature gates. - properties: - customNoUpgrade: - description: |- - customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. - Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations - your cluster may fail in an unrecoverable way. featureSet must equal "CustomNoUpgrade" must be set to use this field. - nullable: true - properties: - disabled: - description: disabled is a list of all feature gates that - you want to force off - items: - description: FeatureGateName is a string to enforce - patterns on the name of a FeatureGate - pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$ - type: string - type: array - enabled: - description: enabled is a list of all feature gates that - you want to force on - items: - description: FeatureGateName is a string to enforce - patterns on the name of a FeatureGate - pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$ - type: string - type: array - type: object - featureSet: - description: |- - featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting. - Turning on or off features may cause irreversible changes in your cluster which cannot be undone. - type: string - x-kubernetes-validations: - - message: CustomNoUpgrade may not be changed - rule: 'oldSelf == ''CustomNoUpgrade'' ? self == ''CustomNoUpgrade'' - : true' - - message: TechPreviewNoUpgrade may not be changed - rule: 'oldSelf == ''TechPreviewNoUpgrade'' ? self == ''TechPreviewNoUpgrade'' - : true' - - message: DevPreviewNoUpgrade may not be changed - rule: 'oldSelf == ''DevPreviewNoUpgrade'' ? self == ''DevPreviewNoUpgrade'' - : true' - type: object - image: - description: |- - Image governs policies related to imagestream imports and runtime configuration - for external registries. It allows cluster admins to configure which registries - OpenShift is allowed to import images from, extra CA trust bundles for external - registries, and policies to block or allow registry hostnames. - When exposing OpenShift's image registry to the public, this also lets cluster - admins specify the external hostname. - properties: - additionalTrustedCA: - description: |- - additionalTrustedCA is a reference to a ConfigMap containing additional CAs that - should be trusted during imagestream import, pod image pull, build image pull, and - imageregistry pullthrough. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - allowedRegistriesForImport: - description: |- - allowedRegistriesForImport limits the container image registries that normal users may import - images from. Set this list to the registries that you trust to contain valid Docker - images and that you want applications to be able to import from. Users with - permission to create Images or ImageStreamMappings via the API are not affected by - this policy - typically only administrators or system integrations will have those - permissions. - items: - description: |- - RegistryLocation contains a location of the registry specified by the registry domain - name. The domain name might include wildcards, like '*' or '??'. - properties: - domainName: - description: |- - domainName specifies a domain name for the registry - In case the registry use non-standard (80 or 443) port, the port should be included - in the domain name as well. - type: string - insecure: - description: |- - insecure indicates whether the registry is secure (https) or insecure (http) - By default (if not specified) the registry is assumed as secure. - type: boolean - type: object - type: array - externalRegistryHostnames: - description: |- - externalRegistryHostnames provides the hostnames for the default external image - registry. The external hostname should be set only when the image registry - is exposed externally. The first value is used in 'publicDockerImageRepository' - field in ImageStreams. The value must be in "hostname[:port]" format. - items: - type: string - type: array - registrySources: - description: |- - registrySources contains configuration that determines how the container runtime - should treat individual registries when accessing images for builds+pods. (e.g. - whether or not to allow insecure access). It does not contain configuration for the - internal cluster registry. - properties: - allowedRegistries: - description: |- - allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. - - - Only one of BlockedRegistries or AllowedRegistries may be set. - items: - type: string - type: array - blockedRegistries: - description: |- - blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. - - - Only one of BlockedRegistries or AllowedRegistries may be set. - items: - type: string - type: array - containerRuntimeSearchRegistries: - description: |- - containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified - domains in their pull specs. Registries will be searched in the order provided in the list. - Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports. - format: hostname - items: - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - insecureRegistries: - description: insecureRegistries are registries which do - not have a valid TLS certificates or only support HTTP - connections. - items: - type: string - type: array - type: object - type: object - ingress: - description: |- - Ingress holds cluster-wide information about ingress, including the default ingress domain - used for routes. - properties: - appsDomain: - description: |- - appsDomain is an optional domain to use instead of the one specified - in the domain field when a Route is created without specifying an explicit - host. If appsDomain is nonempty, this value is used to generate default - host values for Route. Unlike domain, appsDomain may be modified after - installation. - This assumes a new ingresscontroller has been setup with a wildcard - certificate. - type: string - componentRoutes: - description: |- - componentRoutes is an optional list of routes that are managed by OpenShift components - that a cluster-admin is able to configure the hostname and serving certificate for. - The namespace and name of each route in this list should match an existing entry in the - status.componentRoutes list. - - - To determine the set of configurable Routes, look at namespace and name of entries in the - .status.componentRoutes list, where participating operators write the status of - configurable routes. - items: - description: ComponentRouteSpec allows for configuration - of a route's hostname and serving certificate. - properties: - hostname: - description: hostname is the hostname that should be - used by the route. - pattern: ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ - type: string - name: - description: |- - name is the logical name of the route to customize. - - - The namespace and name of this componentRoute must match a corresponding - entry in the list of status.componentRoutes if the route is to be customized. - maxLength: 256 - minLength: 1 - type: string - namespace: - description: |- - namespace is the namespace of the route to customize. - - - The namespace and name of this componentRoute must match a corresponding - entry in the list of status.componentRoutes if the route is to be customized. - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - servingCertKeyPairSecret: - description: |- - servingCertKeyPairSecret is a reference to a secret of type `kubernetes.io/tls` in the openshift-config namespace. - The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name. - If the custom hostname uses the default routing suffix of the cluster, - the Secret specification for a serving certificate will not be needed. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - required: - - hostname - - name - - namespace - type: object - type: array - x-kubernetes-list-map-keys: - - namespace - - name - x-kubernetes-list-type: map - domain: - description: |- - domain is used to generate a default host name for a route when the - route's host name is empty. The generated host name will follow this - pattern: "..". - - - It is also used as the default wildcard domain suffix for ingress. The - default ingresscontroller domain will follow this pattern: "*.". - - - Once set, changing domain is not currently supported. - type: string - loadBalancer: - description: |- - loadBalancer contains the load balancer details in general which are not only specific to the underlying infrastructure - provider of the current cluster and are required for Ingress Controller to work on OpenShift. - properties: - platform: - description: |- - platform holds configuration specific to the underlying - infrastructure provider for the ingress load balancers. - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - properties: - aws: - description: aws contains settings specific to the - Amazon Web Services infrastructure provider. - properties: - type: - description: |- - type allows user to set a load balancer type. - When this field is set the default ingresscontroller will get created using the specified LBType. - If this field is not set then the default ingress controller of LBType Classic will be created. - Valid values are: - - - * "Classic": A Classic Load Balancer that makes routing decisions at either - the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See - the following for additional details: - - - https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb - - - * "NLB": A Network Load Balancer that makes routing decisions at the - transport layer (TCP/SSL). See the following for additional details: - - - https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb - enum: - - NLB - - Classic - type: string - required: - - type - type: object - type: - description: |- - type is the underlying infrastructure provider for the cluster. - Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", - "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", - "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms, - and must handle unrecognized platforms as None if they do not support that platform. - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - type: object - type: object - requiredHSTSPolicies: - description: |- - requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created or updated routes - matching the domainPattern/s and namespaceSelector/s that are specified in the policy. - Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route - annotation, and affect route admission. - - - A candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation: - "haproxy.router.openshift.io/hsts_header" - E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains - - - - For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector, - then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted. Otherwise, the route - is rejected. - - The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies - determines the route's admission status. - - If the candidate route doesn't match any requiredHSTSPolicy domainPattern and optional namespaceSelector, - then it may use any HSTS Policy annotation. - - - The HSTS policy configuration may be changed after routes have already been created. An update to a previously - admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration. - However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working. - - - Note that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid. - items: - properties: - domainPatterns: - description: |- - domainPatterns is a list of domains for which the desired HSTS annotations are required. - If domainPatterns is specified and a route is created with a spec.host matching one of the domains, - the route must specify the HSTS Policy components described in the matching RequiredHSTSPolicy. - - - The use of wildcards is allowed like this: *.foo.com matches everything under foo.com. - foo.com only matches foo.com, so to cover foo.com and everything under it, you must specify *both*. - items: - type: string - minItems: 1 - type: array - includeSubDomainsPolicy: - description: |- - includeSubDomainsPolicy means the HSTS Policy should apply to any subdomains of the host's - domain name. Thus, for the host bar.foo.com, if includeSubDomainsPolicy was set to RequireIncludeSubDomains: - - the host app.bar.foo.com would inherit the HSTS Policy of bar.foo.com - - the host bar.foo.com would inherit the HSTS Policy of bar.foo.com - - the host foo.com would NOT inherit the HSTS Policy of bar.foo.com - - the host def.foo.com would NOT inherit the HSTS Policy of bar.foo.com - enum: - - RequireIncludeSubDomains - - RequireNoIncludeSubDomains - - NoOpinion - type: string - maxAge: - description: |- - maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts. - If set to 0, it negates the effect, and hosts are removed as HSTS hosts. - If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts. - maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS - policy will eventually expire on that client. - properties: - largestMaxAge: - description: |- - The largest allowed value (in seconds) of the RequiredHSTSPolicy max-age - This value can be left unspecified, in which case no upper limit is enforced. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - smallestMaxAge: - description: |- - The smallest allowed value (in seconds) of the RequiredHSTSPolicy max-age - Setting max-age=0 allows the deletion of an existing HSTS header from a host. This is a necessary - tool for administrators to quickly correct mistakes. - This value can be left unspecified, in which case no lower limit is enforced. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - type: object - namespaceSelector: - description: |- - namespaceSelector specifies a label selector such that the policy applies only to those routes that - are in namespaces with labels that match the selector, and are in one of the DomainPatterns. - Defaults to the empty LabelSelector, which matches everything. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - preloadPolicy: - description: |- - preloadPolicy directs the client to include hosts in its host preload list so that - it never needs to do an initial load to get the HSTS header (note that this is not defined - in RFC 6797 and is therefore client implementation-dependent). - enum: - - RequirePreload - - RequireNoPreload - - NoOpinion - type: string - required: - - domainPatterns - type: object - type: array - type: object - items: - description: |- - Items embeds the serialized configuration resources. - - - Deprecated - This field is deprecated and will be removed in a future release - items: - type: object - x-kubernetes-preserve-unknown-fields: true - type: array - x-kubernetes-preserve-unknown-fields: true - network: - description: |- - Network holds cluster-wide information about the network. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. - Please view network.spec for an explanation on what applies when configuring this resource. - TODO (csrwng): Add validation here to exclude changes that conflict with networking settings in the HostedCluster.Spec.Networking field. - properties: - clusterNetwork: - description: |- - IP address pool to use for pod IPs. - This field is immutable after installation. - items: - description: |- - ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs - are allocated. - properties: - cidr: - description: The complete block for pod IPs. - type: string - hostPrefix: - description: |- - The size (prefix) of block to allocate to each node. If this - field is not used by the plugin, it can be left unset. - format: int32 - minimum: 0 - type: integer - type: object - type: array - x-kubernetes-list-type: atomic - externalIP: - description: |- - externalIP defines configuration for controllers that - affect Service.ExternalIP. If nil, then ExternalIP is - not allowed to be set. - properties: - autoAssignCIDRs: - description: |- - autoAssignCIDRs is a list of CIDRs from which to automatically assign - Service.ExternalIP. These are assigned when the service is of type - LoadBalancer. In general, this is only useful for bare-metal clusters. - In Openshift 3.x, this was misleadingly called "IngressIPs". - Automatically assigned External IPs are not affected by any - ExternalIPPolicy rules. - Currently, only one entry may be provided. - items: - type: string - type: array - x-kubernetes-list-type: atomic - policy: - description: |- - policy is a set of restrictions applied to the ExternalIP field. - If nil or empty, then ExternalIP is not allowed to be set. - properties: - allowedCIDRs: - description: allowedCIDRs is the list of allowed CIDRs. - items: - type: string - type: array - x-kubernetes-list-type: atomic - rejectedCIDRs: - description: |- - rejectedCIDRs is the list of disallowed CIDRs. These take precedence - over allowedCIDRs. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - type: object - networkDiagnostics: - description: |- - networkDiagnostics defines network diagnostics configuration. - - - Takes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. - If networkDiagnostics is not specified or is empty, - and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true, - the network diagnostics feature will be disabled. - properties: - mode: - description: |- - mode controls the network diagnostics mode - - - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is All. - enum: - - "" - - All - - Disabled - type: string - sourcePlacement: - description: |- - sourcePlacement controls the scheduling of network diagnostics source deployment - - - See NetworkDiagnosticsSourcePlacement for more details about default values. - properties: - nodeSelector: - additionalProperties: - type: string - description: |- - nodeSelector is the node selector applied to network diagnostics components - - - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is `kubernetes.io/os: linux`. - type: object - tolerations: - description: |- - tolerations is a list of tolerations applied to network diagnostics components - - - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is an empty list. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - targetPlacement: - description: |- - targetPlacement controls the scheduling of network diagnostics target daemonset - - - See NetworkDiagnosticsTargetPlacement for more details about default values. - properties: - nodeSelector: - additionalProperties: - type: string - description: |- - nodeSelector is the node selector applied to network diagnostics components - - - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is `kubernetes.io/os: linux`. - type: object - tolerations: - description: |- - tolerations is a list of tolerations applied to network diagnostics components - - - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is `- operator: "Exists"` which means that all taints are tolerated. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - networkType: - description: |- - NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN). - This should match a value that the cluster-network-operator understands, - or else no networking will be installed. - Currently supported values are: - - OpenShiftSDN - This field is immutable after installation. - type: string - serviceNetwork: - description: |- - IP address pool for services. - Currently, we only support a single entry here. - This field is immutable after installation. - items: - type: string - type: array - x-kubernetes-list-type: atomic - serviceNodePortRange: - description: |- - The port range allowed for Services of type NodePort. - If not specified, the default of 30000-32767 will be used. - Such Services without a NodePort specified will have one - automatically allocated from this range. - This parameter can be updated after the cluster is - installed. - pattern: ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - type: object - oauth: - description: |- - OAuth holds cluster-wide information about OAuth. - It is used to configure the integrated OAuth server. - This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth. - properties: - identityProviders: - description: |- - identityProviders is an ordered list of ways for a user to identify themselves. - When this list is empty, no identities are provisioned for users. - items: - description: IdentityProvider provides identities for users - authenticating using credentials - properties: - basicAuth: - description: basicAuth contains configuration options - for the BasicAuth IdP - properties: - ca: - description: |- - ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - The key "ca.crt" is used to locate the data. - If specified and the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - If empty, the default system roots are used. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - tlsClientCert: - description: |- - tlsClientCert is an optional reference to a secret by name that contains the - PEM-encoded TLS client certificate to present when connecting to the server. - The key "tls.crt" is used to locate the data. - If specified and the secret or expected key is not found, the identity provider is not honored. - If the specified certificate data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - tlsClientKey: - description: |- - tlsClientKey is an optional reference to a secret by name that contains the - PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. - The key "tls.key" is used to locate the data. - If specified and the secret or expected key is not found, the identity provider is not honored. - If the specified certificate data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - url: - description: url is the remote URL to connect to - type: string - type: object - github: - description: github enables user authentication using - GitHub credentials - properties: - ca: - description: |- - ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - The key "ca.crt" is used to locate the data. - If specified and the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - If empty, the default system roots are used. - This can only be configured when hostname is set to a non-empty value. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: |- - clientSecret is a required reference to the secret by name containing the oauth client secret. - The key "clientSecret" is used to locate the data. - If the secret or expected key is not found, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - hostname: - description: |- - hostname is the optional domain (e.g. "mycompany.com") for use with a hosted instance of - GitHub Enterprise. - It must match the GitHub Enterprise settings value configured at /setup/settings#hostname. - type: string - organizations: - description: organizations optionally restricts - which organizations are allowed to log in - items: - type: string - type: array - teams: - description: teams optionally restricts which teams - are allowed to log in. Format is /. - items: - type: string - type: array - type: object - gitlab: - description: gitlab enables user authentication using - GitLab credentials - properties: - ca: - description: |- - ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - The key "ca.crt" is used to locate the data. - If specified and the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - If empty, the default system roots are used. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: |- - clientSecret is a required reference to the secret by name containing the oauth client secret. - The key "clientSecret" is used to locate the data. - If the secret or expected key is not found, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - url: - description: url is the oauth server base URL - type: string - type: object - google: - description: google enables user authentication using - Google credentials - properties: - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: |- - clientSecret is a required reference to the secret by name containing the oauth client secret. - The key "clientSecret" is used to locate the data. - If the secret or expected key is not found, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - hostedDomain: - description: hostedDomain is the optional Google - App domain (e.g. "mycompany.com") to restrict - logins to - type: string - type: object - htpasswd: - description: htpasswd enables user authentication using - an HTPasswd file to validate credentials - properties: - fileData: - description: |- - fileData is a required reference to a secret by name containing the data to use as the htpasswd file. - The key "htpasswd" is used to locate the data. - If the secret or expected key is not found, the identity provider is not honored. - If the specified htpasswd data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - type: object - keystone: - description: keystone enables user authentication using - keystone password credentials - properties: - ca: - description: |- - ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - The key "ca.crt" is used to locate the data. - If specified and the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - If empty, the default system roots are used. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - domainName: - description: domainName is required for keystone - v3 - type: string - tlsClientCert: - description: |- - tlsClientCert is an optional reference to a secret by name that contains the - PEM-encoded TLS client certificate to present when connecting to the server. - The key "tls.crt" is used to locate the data. - If specified and the secret or expected key is not found, the identity provider is not honored. - If the specified certificate data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - tlsClientKey: - description: |- - tlsClientKey is an optional reference to a secret by name that contains the - PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. - The key "tls.key" is used to locate the data. - If specified and the secret or expected key is not found, the identity provider is not honored. - If the specified certificate data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - url: - description: url is the remote URL to connect to - type: string - type: object - ldap: - description: ldap enables user authentication using - LDAP credentials - properties: - attributes: - description: attributes maps LDAP attributes to - identities - properties: - email: - description: |- - email is the list of attributes whose values should be used as the email address. Optional. - If unspecified, no email is set for the identity - items: - type: string - type: array - id: - description: |- - id is the list of attributes whose values should be used as the user ID. Required. - First non-empty attribute is used. At least one attribute is required. If none of the listed - attribute have a value, authentication fails. - LDAP standard identity attribute is "dn" - items: - type: string - type: array - name: - description: |- - name is the list of attributes whose values should be used as the display name. Optional. - If unspecified, no display name is set for the identity - LDAP standard display name attribute is "cn" - items: - type: string - type: array - preferredUsername: - description: |- - preferredUsername is the list of attributes whose values should be used as the preferred username. - LDAP standard login attribute is "uid" - items: - type: string - type: array - type: object - bindDN: - description: bindDN is an optional DN to bind with - during the search phase. - type: string - bindPassword: - description: |- - bindPassword is an optional reference to a secret by name - containing a password to bind with during the search phase. - The key "bindPassword" is used to locate the data. - If specified and the secret or expected key is not found, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - ca: - description: |- - ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - The key "ca.crt" is used to locate the data. - If specified and the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - If empty, the default system roots are used. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - insecure: - description: |- - insecure, if true, indicates the connection should not use TLS - WARNING: Should not be set to `true` with the URL scheme "ldaps://" as "ldaps://" URLs always - attempt to connect using TLS, even when `insecure` is set to `true` - When `true`, "ldap://" URLS connect insecurely. When `false`, "ldap://" URLs are upgraded to - a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830. - type: boolean - url: - description: |- - url is an RFC 2255 URL which specifies the LDAP search parameters to use. - The syntax of the URL is: - ldap://host:port/basedn?attribute?scope?filter - type: string - type: object - mappingMethod: - description: |- - mappingMethod determines how identities from this provider are mapped to users - Defaults to "claim" - type: string - name: - description: |- - name is used to qualify the identities returned by this provider. - - It MUST be unique and not shared by any other identity provider used - - It MUST be a valid path segment: name cannot equal "." or ".." or contain "/" or "%" or ":" - Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName - type: string - openID: - description: openID enables user authentication using - OpenID credentials - properties: - ca: - description: |- - ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - The key "ca.crt" is used to locate the data. - If specified and the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - If empty, the default system roots are used. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - claims: - description: claims mappings - properties: - email: - description: |- - email is the list of claims whose values should be used as the email address. Optional. - If unspecified, no email is set for the identity - items: - type: string - type: array - x-kubernetes-list-type: atomic - groups: - description: |- - groups is the list of claims value of which should be used to synchronize groups - from the OIDC provider to OpenShift for the user. - If multiple claims are specified, the first one with a non-empty value is used. - items: - description: |- - OpenIDClaim represents a claim retrieved from an OpenID provider's tokens or userInfo - responses - minLength: 1 - type: string - type: array - x-kubernetes-list-type: atomic - name: - description: |- - name is the list of claims whose values should be used as the display name. Optional. - If unspecified, no display name is set for the identity - items: - type: string - type: array - x-kubernetes-list-type: atomic - preferredUsername: - description: |- - preferredUsername is the list of claims whose values should be used as the preferred username. - If unspecified, the preferred username is determined from the value of the sub claim - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: |- - clientSecret is a required reference to the secret by name containing the oauth client secret. - The key "clientSecret" is used to locate the data. - If the secret or expected key is not found, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - extraAuthorizeParameters: - additionalProperties: - type: string - description: extraAuthorizeParameters are any custom - parameters to add to the authorize request. - type: object - extraScopes: - description: extraScopes are any scopes to request - in addition to the standard "openid" scope. - items: - type: string - type: array - issuer: - description: |- - issuer is the URL that the OpenID Provider asserts as its Issuer Identifier. - It must use the https scheme with no query or fragment component. - type: string - type: object - requestHeader: - description: requestHeader enables user authentication - using request header credentials - properties: - ca: - description: |- - ca is a required reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - Specifically, it allows verification of incoming requests to prevent header spoofing. - The key "ca.crt" is used to locate the data. - If the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - challengeURL: - description: |- - challengeURL is a URL to redirect unauthenticated /authorize requests to - Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be - redirected here. - ${url} is replaced with the current URL, escaped to be safe in a query parameter - https://www.example.com/sso-login?then=${url} - ${query} is replaced with the current query string - https://www.example.com/auth-proxy/oauth/authorize?${query} - Required when challenge is set to true. - type: string - clientCommonNames: - description: |- - clientCommonNames is an optional list of common names to require a match from. If empty, any - client certificate validated against the clientCA bundle is considered authoritative. - items: - type: string - type: array - emailHeaders: - description: emailHeaders is the set of headers - to check for the email address - items: - type: string - type: array - headers: - description: headers is the set of headers to check - for identity information - items: - type: string - type: array - loginURL: - description: |- - loginURL is a URL to redirect unauthenticated /authorize requests to - Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here - ${url} is replaced with the current URL, escaped to be safe in a query parameter - https://www.example.com/sso-login?then=${url} - ${query} is replaced with the current query string - https://www.example.com/auth-proxy/oauth/authorize?${query} - Required when login is set to true. - type: string - nameHeaders: - description: nameHeaders is the set of headers to - check for the display name - items: - type: string - type: array - preferredUsernameHeaders: - description: preferredUsernameHeaders is the set - of headers to check for the preferred username - items: - type: string - type: array - type: object - type: - description: type identifies the identity provider type - for this entry. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - templates: - description: templates allow you to customize pages like the - login page. - properties: - error: - description: |- - error is the name of a secret that specifies a go template to use to render error pages - during the authentication or grant flow. - The key "errors.html" is used to locate the template data. - If specified and the secret or expected key is not found, the default error page is used. - If the specified template is not valid, the default error page is used. - If unspecified, the default error page is used. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - login: - description: |- - login is the name of a secret that specifies a go template to use to render the login page. - The key "login.html" is used to locate the template data. - If specified and the secret or expected key is not found, the default login page is used. - If the specified template is not valid, the default login page is used. - If unspecified, the default login page is used. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - providerSelection: - description: |- - providerSelection is the name of a secret that specifies a go template to use to render - the provider selection page. - The key "providers.html" is used to locate the template data. - If specified and the secret or expected key is not found, the default provider selection page is used. - If the specified template is not valid, the default provider selection page is used. - If unspecified, the default provider selection page is used. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - tokenConfig: - description: tokenConfig contains options for authorization - and access tokens - properties: - accessTokenInactivityTimeout: - description: |- - accessTokenInactivityTimeout defines the token inactivity timeout - for tokens granted by any client. - The value represents the maximum amount of time that can occur between - consecutive uses of the token. Tokens become invalid if they are not - used within this temporal window. The user will need to acquire a new - token to regain access once a token times out. Takes valid time - duration string such as "5m", "1.5h" or "2h45m". The minimum allowed - value for duration is 300s (5 minutes). If the timeout is configured - per client, then that value takes precedence. If the timeout value is - not specified and the client does not override the value, then tokens - are valid until their lifetime. - - - WARNING: existing tokens' timeout will not be affected (lowered) by changing this value - type: string - accessTokenInactivityTimeoutSeconds: - description: 'accessTokenInactivityTimeoutSeconds - DEPRECATED: - setting this field has no effect.' - format: int32 - type: integer - accessTokenMaxAgeSeconds: - description: accessTokenMaxAgeSeconds defines the maximum - age of access tokens - format: int32 - type: integer - type: object - type: object - operatorhub: - description: |- - OperatorHub specifies the configuration for the Operator Lifecycle Manager in the HostedCluster. This is only configured at deployment time but the controller are not reconcilling over it. - The OperatorHub configuration will be constantly reconciled if catalog placement is management, but only on cluster creation otherwise. - properties: - disableAllDefaultSources: - description: |- - disableAllDefaultSources allows you to disable all the default hub - sources. If this is true, a specific entry in sources can be used to - enable a default source. If this is false, a specific entry in - sources can be used to disable or enable a default source. - type: boolean - sources: - description: |- - sources is the list of default hub sources and their configuration. - If the list is empty, it implies that the default hub sources are - enabled on the cluster unless disableAllDefaultSources is true. - If disableAllDefaultSources is true and sources is not empty, - the configuration present in sources will take precedence. The list of - default hub sources and their current state will always be reflected in - the status block. - items: - description: HubSource is used to specify the hub source - and its configuration - properties: - disabled: - description: disabled is used to disable a default hub - source on cluster - type: boolean - name: - description: name is the name of one of the default - hub sources - maxLength: 253 - minLength: 1 - type: string - type: object - type: array - type: object - proxy: - description: Proxy holds cluster-wide information on how to configure - default proxies for the cluster. - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. Empty - means unset and will not result in an env var. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS - requests. Empty means unset and will not result in an env - var. - type: string - noProxy: - description: |- - noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. - Empty means unset and will not result in an env var. - type: string - readinessEndpoints: - description: readinessEndpoints is a list of endpoints used - to verify readiness of the proxy. - items: - type: string - type: array - trustedCA: - description: |- - trustedCA is a reference to a ConfigMap containing a CA certificate bundle. - The trustedCA field should only be consumed by a proxy validator. The - validator is responsible for reading the certificate bundle from the required - key "ca-bundle.crt", merging it with the system default trust bundle, - and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle" - in the "openshift-config-managed" namespace. Clients that expect to make - proxy connections must use the trusted-ca-bundle for all HTTPS requests to - the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as - well. - - - The namespace for the ConfigMap referenced by trustedCA is - "openshift-config". Here is an example ConfigMap (in yaml): - - - apiVersion: v1 - kind: ConfigMap - metadata: - name: user-ca-bundle - namespace: openshift-config - data: - ca-bundle.crt: | - -----BEGIN CERTIFICATE----- - Custom CA certificate bundle. - -----END CERTIFICATE----- - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - type: object - scheduler: - description: |- - Scheduler holds cluster-wide config information to run the Kubernetes Scheduler - and influence its placement decisions. The canonical name for this config is `cluster`. - properties: - defaultNodeSelector: - description: |- - defaultNodeSelector helps set the cluster-wide default node selector to - restrict pod placement to specific nodes. This is applied to the pods - created in all namespaces and creates an intersection with any existing - nodeSelectors already set on a pod, additionally constraining that pod's selector. - For example, - defaultNodeSelector: "type=user-node,region=east" would set nodeSelector - field in pod spec to "type=user-node,region=east" to all pods created - in all namespaces. Namespaces having project-wide node selectors won't be - impacted even if this field is set. This adds an annotation section to - the namespace. - For example, if a new namespace is created with - node-selector='type=user-node,region=east', - the annotation openshift.io/node-selector: type=user-node,region=east - gets added to the project. When the openshift.io/node-selector annotation - is set on the project the value is used in preference to the value we are setting - for defaultNodeSelector field. - For instance, - openshift.io/node-selector: "type=user-node,region=west" means - that the default of "type=user-node,region=east" set in defaultNodeSelector - would not be applied. - type: string - mastersSchedulable: - description: |- - MastersSchedulable allows masters nodes to be schedulable. When this flag is - turned on, all the master nodes in the cluster will be made schedulable, - so that workload pods can run on them. The default value for this field is false, - meaning none of the master nodes are schedulable. - Important Note: Once the workload pods start running on the master nodes, - extreme care must be taken to ensure that cluster-critical control plane components - are not impacted. - Please turn on this field after doing due diligence. - type: boolean - policy: - description: |- - DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. - policy is a reference to a ConfigMap containing scheduler policy which has - user specified predicates and priorities. If this ConfigMap is not available - scheduler will default to use DefaultAlgorithmProvider. - The namespace for this configmap is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - profile: - description: |- - profile sets which scheduling profile should be set in order to configure scheduling - decisions for new pods. - - - Valid values are "LowNodeUtilization", "HighNodeUtilization", "NoScoring" - Defaults to "LowNodeUtilization" - enum: - - "" - - LowNodeUtilization - - HighNodeUtilization - - NoScoring - type: string - profileCustomizations: - description: profileCustomizations contains configuration - for modifying the default behavior of existing scheduler - profiles. - properties: - dynamicResourceAllocation: - description: |- - dynamicResourceAllocation allows to enable or disable dynamic resource allocation within the scheduler. - Dynamic resource allocation is an API for requesting and sharing resources between pods and containers inside a pod. - Third-party resource drivers are responsible for tracking and allocating resources. - Different kinds of resources support arbitrary parameters for defining requirements and initialization. - Valid values are Enabled, Disabled and omitted. - When omitted, this means no opinion and the platform is left to choose a reasonable default, - which is subject to change over time. - The current default is Disabled. - enum: - - "" - - Enabled - - Disabled - type: string - type: object - type: object - secretRefs: - description: |- - SecretRefs holds references to any secrets referenced by configuration - entries. Entries can reference the secrets using local object references. - - - Deprecated - This field is deprecated and will be removed in a future release - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - type: array - type: object - controlPlaneRelease: - description: |- - ControlPlaneRelease specifies the desired OCP release payload for - control plane components running on the management cluster. - Updating this field will trigger a rollout of the control plane. The - behavior of the rollout will be driven by the ControllerAvailabilityPolicy - and InfrastructureAvailabilityPolicy. - If not defined, Release is used - properties: - image: - description: Image is the image pullspec of an OCP release payload - image. - pattern: ^(\w+\S+)$ - type: string - required: - - image - type: object - controllerAvailabilityPolicy: - default: HighlyAvailable - description: |- - ControllerAvailabilityPolicy specifies the availability policy applied to - critical control plane components. The default value is HighlyAvailable. - type: string - dns: - description: DNS specifies DNS configuration for the cluster. - properties: - baseDomain: - description: BaseDomain is the base domain of the cluster. - type: string - baseDomainPrefix: - description: |- - BaseDomainPrefix is the base domain prefix of the cluster. - defaults to clusterName if not set - type: string - privateZoneID: - description: |- - PrivateZoneID is the Hosted Zone ID where all the DNS records that are only - available internally to the cluster exist. - type: string - publicZoneID: - description: |- - PublicZoneID is the Hosted Zone ID where all the DNS records that are - publicly accessible to the internet exist. - type: string - required: - - baseDomain - type: object - etcd: - default: - managed: - storage: - persistentVolume: - size: 4Gi - type: PersistentVolume - managementType: Managed - description: |- - Etcd specifies configuration for the control plane etcd cluster. The - default ManagementType is Managed. Once set, the ManagementType cannot be - changed. - properties: - managed: - description: Managed specifies the behavior of an etcd cluster - managed by HyperShift. - properties: - storage: - description: Storage specifies how etcd data is persisted. - properties: - persistentVolume: - description: |- - PersistentVolume is the configuration for PersistentVolume etcd storage. - With this implementation, a PersistentVolume will be allocated for every - etcd member (either 1 or 3 depending on the HostedCluster control plane - availability configuration). - properties: - size: - anyOf: - - type: integer - - type: string - default: 8Gi - description: Size is the minimum size of the data - volume for each etcd member. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - x-kubernetes-validations: - - message: Etcd PV storage size is immutable - rule: self == oldSelf - storageClassName: - description: |- - StorageClassName is the StorageClass of the data volume for each etcd member. - - - See https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1. - type: string - type: object - restoreSnapshotURL: - description: |- - RestoreSnapshotURL allows an optional URL to be provided where - an etcd snapshot can be downloaded, for example a pre-signed URL - referencing a storage service. - This snapshot will be restored on initial startup, only when the etcd PV - is empty. - items: - type: string - type: array - x-kubernetes-validations: - - message: RestoreSnapshotURL shouldn't contain more than - 1 entry - rule: self.size() <= 1 - type: - description: Type is the kind of persistent storage implementation - to use for etcd. - enum: - - PersistentVolume - type: string - required: - - type - type: object - required: - - storage - type: object - managementType: - description: ManagementType defines how the etcd cluster is managed. - enum: - - Managed - - Unmanaged - type: string - unmanaged: - description: |- - Unmanaged specifies configuration which enables the control plane to - integrate with an eternally managed etcd cluster. - properties: - endpoint: - description: |- - Endpoint is the full etcd cluster client endpoint URL. For example: - - - https://etcd-client:2379 - - - If the URL uses an HTTPS scheme, the TLS field is required. - pattern: ^https:// - type: string - tls: - description: TLS specifies TLS configuration for HTTPS etcd - client endpoints. - properties: - clientSecret: - description: |- - ClientSecret refers to a secret for client mTLS authentication with the etcd cluster. It - may have the following key/value pairs: - - - etcd-client-ca.crt: Certificate Authority value - etcd-client.crt: Client certificate value - etcd-client.key: Client certificate key value - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - required: - - clientSecret - type: object - required: - - endpoint - - tls - type: object - required: - - managementType - type: object - fips: - description: |- - FIPS indicates whether this cluster's nodes will be running in FIPS mode. - If set to true, the control plane's ignition server will be configured to - expect that nodes joining the cluster will be FIPS-enabled. - type: boolean - imageContentSources: - description: |- - ImageContentSources specifies image mirrors that can be used by cluster - nodes to pull content. - items: - description: |- - ImageContentSource specifies image mirrors that can be used by cluster nodes - to pull content. For cluster workloads, if a container image registry host of - the pullspec matches Source then one of the Mirrors are substituted as hosts - in the pullspec and tried in order to fetch the image. - properties: - mirrors: - description: Mirrors are one or more repositories that may also - contain the same images. - items: - type: string - type: array - source: - description: |- - Source is the repository that users refer to, e.g. in image pull - specifications. - type: string - required: - - source - type: object - type: array - infraID: - description: |- - InfraID is a globally unique identifier for the cluster. This identifier - will be used to associate various cloud resources with the HostedCluster - and its associated NodePools. - type: string - infrastructureAvailabilityPolicy: - default: SingleReplica - description: |- - InfrastructureAvailabilityPolicy specifies the availability policy applied - to infrastructure services which run on cluster nodes. The default value is - SingleReplica. - type: string - issuerURL: - default: https://kubernetes.default.svc - description: |- - IssuerURL is an OIDC issuer URL which is used as the issuer in all - ServiceAccount tokens generated by the control plane API server. The - default value is kubernetes.default.svc, which only works for in-cluster - validation. - format: uri - type: string - networking: - default: - clusterNetwork: - - cidr: 10.132.0.0/14 - networkType: OVNKubernetes - serviceNetwork: - - cidr: 172.31.0.0/16 - description: Networking specifies network configuration for the cluster. - properties: - apiServer: - description: |- - APIServer contains advanced network settings for the API server that affect - how the APIServer is exposed inside a cluster node. - properties: - advertiseAddress: - description: |- - AdvertiseAddress is the address that nodes will use to talk to the API - server. This is an address associated with the loopback adapter of each - node. If not specified, 172.20.0.1 is used. - type: string - allowedCIDRBlocks: - description: |- - AllowedCIDRBlocks is an allow list of CIDR blocks that can access the APIServer - If not specified, traffic is allowed from all addresses. - This depends on underlying support by the cloud provider for Service LoadBalancerSourceRanges - items: - pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$ - type: string - type: array - port: - description: |- - Port is the port at which the APIServer is exposed inside a node. Other - pods using host networking cannot listen on this port. If not specified, - 6443 is used. - format: int32 - type: integer - type: object - clusterNetwork: - default: - - cidr: 10.132.0.0/14 - description: |- - ClusterNetwork is the list of IP address pools for pods. - TODO: make this required in the next version of the API - items: - description: |- - ClusterNetworkEntry is a single IP address block for pod IP blocks. IP blocks - are allocated with size 2^HostSubnetLength. - properties: - cidr: - description: CIDR is the IP block address pool. - type: string - hostPrefix: - description: |- - HostPrefix is the prefix size to allocate to each node from the CIDR. - For example, 24 would allocate 2^8=256 adresses to each node. If this - field is not used by the plugin, it can be left unset. - format: int32 - type: integer - required: - - cidr - type: object - type: array - machineCIDR: - description: |- - Deprecated - This field will be removed in the next API release. - Use MachineNetwork instead - format: cidr - type: string - machineNetwork: - description: |- - MachineNetwork is the list of IP address pools for machines. - TODO: make this required in the next version of the API - items: - description: MachineNetworkEntry is a single IP address block - for node IP blocks. - properties: - cidr: - description: CIDR is the IP block address pool for machines - within the cluster. - type: string - required: - - cidr - type: object - type: array - networkType: - default: OVNKubernetes - description: NetworkType specifies the SDN provider used for cluster - networking. - enum: - - OpenShiftSDN - - Calico - - OVNKubernetes - - Other - type: string - podCIDR: - description: |- - Deprecated - This field will be removed in the next API release. - Use ClusterNetwork instead - format: cidr - type: string - serviceCIDR: - description: |- - Deprecated - This field will be removed in the next API release. - Use ServiceNetwork instead - format: cidr - type: string - serviceNetwork: - default: - - cidr: 172.31.0.0/16 - description: |- - ServiceNetwork is the list of IP address pools for services. - NOTE: currently only one entry is supported. - TODO: make this required in the next version of the API - items: - description: ServiceNetworkEntry is a single IP address block - for the service network. - properties: - cidr: - description: CIDR is the IP block address pool for services - within the cluster. - type: string - required: - - cidr - type: object - type: array - required: - - networkType - type: object - nodeSelector: - additionalProperties: - type: string - description: NodeSelector when specified, must be true for the pods - managed by the HostedCluster to be scheduled. - type: object - olmCatalogPlacement: - default: management - description: |- - OLMCatalogPlacement specifies the placement of OLM catalog components. By default, - this is set to management and OLM catalog components are deployed onto the management - cluster. If set to guest, the OLM catalog components will be deployed onto the guest - cluster. - enum: - - management - - guest - type: string - pausedUntil: - description: |- - PausedUntil is a field that can be used to pause reconciliation on a resource. - Either a date can be provided in RFC3339 format or a boolean. If a date is - provided: reconciliation is paused on the resource until that date. If the boolean true is - provided: reconciliation is paused on the resource until the field is removed. - type: string - platform: - description: |- - Platform specifies the underlying infrastructure provider for the cluster - and is used to configure platform specific behavior. - properties: - agent: - description: Agent specifies configuration for agent-based installations. - properties: - agentNamespace: - description: AgentNamespace is the namespace where to search - for Agents for this cluster - type: string - required: - - agentNamespace - type: object - aws: - description: AWS specifies configuration for clusters running - on Amazon Web Services. - properties: - additionalAllowedPrincipals: - description: |- - AdditionalAllowedPrincipals specifies a list of additional allowed principal ARNs - to be added to the hosted control plane's VPC Endpoint Service to enable additional - VPC Endpoint connection requests to be automatically accepted. - See https://docs.aws.amazon.com/vpc/latest/privatelink/configure-endpoint-service.html - for more details around VPC Endpoint Service allowed principals. - items: - type: string - type: array - cloudProviderConfig: - description: |- - CloudProviderConfig specifies AWS networking configuration for the control - plane. - This is mainly used for cloud provider controller config: - https://github.com/kubernetes/kubernetes/blob/f5be5052e3d0808abb904aebd3218fe4a5c2dd82/staging/src/k8s.io/legacy-cloud-providers/aws/aws.go#L1347-L1364 - TODO(dan): should this be named AWSNetworkConfig? - properties: - subnet: - description: Subnet is the subnet to use for control plane - cloud resources. - properties: - filters: - description: |- - Filters is a set of key/value pairs used to identify a resource - They are applied according to the rules defined by the AWS API: - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html - items: - description: Filter is a filter used to identify - an AWS resource - properties: - name: - description: Name of the filter. Filter names - are case-sensitive. - type: string - values: - description: Values includes one or more filter - values. Filter values are case-sensitive. - items: - type: string - type: array - required: - - name - - values - type: object - type: array - id: - description: ID of resource - type: string - type: object - vpc: - description: VPC is the VPC to use for control plane cloud - resources. - type: string - zone: - description: |- - Zone is the availability zone where control plane cloud resources are - created. - type: string - required: - - vpc - type: object - controlPlaneOperatorCreds: - description: |- - Deprecated - This field will be removed in the next API release. - Use RolesRef instead. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - endpointAccess: - default: Public - description: |- - EndpointAccess specifies the publishing scope of cluster endpoints. The - default is Public. - enum: - - Public - - PublicAndPrivate - - Private - type: string - kubeCloudControllerCreds: - description: |- - Deprecated - This field will be removed in the next API release. - Use RolesRef instead. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - multiArch: - default: false - description: |- - MultiArch specifies whether the Hosted Cluster will be expected to support NodePools with different - CPU architectures, i.e., supporting arm64 NodePools and supporting amd64 NodePools on the same Hosted Cluster. - type: boolean - nodePoolManagementCreds: - description: |- - Deprecated - This field will be removed in the next API release. - Use RolesRef instead. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - region: - description: |- - Region is the AWS region in which the cluster resides. This configures the - OCP control plane cloud integrations, and is used by NodePool to resolve - the correct boot AMI for a given release. - type: string - resourceTags: - description: |- - ResourceTags is a list of additional tags to apply to AWS resources created - for the cluster. See - https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for - information on tagging AWS resources. AWS supports a maximum of 50 tags per - resource. OpenShift reserves 25 tags for its use, leaving 25 tags available - for the user. - items: - description: AWSResourceTag is a tag to apply to AWS resources - created for the cluster. - properties: - key: - description: Key is the key of the tag. - maxLength: 128 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - value: - description: |- - Value is the value of the tag. - - - Some AWS service do not support empty values. Since tags are added to - resources in many services, the length of the tag value must meet the - requirements of all services. - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - required: - - key - - value - type: object - maxItems: 25 - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - roles: - description: |- - Deprecated - This field will be removed in the next API release. - Use RolesRef instead. - items: - properties: - arn: - type: string - name: - type: string - namespace: - type: string - required: - - arn - - name - - namespace - type: object - type: array - rolesRef: - description: |- - RolesRef contains references to various AWS IAM roles required to enable - integrations such as OIDC. - properties: - controlPlaneOperatorARN: - description: "ControlPlaneOperatorARN is an ARN value - referencing a role appropriate for the Control Plane - Operator.\n\n\nThe following is an example of a valid - policy document:\n\n\n{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": - [\n\t\t{\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Action\": - [\n\t\t\t\t\"ec2:CreateVpcEndpoint\",\n\t\t\t\t\"ec2:DescribeVpcEndpoints\",\n\t\t\t\t\"ec2:ModifyVpcEndpoint\",\n\t\t\t\t\"ec2:DeleteVpcEndpoints\",\n\t\t\t\t\"ec2:CreateTags\",\n\t\t\t\t\"route53:ListHostedZones\"\n\t\t\t],\n\t\t\t\"Resource\": - \"*\"\n\t\t},\n\t\t{\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Action\": - [\n\t\t\t\t\"route53:ChangeResourceRecordSets\",\n\t\t\t\t\"route53:ListResourceRecordSets\"\n\t\t\t],\n\t\t\t\"Resource\": - \"arn:aws:route53:::%s\"\n\t\t}\n\t]\n}" - type: string - imageRegistryARN: - description: "ImageRegistryARN is an ARN value referencing - a role appropriate for the Image Registry Operator.\n\n\nThe - following is an example of a valid policy document:\n\n\n{\n\t\"Version\": - \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Effect\": - \"Allow\",\n\t\t\t\"Action\": [\n\t\t\t\t\"s3:CreateBucket\",\n\t\t\t\t\"s3:DeleteBucket\",\n\t\t\t\t\"s3:PutBucketTagging\",\n\t\t\t\t\"s3:GetBucketTagging\",\n\t\t\t\t\"s3:PutBucketPublicAccessBlock\",\n\t\t\t\t\"s3:GetBucketPublicAccessBlock\",\n\t\t\t\t\"s3:PutEncryptionConfiguration\",\n\t\t\t\t\"s3:GetEncryptionConfiguration\",\n\t\t\t\t\"s3:PutLifecycleConfiguration\",\n\t\t\t\t\"s3:GetLifecycleConfiguration\",\n\t\t\t\t\"s3:GetBucketLocation\",\n\t\t\t\t\"s3:ListBucket\",\n\t\t\t\t\"s3:GetObject\",\n\t\t\t\t\"s3:PutObject\",\n\t\t\t\t\"s3:DeleteObject\",\n\t\t\t\t\"s3:ListBucketMultipartUploads\",\n\t\t\t\t\"s3:AbortMultipartUpload\",\n\t\t\t\t\"s3:ListMultipartUploadParts\"\n\t\t\t],\n\t\t\t\"Resource\": - \"*\"\n\t\t}\n\t]\n}" - type: string - ingressARN: - description: "The referenced role must have a trust relationship - that allows it to be assumed via web identity.\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html.\nExample:\n{\n\t\t\"Version\": - \"2012-10-17\",\n\t\t\"Statement\": [\n\t\t\t{\n\t\t\t\t\"Effect\": - \"Allow\",\n\t\t\t\t\"Principal\": {\n\t\t\t\t\t\"Federated\": - \"{{ .ProviderARN }}\"\n\t\t\t\t},\n\t\t\t\t\t\"Action\": - \"sts:AssumeRoleWithWebIdentity\",\n\t\t\t\t\"Condition\": - {\n\t\t\t\t\t\"StringEquals\": {\n\t\t\t\t\t\t\"{{ .ProviderName - }}:sub\": {{ .ServiceAccounts }}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t]\n\t}\n\n\nIngressARN - is an ARN value referencing a role appropriate for the - Ingress Operator.\n\n\nThe following is an example of - a valid policy document:\n\n\n{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": - [\n\t\t{\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Action\": - [\n\t\t\t\t\"elasticloadbalancing:DescribeLoadBalancers\",\n\t\t\t\t\"tag:GetResources\",\n\t\t\t\t\"route53:ListHostedZones\"\n\t\t\t],\n\t\t\t\"Resource\": - \"*\"\n\t\t},\n\t\t{\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Action\": - [\n\t\t\t\t\"route53:ChangeResourceRecordSets\"\n\t\t\t],\n\t\t\t\"Resource\": - [\n\t\t\t\t\"arn:aws:route53:::PUBLIC_ZONE_ID\",\n\t\t\t\t\"arn:aws:route53:::PRIVATE_ZONE_ID\"\n\t\t\t]\n\t\t}\n\t]\n}" - type: string - kubeCloudControllerARN: - description: |- - KubeCloudControllerARN is an ARN value referencing a role appropriate for the KCM/KCC. - - - The following is an example of a valid policy document: - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeImages", - "ec2:DescribeRegions", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVolumes", - "ec2:CreateSecurityGroup", - "ec2:CreateTags", - "ec2:CreateVolume", - "ec2:ModifyInstanceAttribute", - "ec2:ModifyVolume", - "ec2:AttachVolume", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateRoute", - "ec2:DeleteRoute", - "ec2:DeleteSecurityGroup", - "ec2:DeleteVolume", - "ec2:DetachVolume", - "ec2:RevokeSecurityGroupIngress", - "ec2:DescribeVpcs", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:AttachLoadBalancerToSubnets", - "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", - "elasticloadbalancing:CreateLoadBalancer", - "elasticloadbalancing:CreateLoadBalancerPolicy", - "elasticloadbalancing:CreateLoadBalancerListeners", - "elasticloadbalancing:ConfigureHealthCheck", - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:DeleteLoadBalancerListeners", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DetachLoadBalancerFromSubnets", - "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", - "elasticloadbalancing:ModifyLoadBalancerAttributes", - "elasticloadbalancing:RegisterInstancesWithLoadBalancer", - "elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:CreateTargetGroup", - "elasticloadbalancing:DeleteListener", - "elasticloadbalancing:DeleteTargetGroup", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "elasticloadbalancing:ModifyListener", - "elasticloadbalancing:ModifyTargetGroup", - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:SetLoadBalancerPoliciesOfListener", - "iam:CreateServiceLinkedRole", - "kms:DescribeKey" - ], - "Resource": [ - "*" - ], - "Effect": "Allow" - } - ] - } - type: string - networkARN: - description: "NetworkARN is an ARN value referencing a - role appropriate for the Network Operator.\n\n\nThe - following is an example of a valid policy document:\n\n\n{\n\t\"Version\": - \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Effect\": - \"Allow\",\n\t\t\t\"Action\": [\n\t\t\t\t\"ec2:DescribeInstances\",\n - \ \"ec2:DescribeInstanceStatus\",\n \"ec2:DescribeInstanceTypes\",\n - \ \"ec2:UnassignPrivateIpAddresses\",\n \"ec2:AssignPrivateIpAddresses\",\n - \ \"ec2:UnassignIpv6Addresses\",\n \"ec2:AssignIpv6Addresses\",\n - \ \"ec2:DescribeSubnets\",\n \"ec2:DescribeNetworkInterfaces\"\n\t\t\t],\n\t\t\t\"Resource\": - \"*\"\n\t\t}\n\t]\n}" - type: string - nodePoolManagementARN: - description: "NodePoolManagementARN is an ARN value referencing - a role appropriate for the CAPI Controller.\n\n\nThe - following is an example of a valid policy document:\n\n\n{\n - \ \"Version\": \"2012-10-17\",\n \"Statement\": [\n - \ {\n \"Action\": [\n \"ec2:AllocateAddress\",\n - \ \"ec2:AssociateRouteTable\",\n \"ec2:AttachInternetGateway\",\n - \ \"ec2:AuthorizeSecurityGroupIngress\",\n \"ec2:CreateInternetGateway\",\n - \ \"ec2:CreateNatGateway\",\n \"ec2:CreateRoute\",\n - \ \"ec2:CreateRouteTable\",\n \"ec2:CreateSecurityGroup\",\n - \ \"ec2:CreateSubnet\",\n \"ec2:CreateTags\",\n - \ \"ec2:DeleteInternetGateway\",\n \"ec2:DeleteNatGateway\",\n - \ \"ec2:DeleteRouteTable\",\n \"ec2:DeleteSecurityGroup\",\n - \ \"ec2:DeleteSubnet\",\n \"ec2:DeleteTags\",\n - \ \"ec2:DescribeAccountAttributes\",\n \"ec2:DescribeAddresses\",\n - \ \"ec2:DescribeAvailabilityZones\",\n \"ec2:DescribeImages\",\n - \ \"ec2:DescribeInstances\",\n \"ec2:DescribeInternetGateways\",\n - \ \"ec2:DescribeNatGateways\",\n \"ec2:DescribeNetworkInterfaces\",\n - \ \"ec2:DescribeNetworkInterfaceAttribute\",\n - \ \"ec2:DescribeRouteTables\",\n \"ec2:DescribeSecurityGroups\",\n - \ \"ec2:DescribeSubnets\",\n \"ec2:DescribeVpcs\",\n - \ \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeVolumes\",\n - \ \"ec2:DetachInternetGateway\",\n \"ec2:DisassociateRouteTable\",\n - \ \"ec2:DisassociateAddress\",\n \"ec2:ModifyInstanceAttribute\",\n - \ \"ec2:ModifyNetworkInterfaceAttribute\",\n \"ec2:ModifySubnetAttribute\",\n - \ \"ec2:ReleaseAddress\",\n \"ec2:RevokeSecurityGroupIngress\",\n - \ \"ec2:RunInstances\",\n \"ec2:TerminateInstances\",\n - \ \"tag:GetResources\",\n \"ec2:CreateLaunchTemplate\",\n - \ \"ec2:CreateLaunchTemplateVersion\",\n \"ec2:DescribeLaunchTemplates\",\n - \ \"ec2:DescribeLaunchTemplateVersions\",\n \"ec2:DeleteLaunchTemplate\",\n - \ \"ec2:DeleteLaunchTemplateVersions\"\n ],\n - \ \"Resource\": [\n \"*\"\n ],\n \"Effect\": - \"Allow\"\n },\n {\n \"Condition\": {\n \"StringLike\": - {\n \"iam:AWSServiceName\": \"elasticloadbalancing.amazonaws.com\"\n - \ }\n },\n \"Action\": [\n \"iam:CreateServiceLinkedRole\"\n - \ ],\n \"Resource\": [\n \"arn:*:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing\"\n - \ ],\n \"Effect\": \"Allow\"\n },\n {\n \"Action\": - [\n \"iam:PassRole\"\n ],\n \"Resource\": - [\n \"arn:*:iam::*:role/*-worker-role\"\n ],\n - \ \"Effect\": \"Allow\"\n },\n\t {\n\t \t\"Effect\": - \"Allow\",\n\t \t\"Action\": [\n\t \t\t\"kms:Decrypt\",\n\t - \ \t\t\"kms:Encrypt\",\n\t \t\t\"kms:GenerateDataKey\",\n\t - \ \t\t\"kms:GenerateDataKeyWithoutPlainText\",\n\t \t\t\"kms:DescribeKey\"\n\t - \ \t],\n\t \t\"Resource\": \"*\"\n\t },\n\t {\n\t - \ \t\"Effect\": \"Allow\",\n\t \t\"Action\": [\n\t - \ \t\t\"kms:RevokeGrant\",\n\t \t\t\"kms:CreateGrant\",\n\t - \ \t\t\"kms:ListGrants\"\n\t \t],\n\t \t\"Resource\": - \"*\",\n\t \t\"Condition\": {\n\t \t\t\"Bool\": {\n\t - \ \t\t\t\"kms:GrantIsForAWSResource\": true\n\t \t\t}\n\t - \ \t}\n\t }\n ]\n}" - type: string - storageARN: - description: "StorageARN is an ARN value referencing a - role appropriate for the Storage Operator.\n\n\nThe - following is an example of a valid policy document:\n\n\n{\n\t\"Version\": - \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Effect\": - \"Allow\",\n\t\t\t\"Action\": [\n\t\t\t\t\"ec2:AttachVolume\",\n\t\t\t\t\"ec2:CreateSnapshot\",\n\t\t\t\t\"ec2:CreateTags\",\n\t\t\t\t\"ec2:CreateVolume\",\n\t\t\t\t\"ec2:DeleteSnapshot\",\n\t\t\t\t\"ec2:DeleteTags\",\n\t\t\t\t\"ec2:DeleteVolume\",\n\t\t\t\t\"ec2:DescribeInstances\",\n\t\t\t\t\"ec2:DescribeSnapshots\",\n\t\t\t\t\"ec2:DescribeTags\",\n\t\t\t\t\"ec2:DescribeVolumes\",\n\t\t\t\t\"ec2:DescribeVolumesModifications\",\n\t\t\t\t\"ec2:DetachVolume\",\n\t\t\t\t\"ec2:ModifyVolume\"\n\t\t\t],\n\t\t\t\"Resource\": - \"*\"\n\t\t}\n\t]\n}" - type: string - required: - - controlPlaneOperatorARN - - imageRegistryARN - - ingressARN - - kubeCloudControllerARN - - networkARN - - nodePoolManagementARN - - storageARN - type: object - serviceEndpoints: - description: |- - ServiceEndpoints specifies optional custom endpoints which will override - the default service endpoint of specific AWS Services. - - - There must be only one ServiceEndpoint for a given service name. - items: - description: |- - AWSServiceEndpoint stores the configuration for services to - override existing defaults of AWS Services. - properties: - name: - description: |- - Name is the name of the AWS service. - This must be provided and cannot be empty. - type: string - url: - description: |- - URL is fully qualified URI with scheme https, that overrides the default generated - endpoint for a client. - This must be provided and cannot be empty. - pattern: ^https:// - type: string - required: - - name - - url - type: object - type: array - required: - - controlPlaneOperatorCreds - - kubeCloudControllerCreds - - nodePoolManagementCreds - - region - - rolesRef - type: object - azure: - description: Azure defines azure specific settings - properties: - cloud: - default: AzurePublicCloud - description: 'The cloud environment identifier, valid values - could be found here: https://github.com/Azure/go-autorest/blob/4c0e21ca2bbb3251fe7853e6f9df6397f53dd419/autorest/azure/environments.go#L33' - enum: - - AzurePublicCloud - - AzureUSGovernmentCloud - - AzureChinaCloud - - AzureGermanCloud - type: string - credentials: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - location: - type: string - resourceGroup: - type: string - securityGroupID: - type: string - subnetID: - type: string - subscriptionID: - type: string - vnetID: - type: string - required: - - credentials - - location - - resourceGroup - - securityGroupID - - subnetID - - subscriptionID - - vnetID - type: object - ibmcloud: - description: IBMCloud defines IBMCloud specific settings for components - properties: - providerType: - description: ProviderType is a specific supported infrastructure - provider within IBM Cloud. - type: string - type: object - kubevirt: - description: KubeVirt defines KubeVirt specific settings for cluster - components. - properties: - baseDomainPassthrough: - description: |- - BaseDomainPassthrough toggles whether or not an automatically - generated base domain for the guest cluster should be used that - is a subdomain of the management cluster's *.apps DNS. - - - For the KubeVirt platform, the basedomain can be autogenerated using - the *.apps domain of the management/infra hosting cluster - This makes the guest cluster's base domain a subdomain of the - hypershift infra/mgmt cluster's base domain. - - - Example: - Infra/Mgmt cluster's DNS - Base: example.com - Cluster: mgmt-cluster.example.com - Apps: *.apps.mgmt-cluster.example.com - KubeVirt Guest cluster's DNS - Base: apps.mgmt-cluster.example.com - Cluster: guest.apps.mgmt-cluster.example.com - Apps: *.apps.guest.apps.mgmt-cluster.example.com - - - This is possible using OCP wildcard routes - type: boolean - x-kubernetes-validations: - - message: baseDomainPassthrough is immutable - rule: self == oldSelf - credentials: - description: |- - Credentials defines the client credentials used when creating KubeVirt virtual machines. - Defining credentials is only necessary when the KubeVirt virtual machines are being placed - on a cluster separate from the one hosting the Hosted Control Plane components. - - - The default behavior when Credentials is not defined is for the KubeVirt VMs to be placed on - the same cluster and namespace as the Hosted Control Plane. - properties: - infraKubeConfigSecret: - description: |- - InfraKubeConfigSecret is a reference to a secret that contains the kubeconfig for the external infra cluster - that will be used to host the KubeVirt virtual machines for this cluster. - properties: - key: - type: string - name: - type: string - required: - - key - - name - type: object - x-kubernetes-validations: - - message: infraKubeConfigSecret is immutable - rule: self == oldSelf - infraNamespace: - description: |- - InfraNamespace defines the namespace on the external infra cluster that is used to host the KubeVirt - virtual machines. This namespace must already exist before creating the HostedCluster and the kubeconfig - referenced in the InfraKubeConfigSecret must have access to manage the required resources within this - namespace. - type: string - x-kubernetes-validations: - - message: infraNamespace is immutable - rule: self == oldSelf - required: - - infraNamespace - type: object - generateID: - description: |- - GenerateID is used to uniquely apply a name suffix to resources associated with - kubevirt infrastructure resources - maxLength: 11 - type: string - x-kubernetes-validations: - - message: Kubevirt GenerateID is immutable once set - rule: self == oldSelf - storageDriver: - description: |- - StorageDriver defines how the KubeVirt CSI driver exposes StorageClasses on - the infra cluster (hosting the VMs) to the guest cluster. - properties: - manual: - description: |- - Manual is used to explicilty define how the infra storageclasses are - mapped to guest storageclasses - properties: - storageClassMapping: - description: |- - StorageClassMapping maps StorageClasses on the infra cluster hosting - the KubeVirt VMs to StorageClasses that are made available within the - Guest Cluster. - - - NOTE: It is possible that not all capablities of an infra cluster's - storageclass will be present for the corresponding guest clusters storageclass. - items: - properties: - group: - description: Group contains which group this - mapping belongs to. - type: string - guestStorageClassName: - description: |- - GuestStorageClassName is the name that the corresponding storageclass will - be called within the guest cluster - type: string - infraStorageClassName: - description: |- - InfraStorageClassName is the name of the infra cluster storage class that - will be exposed to the guest. - type: string - required: - - guestStorageClassName - - infraStorageClassName - type: object - type: array - x-kubernetes-validations: - - message: storageClassMapping is immutable - rule: self == oldSelf - volumeSnapshotClassMapping: - items: - properties: - group: - description: Group contains which group this - mapping belongs to. - type: string - guestVolumeSnapshotClassName: - description: |- - GuestVolumeSnapshotClassName is the name that the corresponding volumeSnapshotClass will - be called within the guest cluster - type: string - infraVolumeSnapshotClassName: - description: |- - InfraStorageClassName is the name of the infra cluster volume snapshot class that - will be exposed to the guest. - type: string - required: - - guestVolumeSnapshotClassName - - infraVolumeSnapshotClassName - type: object - type: array - x-kubernetes-validations: - - message: volumeSnapshotClassMapping is immutable - rule: self == oldSelf - type: object - x-kubernetes-validations: - - message: storageDriver.Manual is immutable - rule: self == oldSelf - type: - default: Default - description: Type represents the type of kubevirt csi - driver configuration to use - enum: - - None - - Default - - Manual - type: string - x-kubernetes-validations: - - message: storageDriver.Type is immutable - rule: self == oldSelf - type: object - x-kubernetes-validations: - - message: storageDriver is immutable - rule: self == oldSelf - type: object - x-kubernetes-validations: - - message: Kubevirt GenerateID is required once set - rule: '!has(oldSelf.generateID) || has(self.generateID)' - powervs: - description: |- - PowerVS specifies configuration for clusters running on IBMCloud Power VS Service. - This field is immutable. Once set, It can't be changed. - properties: - accountID: - description: |- - AccountID is the IBMCloud account id. - This field is immutable. Once set, It can't be changed. - type: string - cisInstanceCRN: - description: |- - CISInstanceCRN is the IBMCloud CIS Service Instance's Cloud Resource Name - This field is immutable. Once set, It can't be changed. - pattern: '^crn:' - type: string - imageRegistryOperatorCloudCreds: - description: |- - ImageRegistryOperatorCloudCreds is a reference to a secret containing ibm cloud - credentials for image registry operator to get authenticated with ibm cloud. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - ingressOperatorCloudCreds: - description: |- - IngressOperatorCloudCreds is a reference to a secret containing ibm cloud - credentials for ingress operator to get authenticated with ibm cloud. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - kubeCloudControllerCreds: - description: |- - KubeCloudControllerCreds is a reference to a secret containing cloud - credentials with permissions matching the cloud controller policy. - This field is immutable. Once set, It can't be changed. - - - TODO(dan): document the "cloud controller policy" - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - nodePoolManagementCreds: - description: |- - NodePoolManagementCreds is a reference to a secret containing cloud - credentials with permissions matching the node pool management policy. - This field is immutable. Once set, It can't be changed. - - - TODO(dan): document the "node pool management policy" - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - region: - description: |- - Region is the IBMCloud region in which the cluster resides. This configures the - OCP control plane cloud integrations, and is used by NodePool to resolve - the correct boot image for a given release. - This field is immutable. Once set, It can't be changed. - type: string - resourceGroup: - description: |- - ResourceGroup is the IBMCloud Resource Group in which the cluster resides. - This field is immutable. Once set, It can't be changed. - type: string - serviceInstanceID: - description: |- - ServiceInstance is the reference to the Power VS service on which the server instance(VM) will be created. - Power VS service is a container for all Power VS instances at a specific geographic region. - serviceInstance can be created via IBM Cloud catalog or CLI. - ServiceInstanceID is the unique identifier that can be obtained from IBM Cloud UI or IBM Cloud cli. - - - More detail about Power VS service instance. - https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-creating-power-virtual-server - - - This field is immutable. Once set, It can't be changed. - type: string - storageOperatorCloudCreds: - description: |- - StorageOperatorCloudCreds is a reference to a secret containing ibm cloud - credentials for storage operator to get authenticated with ibm cloud. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - subnet: - description: |- - Subnet is the subnet to use for control plane cloud resources. - This field is immutable. Once set, It can't be changed. - properties: - id: - description: ID of resource - type: string - name: - description: Name of resource - type: string - type: object - vpc: - description: |- - VPC specifies IBM Cloud PowerVS Load Balancing configuration for the control - plane. - This field is immutable. Once set, It can't be changed. - properties: - name: - description: |- - Name for VPC to used for all the service load balancer. - This field is immutable. Once set, It can't be changed. - type: string - region: - description: |- - Region is the IBMCloud region in which VPC gets created, this VPC used for all the ingress traffic - into the OCP cluster. - This field is immutable. Once set, It can't be changed. - type: string - subnet: - description: |- - Subnet is the subnet to use for load balancer. - This field is immutable. Once set, It can't be changed. - type: string - zone: - description: |- - Zone is the availability zone where load balancer cloud resources are - created. - This field is immutable. Once set, It can't be changed. - type: string - required: - - name - - region - type: object - zone: - description: |- - Zone is the availability zone where control plane cloud resources are - created. - This field is immutable. Once set, It can't be changed. - type: string - required: - - accountID - - cisInstanceCRN - - imageRegistryOperatorCloudCreds - - ingressOperatorCloudCreds - - kubeCloudControllerCreds - - nodePoolManagementCreds - - region - - resourceGroup - - serviceInstanceID - - storageOperatorCloudCreds - - subnet - - vpc - - zone - type: object - type: - description: Type is the type of infrastructure provider for the - cluster. - enum: - - AWS - - None - - IBMCloud - - Agent - - KubeVirt - - Azure - - PowerVS - type: string - required: - - type - type: object - pullSecret: - description: |- - PullSecret references a pull secret to be injected into the container - runtime of all cluster nodes. The secret must have a key named - ".dockerconfigjson" whose value is the pull secret JSON. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - release: - description: |- - Release specifies the desired OCP release payload for the hosted cluster. - - - Updating this field will trigger a rollout of the control plane. The - behavior of the rollout will be driven by the ControllerAvailabilityPolicy - and InfrastructureAvailabilityPolicy. - properties: - image: - description: Image is the image pullspec of an OCP release payload - image. - pattern: ^(\w+\S+)$ - type: string - required: - - image - type: object - secretEncryption: - description: |- - SecretEncryption specifies a Kubernetes secret encryption strategy for the - control plane. - properties: - aescbc: - description: AESCBC defines metadata about the AESCBC secret encryption - strategy - properties: - activeKey: - description: ActiveKey defines the active key used to encrypt - new secrets - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - backupKey: - description: |- - BackupKey defines the old key during the rotation process so previously created - secrets can continue to be decrypted until they are all re-encrypted with the active key. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - required: - - activeKey - type: object - kms: - description: KMS defines metadata about the kms secret encryption - strategy - properties: - aws: - description: AWS defines metadata about the configuration - of the AWS KMS Secret Encryption provider - properties: - activeKey: - description: ActiveKey defines the active key used to - encrypt new secrets - properties: - arn: - description: ARN is the Amazon Resource Name for the - encryption key - pattern: '^arn:' - type: string - required: - - arn - type: object - auth: - description: Auth defines metadata about the management - of credentials used to interact with AWS KMS - properties: - awsKms: - description: "The referenced role must have a trust - relationship that allows it to be assumed via web - identity.\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html.\nExample:\n{\n\t\t\"Version\": - \"2012-10-17\",\n\t\t\"Statement\": [\n\t\t\t{\n\t\t\t\t\"Effect\": - \"Allow\",\n\t\t\t\t\"Principal\": {\n\t\t\t\t\t\"Federated\": - \"{{ .ProviderARN }}\"\n\t\t\t\t},\n\t\t\t\t\t\"Action\": - \"sts:AssumeRoleWithWebIdentity\",\n\t\t\t\t\"Condition\": - {\n\t\t\t\t\t\"StringEquals\": {\n\t\t\t\t\t\t\"{{ - .ProviderName }}:sub\": {{ .ServiceAccounts }}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t]\n\t}\n\n\nAWSKMSARN - is an ARN value referencing a role appropriate for - managing the auth via the AWS KMS key.\n\n\nThe - following is an example of a valid policy document:\n\n\n{\n\t\"Version\": - \"2012-10-17\",\n\t\"Statement\": [\n \t{\n\t\t\t\"Effect\": - \"Allow\",\n\t\t\t\"Action\": [\n\t\t\t\t\"kms:Encrypt\",\n\t\t\t\t\"kms:Decrypt\",\n\t\t\t\t\"kms:ReEncrypt*\",\n\t\t\t\t\"kms:GenerateDataKey*\",\n\t\t\t\t\"kms:DescribeKey\"\n\t\t\t],\n\t\t\t\"Resource\": - %q\n\t\t}\n\t]\n}" - type: string - credentials: - description: |- - Deprecated - This field is deprecated and will be removed in a future release. Use AWSKMSRoleARN instead. - Credentials contains the name of the secret that holds the aws credentials that can be used - to make the necessary KMS calls. It should at key AWSCredentialsFileSecretKey contain the - aws credentials file that can be used to configure AWS SDKs - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - required: - - awsKms - - credentials - type: object - backupKey: - description: |- - BackupKey defines the old key during the rotation process so previously created - secrets can continue to be decrypted until they are all re-encrypted with the active key. - properties: - arn: - description: ARN is the Amazon Resource Name for the - encryption key - pattern: '^arn:' - type: string - required: - - arn - type: object - region: - description: Region contains the AWS region - type: string - required: - - activeKey - - auth - - region - type: object - azure: - description: Azure defines metadata about the configuration - of the Azure KMS Secret Encryption provider using Azure - key vault - properties: - activeKey: - description: ActiveKey defines the active key used to - encrypt new secrets - properties: - keyName: - description: KeyName is the name of the keyvault key - used for encrypt/decrypt - type: string - keyVaultName: - description: |- - KeyVaultName is the name of the keyvault. Must match criteria specified at https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name - Your Microsoft Entra application used to create the cluster must be authorized to access this keyvault, e.g using the AzureCLI: - `az keyvault set-policy -n $KEYVAULT_NAME --key-permissions decrypt encrypt --spn ` - type: string - keyVersion: - description: KeyVersion contains the version of the - key to use - type: string - required: - - keyName - - keyVaultName - - keyVersion - type: object - backupKey: - description: |- - BackupKey defines the old key during the rotation process so previously created - secrets can continue to be decrypted until they are all re-encrypted with the active key. - properties: - keyName: - description: KeyName is the name of the keyvault key - used for encrypt/decrypt - type: string - keyVaultName: - description: |- - KeyVaultName is the name of the keyvault. Must match criteria specified at https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name - Your Microsoft Entra application used to create the cluster must be authorized to access this keyvault, e.g using the AzureCLI: - `az keyvault set-policy -n $KEYVAULT_NAME --key-permissions decrypt encrypt --spn ` - type: string - keyVersion: - description: KeyVersion contains the version of the - key to use - type: string - required: - - keyName - - keyVaultName - - keyVersion - type: object - required: - - activeKey - type: object - ibmcloud: - description: IBMCloud defines metadata for the IBM Cloud KMS - encryption strategy - properties: - auth: - description: Auth defines metadata for how authentication - is done with IBM Cloud KMS - properties: - managed: - description: |- - Managed defines metadata around the service to service authentication strategy for the IBM Cloud - KMS system (all provider managed). - type: object - type: - description: Type defines the IBM Cloud KMS authentication - strategy - enum: - - Managed - - Unmanaged - type: string - unmanaged: - description: Unmanaged defines the auth metadata the - customer provides to interact with IBM Cloud KMS - properties: - credentials: - description: |- - Credentials should reference a secret with a key field of IBMCloudIAMAPIKeySecretKey that contains a apikey to - call IBM Cloud KMS APIs - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - required: - - credentials - type: object - required: - - type - type: object - keyList: - description: KeyList defines the list of keys used for - data encryption - items: - description: IBMCloudKMSKeyEntry defines metadata for - an IBM Cloud KMS encryption key - properties: - correlationID: - description: CorrelationID is an identifier used - to track all api call usage from hypershift - type: string - crkID: - description: CRKID is the customer rook key id - type: string - instanceID: - description: InstanceID is the id for the key protect - instance - type: string - keyVersion: - description: |- - KeyVersion is a unique number associated with the key. The number increments whenever a new - key is enabled for data encryption. - type: integer - url: - description: URL is the url to call key protect - apis over - pattern: ^https:// - type: string - required: - - correlationID - - crkID - - instanceID - - keyVersion - - url - type: object - type: array - region: - description: Region is the IBM Cloud region - type: string - required: - - auth - - keyList - - region - type: object - provider: - description: Provider defines the KMS provider - enum: - - IBMCloud - - AWS - - Azure - type: string - required: - - provider - type: object - type: - description: Type defines the type of kube secret encryption being - used - enum: - - kms - - aescbc - type: string - required: - - type - type: object - serviceAccountSigningKey: - description: |- - ServiceAccountSigningKey is a reference to a secret containing the private key - used by the service account token issuer. The secret is expected to contain - a single key named "key". If not specified, a service account signing key will - be generated automatically for the cluster. When specifying a service account - signing key, a IssuerURL must also be specified. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - services: - description: |- - Services specifies how individual control plane services are published from - the hosting cluster of the control plane. - - - If a given service is not present in this list, it will be exposed publicly - by default. - items: - description: |- - ServicePublishingStrategyMapping specifies how individual control plane - services are published from the hosting cluster of a control plane. - properties: - service: - description: Service identifies the type of service being published. - enum: - - APIServer - - OAuthServer - - OIDC - - Konnectivity - - Ignition - - OVNSbDb - type: string - servicePublishingStrategy: - description: ServicePublishingStrategy specifies how to publish - Service. - properties: - loadBalancer: - description: LoadBalancer configures exposing a service - using a LoadBalancer. - properties: - hostname: - description: Hostname is the name of the DNS record - that will be created pointing to the LoadBalancer. - type: string - type: object - nodePort: - description: NodePort configures exposing a service using - a NodePort. - properties: - address: - description: Address is the host/ip that the NodePort - service is exposed over. - type: string - port: - description: |- - Port is the port of the NodePort service. If <=0, the port is dynamically - assigned when the service is created. - format: int32 - type: integer - required: - - address - type: object - route: - description: Route configures exposing a service using a - Route. - properties: - hostname: - description: Hostname is the name of the DNS record - that will be created pointing to the Route. - type: string - type: object - type: - description: Type is the publishing strategy used for the - service. - enum: - - LoadBalancer - - NodePort - - Route - - None - - S3 - type: string - required: - - type - type: object - required: - - service - - servicePublishingStrategy - type: object - type: array - sshKey: - description: |- - SSHKey references an SSH key to be injected into all cluster node sshd - servers. The secret must have a single key "id_rsa.pub" whose value is the - public part of an SSH key. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - tolerations: - description: Tolerations when specified, define what custome tolerations - are added to the hcp pods. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - updateService: - description: |- - updateService may be used to specify the preferred upstream update service. - By default it will use the appropriate update service for the cluster and region. - type: string - required: - - networking - - platform - - pullSecret - - release - - services - - sshKey - type: object - status: - description: Status is the latest observed status of the HostedCluster. - properties: - conditions: - description: |- - Conditions represents the latest available observations of a control - plane's current state. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint contains the endpoint information by which - external clients can access the control plane. This is populated - after the infrastructure is ready. - properties: - host: - description: Host is the hostname on which the API server is serving. - type: string - port: - description: Port is the port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - ignitionEndpoint: - description: |- - IgnitionEndpoint is the endpoint injected in the ign config userdata. - It exposes the config for instances to become kubernetes nodes. - type: string - kubeadminPassword: - description: |- - KubeadminPassword is a reference to the secret that contains the initial - kubeadmin user password for the guest cluster. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - kubeconfig: - description: |- - KubeConfig is a reference to the secret containing the default kubeconfig - for the cluster. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - oauthCallbackURLTemplate: - description: |- - OAuthCallbackURLTemplate contains a template for the URL to use as a callback - for identity providers. The [identity-provider-name] placeholder must be replaced - with the name of an identity provider defined on the HostedCluster. - This is populated after the infrastructure is ready. - type: string - platform: - description: Platform contains platform-specific status of the HostedCluster - properties: - aws: - description: AWSPlatformStatus contains status specific to the - AWS platform - properties: - defaultWorkerSecurityGroupID: - description: |- - DefaultWorkerSecurityGroupID is the ID of a security group created by - the control plane operator. It is always added to worker machines in - addition to any security groups specified in the NodePool. - type: string - type: object - type: object - version: - description: |- - Version is the status of the release version applied to the - HostedCluster. - properties: - availableUpdates: - description: |- - availableUpdates contains updates recommended for this - cluster. Updates which appear in conditionalUpdates but not in - availableUpdates may expose this cluster to known issues. This list - may be empty if no updates are recommended, if the update service - is unavailable, or if an invalid channel has been specified. - items: - description: Release represents an OpenShift release image and - associated metadata. - properties: - channels: - description: |- - channels is the set of Cincinnati channels to which the release - currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: |- - image is a container image location that contains the update. When this - field is part of spec, image is optional if version is specified and the - availableUpdates field contains a matching version. - type: string - url: - description: |- - url contains information about this release. This URL is set by - the 'url' metadata property on a release or the metadata returned by - the update API and should be displayed as a link in user - interfaces. The URL field may not be set for test or nightly - releases. - type: string - version: - description: |- - version is a semantic version identifying the update version. When this - field is part of spec, version is optional if image is specified. - type: string - type: object - nullable: true - type: array - conditionalUpdates: - description: |- - conditionalUpdates contains the list of updates that may be - recommended for this cluster if it meets specific required - conditions. Consumers interested in the set of updates that are - actually recommended for this cluster should use - availableUpdates. This list may be empty if no updates are - recommended, if the update service is unavailable, or if an empty - or invalid channel has been specified. - items: - description: |- - ConditionalUpdate represents an update which is recommended to some - clusters on the version the current cluster is reconciling, but which - may not be recommended for the current cluster. - properties: - conditions: - description: |- - conditions represents the observations of the conditional update's - current status. Known types are: - * Recommended, for whether the update is recommended for the current cluster. - items: - description: "Condition contains details for one aspect - of the current state of this API Resource.\n---\nThis - struct is intended for direct use as an array at the - field path .status.conditions. For example,\n\n\n\ttype - FooStatus struct{\n\t // Represents the observations - of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t - \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t - \ // +listType=map\n\t // +listMapKey=type\n\t - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, - False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - release: - description: release is the target of the update. - properties: - channels: - description: |- - channels is the set of Cincinnati channels to which the release - currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: |- - image is a container image location that contains the update. When this - field is part of spec, image is optional if version is specified and the - availableUpdates field contains a matching version. - type: string - url: - description: |- - url contains information about this release. This URL is set by - the 'url' metadata property on a release or the metadata returned by - the update API and should be displayed as a link in user - interfaces. The URL field may not be set for test or nightly - releases. - type: string - version: - description: |- - version is a semantic version identifying the update version. When this - field is part of spec, version is optional if image is specified. - type: string - type: object - risks: - description: |- - risks represents the range of issues associated with - updating to the target release. The cluster-version - operator will evaluate all entries, and only recommend the - update if there is at least one entry and all entries - recommend the update. - items: - description: |- - ConditionalUpdateRisk represents a reason and cluster-state - for not recommending a conditional update. - properties: - matchingRules: - description: |- - matchingRules is a slice of conditions for deciding which - clusters match the risk and which do not. The slice is - ordered by decreasing precedence. The cluster-version - operator will walk the slice in order, and stop after the - first it can successfully evaluate. If no condition can be - successfully evaluated, the update will not be recommended. - items: - description: |- - ClusterCondition is a union of typed cluster conditions. The 'type' - property determines which of the type-specific properties are relevant. - When evaluated on a cluster, the condition may match, not match, or - fail to evaluate. - properties: - promql: - description: promQL represents a cluster condition - based on PromQL. - properties: - promql: - description: |- - PromQL is a PromQL query classifying clusters. This query - query should return a 1 in the match case and a 0 in the - does-not-match case. Queries which return no time - series, or which return values besides 0 or 1, are - evaluation failures. - type: string - required: - - promql - type: object - type: - description: |- - type represents the cluster-condition type. This defines - the members and semantics of any additional properties. - enum: - - Always - - PromQL - type: string - required: - - type - type: object - minItems: 1 - type: array - x-kubernetes-list-type: atomic - message: - description: |- - message provides additional information about the risk of - updating, in the event that matchingRules match the cluster - state. This is only to be consumed by humans. It may - contain Line Feed characters (U+000A), which should be - rendered as new lines. - minLength: 1 - type: string - name: - description: |- - name is the CamelCase reason for not recommending a - conditional update, in the event that matchingRules match the - cluster state. - minLength: 1 - type: string - url: - description: url contains information about this risk. - format: uri - minLength: 1 - type: string - required: - - matchingRules - - message - - name - - url - type: object - minItems: 1 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - release - - risks - type: object - type: array - x-kubernetes-list-type: atomic - desired: - description: |- - desired is the version that the cluster is reconciling towards. - If the cluster is not yet fully initialized desired will be set - with the information available, which may be an image or a tag. - properties: - channels: - description: |- - channels is the set of Cincinnati channels to which the release - currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: |- - image is a container image location that contains the update. When this - field is part of spec, image is optional if version is specified and the - availableUpdates field contains a matching version. - type: string - url: - description: |- - url contains information about this release. This URL is set by - the 'url' metadata property on a release or the metadata returned by - the update API and should be displayed as a link in user - interfaces. The URL field may not be set for test or nightly - releases. - type: string - version: - description: |- - version is a semantic version identifying the update version. When this - field is part of spec, version is optional if image is specified. - type: string - type: object - history: - description: |- - history contains a list of the most recent versions applied to the cluster. - This value may be empty during cluster startup, and then will be updated - when a new update is being applied. The newest update is first in the - list and it is ordered by recency. Updates in the history have state - Completed if the rollout completed - if an update was failing or halfway - applied the state will be Partial. Only a limited amount of update history - is preserved. - items: - description: UpdateHistory is a single attempted update to the - cluster. - properties: - acceptedRisks: - description: |- - acceptedRisks records risks which were accepted to initiate the update. - For example, it may menition an Upgradeable=False or missing signature - that was overriden via desiredUpdate.force, or an update that was - initiated despite not being in the availableUpdates set of recommended - update targets. - type: string - completionTime: - description: |- - completionTime, if set, is when the update was fully applied. The update - that is currently being applied will have a null completion time. - Completion time will always be set for entries that are not the current - update (usually to the started time of the next update). - format: date-time - nullable: true - type: string - image: - description: |- - image is a container image location that contains the update. This value - is always populated. - type: string - startedTime: - description: startedTime is the time at which the update - was started. - format: date-time - type: string - state: - description: |- - state reflects whether the update was fully applied. The Partial state - indicates the update is not fully applied, while the Completed state - indicates the update was successfully rolled out at least once (all - parts of the update successfully applied). - type: string - verified: - description: |- - verified indicates whether the provided update was properly verified - before it was installed. If this is false the cluster may not be trusted. - Verified does not cover upgradeable checks that depend on the cluster - state at the time when the update target was accepted. - type: boolean - version: - description: |- - version is a semantic version identifying the update version. If the - requested image does not define a version, or if a failure occurs - retrieving the image, this value may be empty. - type: string - required: - - completionTime - - image - - startedTime - - state - - verified - type: object - type: array - observedGeneration: - description: |- - observedGeneration reports which version of the spec is being synced. - If this value is not equal to metadata.generation, then the desired - and conditions fields may represent a previous version. - format: int64 - type: integer - required: - - availableUpdates - - desired - - observedGeneration - type: object - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Version - jsonPath: .status.version.history[?(@.state=="Completed")].version - name: Version - type: string - - description: KubeConfig Secret - jsonPath: .status.kubeconfig.name - name: KubeConfig - type: string - - description: Progress - jsonPath: .status.version.history[?(@.state!="")].state - name: Progress - type: string - - description: Available - jsonPath: .status.conditions[?(@.type=="Available")].status - name: Available - type: string - - description: Progressing - jsonPath: .status.conditions[?(@.type=="Progressing")].status - name: Progressing - type: string - - description: Message - jsonPath: .status.conditions[?(@.type=="Available")].message - name: Message - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: |- - HostedCluster is the primary representation of a HyperShift cluster and encapsulates - the control plane and common data plane configuration. Creating a HostedCluster - results in a fully functional OpenShift control plane with no attached nodes. - To support workloads (e.g. pods), a HostedCluster may have one or more associated - NodePool resources. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Spec is the desired behavior of the HostedCluster. - properties: - additionalTrustBundle: - description: |- - AdditionalTrustBundle is a reference to a ConfigMap containing a - PEM-encoded X.509 certificate bundle that will be added to the hosted controlplane and nodes - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - auditWebhook: - description: |- - AuditWebhook contains metadata for configuring an audit webhook endpoint - for a cluster to process cluster audit events. It references a secret that - contains the webhook information for the audit webhook endpoint. It is a - secret because if the endpoint has mTLS the kubeconfig will contain client - keys. The kubeconfig needs to be stored in the secret with a secret key - name that corresponds to the constant AuditWebhookKubeconfigKey. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - autoscaling: - description: |- - Autoscaling specifies auto-scaling behavior that applies to all NodePools - associated with the control plane. - properties: - maxNodeProvisionTime: - description: |- - MaxNodeProvisionTime is the maximum time to wait for node provisioning - before considering the provisioning to be unsuccessful, expressed as a Go - duration string. The default is 15 minutes. - pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ - type: string - maxNodesTotal: - description: |- - MaxNodesTotal is the maximum allowable number of nodes across all NodePools - for a HostedCluster. The autoscaler will not grow the cluster beyond this - number. - format: int32 - minimum: 0 - type: integer - maxPodGracePeriod: - description: |- - MaxPodGracePeriod is the maximum seconds to wait for graceful pod - termination before scaling down a NodePool. The default is 600 seconds. - format: int32 - minimum: 0 - type: integer - podPriorityThreshold: - description: |- - PodPriorityThreshold enables users to schedule "best-effort" pods, which - shouldn't trigger autoscaler actions, but only run when there are spare - resources available. The default is -10. - - - See the following for more details: - https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#how-does-cluster-autoscaler-work-with-pod-priority-and-preemption - format: int32 - type: integer - type: object - channel: - description: |- - channel is an identifier for explicitly requesting that a non-default - set of updates be applied to this cluster. The default channel will be - contain stable updates that are appropriate for production clusters. - type: string - clusterID: - description: |- - ClusterID uniquely identifies this cluster. This is expected to be - an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in - hexadecimal values). - As with a Kubernetes metadata.uid, this ID uniquely identifies this - cluster in space and time. - This value identifies the cluster in metrics pushed to telemetry and - metrics produced by the control plane operators. If a value is not - specified, an ID is generated. After initial creation, the value is - immutable. - pattern: '[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}' - type: string - configuration: - description: |- - Configuration specifies configuration for individual OCP components in the - cluster, represented as embedded resources that correspond to the openshift - configuration API. - properties: - apiServer: - description: |- - APIServer holds configuration (like serving certificates, client CA and CORS domains) - shared by all API servers in the system, among them especially kube-apiserver - and openshift-apiserver. - properties: - additionalCORSAllowedOrigins: - description: |- - additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the - API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth - server from JavaScript applications. - The values are regular expressions that correspond to the Golang regular expression language. - items: - type: string - type: array - audit: - default: - profile: Default - description: |- - audit specifies the settings for audit configuration to be applied to all OpenShift-provided - API servers in the cluster. - properties: - customRules: - description: |- - customRules specify profiles per group. These profile take precedence over the - top-level profile field if they apply. They are evaluation from top to bottom and - the first one that matches, applies. - items: - description: |- - AuditCustomRule describes a custom rule for an audit profile that takes precedence over - the top-level profile. - properties: - group: - description: group is a name of group a request - user must be member of in order to this profile - to apply. - minLength: 1 - type: string - profile: - description: |- - profile specifies the name of the desired audit policy configuration to be deployed to - all OpenShift-provided API servers in the cluster. - - - The following profiles are provided: - - Default: the existing default policy. - - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for - write requests (create, update, patch). - - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response - HTTP payloads for read requests (get, list). - - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. - - - If unset, the 'Default' profile is used as the default. - enum: - - Default - - WriteRequestBodies - - AllRequestBodies - - None - type: string - required: - - group - - profile - type: object - type: array - x-kubernetes-list-map-keys: - - group - x-kubernetes-list-type: map - profile: - default: Default - description: |- - profile specifies the name of the desired top-level audit profile to be applied to all requests - sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, - openshift-apiserver and oauth-apiserver), with the exception of those requests that match - one or more of the customRules. - - - The following profiles are provided: - - Default: default policy which means MetaData level logging with the exception of events - (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody - level). - - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for - write requests (create, update, patch). - - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response - HTTP payloads for read requests (get, list). - - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. - - - Warning: It is not recommended to disable audit logging by using the `None` profile unless you - are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. - If you disable audit logging and a support situation arises, you might need to enable audit logging - and reproduce the issue in order to troubleshoot properly. - - - If unset, the 'Default' profile is used as the default. - enum: - - Default - - WriteRequestBodies - - AllRequestBodies - - None - type: string - type: object - clientCA: - description: |- - clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for - incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. - You usually only have to set this if you have your own PKI you wish to honor client certificates from. - The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - - ConfigMap.Data["ca-bundle.crt"] - CA bundle. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - encryption: - description: encryption allows the configuration of encryption - of resources at the datastore layer. - properties: - type: - description: |- - type defines what encryption type should be used to encrypt resources at the datastore layer. - When this field is unset (i.e. when it is set to the empty string), identity is implied. - The behavior of unset can and will change over time. Even if encryption is enabled by default, - the meaning of unset may change to a different encryption type based on changes in best practices. - - - When encryption is enabled, all sensitive resources shipped with the platform are encrypted. - This list of sensitive resources can and will change over time. The current authoritative list is: - - - 1. secrets - 2. configmaps - 3. routes.route.openshift.io - 4. oauthaccesstokens.oauth.openshift.io - 5. oauthauthorizetokens.oauth.openshift.io - enum: - - "" - - identity - - aescbc - - aesgcm - type: string - type: object - servingCerts: - description: |- - servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates - will be used for serving secure traffic. - properties: - namedCertificates: - description: |- - namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. - If no named certificates are provided, or no named certificates match the server name as understood by a client, - the defaultServingCertificate will be used. - items: - description: APIServerNamedServingCert maps a server - DNS name, as understood by a client, to a certificate. - properties: - names: - description: |- - names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to - serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. - Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names. - items: - type: string - type: array - servingCertificate: - description: |- - servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. - The secret must exist in the openshift-config namespace and contain the following required fields: - - Secret.Data["tls.key"] - TLS private key. - - Secret.Data["tls.crt"] - TLS certificate. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - type: object - type: array - type: object - tlsSecurityProfile: - description: |- - tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. - - - If unset, a default (which may change between releases) is chosen. Note that only Old, - Intermediate and Custom profiles are currently supported, and the maximum available - minTLSVersion is VersionTLS12. - properties: - custom: - description: |- - custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: - - - ciphers: - - - - ECDHE-ECDSA-CHACHA20-POLY1305 - - - - ECDHE-RSA-CHACHA20-POLY1305 - - - - ECDHE-RSA-AES128-GCM-SHA256 - - - - ECDHE-ECDSA-AES128-GCM-SHA256 - - - minTLSVersion: VersionTLS11 - nullable: true - properties: - ciphers: - description: |- - ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): - - - ciphers: - - DES-CBC3-SHA - items: - type: string - type: array - minTLSVersion: - description: |- - minTLSVersion is used to specify the minimal version of the TLS protocol - that is negotiated during the TLS handshake. For example, to use TLS - versions 1.1, 1.2 and 1.3 (yaml): - - - minTLSVersion: VersionTLS11 - - - NOTE: currently the highest minTLSVersion allowed is VersionTLS12 - enum: - - VersionTLS10 - - VersionTLS11 - - VersionTLS12 - - VersionTLS13 - type: string - type: object - intermediate: - description: |- - intermediate is a TLS security profile based on: - - - https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 - - - and looks like this (yaml): - - - ciphers: - - - - TLS_AES_128_GCM_SHA256 - - - - TLS_AES_256_GCM_SHA384 - - - - TLS_CHACHA20_POLY1305_SHA256 - - - - ECDHE-ECDSA-AES128-GCM-SHA256 - - - - ECDHE-RSA-AES128-GCM-SHA256 - - - - ECDHE-ECDSA-AES256-GCM-SHA384 - - - - ECDHE-RSA-AES256-GCM-SHA384 - - - - ECDHE-ECDSA-CHACHA20-POLY1305 - - - - ECDHE-RSA-CHACHA20-POLY1305 - - - - DHE-RSA-AES128-GCM-SHA256 - - - - DHE-RSA-AES256-GCM-SHA384 - - - minTLSVersion: VersionTLS12 - nullable: true - type: object - modern: - description: |- - modern is a TLS security profile based on: - - - https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility - - - and looks like this (yaml): - - - ciphers: - - - - TLS_AES_128_GCM_SHA256 - - - - TLS_AES_256_GCM_SHA384 - - - - TLS_CHACHA20_POLY1305_SHA256 - - - minTLSVersion: VersionTLS13 - nullable: true - type: object - old: - description: |- - old is a TLS security profile based on: - - - https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility - - - and looks like this (yaml): - - - ciphers: - - - - TLS_AES_128_GCM_SHA256 - - - - TLS_AES_256_GCM_SHA384 - - - - TLS_CHACHA20_POLY1305_SHA256 - - - - ECDHE-ECDSA-AES128-GCM-SHA256 - - - - ECDHE-RSA-AES128-GCM-SHA256 - - - - ECDHE-ECDSA-AES256-GCM-SHA384 - - - - ECDHE-RSA-AES256-GCM-SHA384 - - - - ECDHE-ECDSA-CHACHA20-POLY1305 - - - - ECDHE-RSA-CHACHA20-POLY1305 - - - - DHE-RSA-AES128-GCM-SHA256 - - - - DHE-RSA-AES256-GCM-SHA384 - - - - DHE-RSA-CHACHA20-POLY1305 - - - - ECDHE-ECDSA-AES128-SHA256 - - - - ECDHE-RSA-AES128-SHA256 - - - - ECDHE-ECDSA-AES128-SHA - - - - ECDHE-RSA-AES128-SHA - - - - ECDHE-ECDSA-AES256-SHA384 - - - - ECDHE-RSA-AES256-SHA384 - - - - ECDHE-ECDSA-AES256-SHA - - - - ECDHE-RSA-AES256-SHA - - - - DHE-RSA-AES128-SHA256 - - - - DHE-RSA-AES256-SHA256 - - - - AES128-GCM-SHA256 - - - - AES256-GCM-SHA384 - - - - AES128-SHA256 - - - - AES256-SHA256 - - - - AES128-SHA - - - - AES256-SHA - - - - DES-CBC3-SHA - - - minTLSVersion: VersionTLS10 - nullable: true - type: object - type: - description: |- - type is one of Old, Intermediate, Modern or Custom. Custom provides - the ability to specify individual TLS security profile parameters. - Old, Intermediate and Modern are TLS security profiles based on: - - - https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations - - - The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers - are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be - reduced. - - - Note that the Modern profile is currently not supported because it is not - yet well adopted by common software libraries. - enum: - - Old - - Intermediate - - Modern - - Custom - type: string - type: object - type: object - authentication: - description: |- - Authentication specifies cluster-wide settings for authentication (like OAuth and - webhook token authenticators). - properties: - oauthMetadata: - description: |- - oauthMetadata contains the discovery endpoint data for OAuth 2.0 - Authorization Server Metadata for an external OAuth server. - This discovery document can be viewed from its served location: - oc get --raw '/.well-known/oauth-authorization-server' - For further details, see the IETF Draft: - https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - If oauthMetadata.name is non-empty, this value has precedence - over any metadata reference stored in status. - The key "oauthMetadata" is used to locate the data. - If specified and the config map or expected key is not found, no metadata is served. - If the specified metadata is not valid, no metadata is served. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - oidcProviders: - description: |- - OIDCProviders are OIDC identity providers that can issue tokens - for this cluster - Can only be set if "Type" is set to "OIDC". - - - At most one provider can be configured. - items: - properties: - claimMappings: - description: |- - ClaimMappings describes rules on how to transform information from an - ID token into a cluster identity - properties: - groups: - description: |- - Groups is a name of the claim that should be used to construct - groups for the cluster identity. - The referenced claim must use array of strings values. - properties: - claim: - description: Claim is a JWT token claim to be - used in the mapping - type: string - prefix: - description: |- - Prefix is a string to prefix the value from the token in the result of the - claim mapping. - - - By default, no prefixing occurs. - - - Example: if `prefix` is set to "myoidc:"" and the `claim` in JWT contains - an array of strings "a", "b" and "c", the mapping will result in an - array of string "myoidc:a", "myoidc:b" and "myoidc:c". - type: string - required: - - claim - type: object - username: - description: |- - Username is a name of the claim that should be used to construct - usernames for the cluster identity. - - - Default value: "sub" - properties: - claim: - description: Claim is a JWT token claim to be - used in the mapping - type: string - prefix: - properties: - prefixString: - minLength: 1 - type: string - required: - - prefixString - type: object - prefixPolicy: - description: |- - PrefixPolicy specifies how a prefix should apply. - - - By default, claims other than `email` will be prefixed with the issuer URL to - prevent naming clashes with other plugins. - - - Set to "NoPrefix" to disable prefixing. - - - Example: - (1) `prefix` is set to "myoidc:" and `claim` is set to "username". - If the JWT claim `username` contains value `userA`, the resulting - mapped value will be "myoidc:userA". - (2) `prefix` is set to "myoidc:" and `claim` is set to "email". If the - JWT `email` claim contains value "userA@myoidc.tld", the resulting - mapped value will be "myoidc:userA@myoidc.tld". - (3) `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`, - the JWT claims include "username":"userA" and "email":"userA@myoidc.tld", - and `claim` is set to: - (a) "username": the mapped value will be "https://myoidc.tld#userA" - (b) "email": the mapped value will be "userA@myoidc.tld" - enum: - - "" - - NoPrefix - - Prefix - type: string - required: - - claim - type: object - x-kubernetes-validations: - - message: prefix must be set if prefixPolicy is - 'Prefix', but must remain unset otherwise - rule: 'has(self.prefixPolicy) && self.prefixPolicy - == ''Prefix'' ? (has(self.prefix) && size(self.prefix.prefixString) - > 0) : !has(self.prefix)' - type: object - claimValidationRules: - description: ClaimValidationRules are rules that are - applied to validate token claims to authenticate users. - items: - properties: - requiredClaim: - description: |- - RequiredClaim allows configuring a required claim name and its expected - value - properties: - claim: - description: |- - Claim is a name of a required claim. Only claims with string values are - supported. - minLength: 1 - type: string - requiredValue: - description: RequiredValue is the required - value for the claim. - minLength: 1 - type: string - required: - - claim - - requiredValue - type: object - type: - default: RequiredClaim - description: Type sets the type of the validation - rule - enum: - - RequiredClaim - type: string - type: object - type: array - x-kubernetes-list-type: atomic - issuer: - description: Issuer describes atributes of the OIDC - token issuer - properties: - audiences: - description: |- - Audiences is an array of audiences that the token was issued for. - Valid tokens must include at least one of these values in their - "aud" claim. - Must be set to exactly one value. - items: - minLength: 1 - type: string - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: set - issuerCertificateAuthority: - description: |- - CertificateAuthority is a reference to a config map in the - configuration namespace. The .data of the configMap must contain - the "ca-bundle.crt" key. - If unset, system trust is used instead. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - issuerURL: - description: |- - URL is the serving URL of the token issuer. - Must use the https:// scheme. - pattern: ^https:\/\/[^\s] - type: string - required: - - audiences - - issuerURL - type: object - name: - description: Name of the OIDC provider - minLength: 1 - type: string - oidcClients: - description: |- - OIDCClients contains configuration for the platform's clients that - need to request tokens from the issuer - items: - properties: - clientID: - description: ClientID is the identifier of the - OIDC client from the OIDC provider - minLength: 1 - type: string - clientSecret: - description: |- - ClientSecret refers to a secret in the `openshift-config` namespace that - contains the client secret in the `clientSecret` key of the `.data` field - properties: - name: - description: name is the metadata.name of - the referenced secret - type: string - required: - - name - type: object - componentName: - description: |- - ComponentName is the name of the component that is supposed to consume this - client configuration - maxLength: 256 - minLength: 1 - type: string - componentNamespace: - description: |- - ComponentNamespace is the namespace of the component that is supposed to consume this - client configuration - maxLength: 63 - minLength: 1 - type: string - extraScopes: - description: ExtraScopes is an optional set of - scopes to request tokens with. - items: - type: string - type: array - x-kubernetes-list-type: set - required: - - clientID - - componentName - - componentNamespace - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - componentNamespace - - componentName - x-kubernetes-list-type: map - required: - - issuer - - name - type: object - maxItems: 1 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - serviceAccountIssuer: - description: |- - serviceAccountIssuer is the identifier of the bound service account token - issuer. - The default is https://kubernetes.default.svc - WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the - previous issuer value. Instead, the tokens issued by previous service account issuer will continue to - be trusted for a time period chosen by the platform (currently set to 24h). - This time period is subject to change over time. - This allows internal components to transition to use new service account issuer without service distruption. - type: string - type: - description: |- - type identifies the cluster managed, user facing authentication mode in use. - Specifically, it manages the component that responds to login attempts. - The default is IntegratedOAuth. - type: string - webhookTokenAuthenticator: - description: |- - webhookTokenAuthenticator configures a remote token reviewer. - These remote authentication webhooks can be used to verify bearer tokens - via the tokenreviews.authentication.k8s.io REST API. This is required to - honor bearer tokens that are provisioned by an external authentication service. - - - Can only be set if "Type" is set to "None". - properties: - kubeConfig: - description: |- - kubeConfig references a secret that contains kube config file data which - describes how to access the remote webhook service. - The namespace for the referenced secret is openshift-config. - - - For further details, see: - - - https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - - - The key "kubeConfig" is used to locate the data. - If the secret or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook is not honored. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - required: - - kubeConfig - type: object - webhookTokenAuthenticators: - description: webhookTokenAuthenticators is DEPRECATED, setting - it has no effect. - items: - description: |- - deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. - It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field. - properties: - kubeConfig: - description: |- - kubeConfig contains kube config file data which describes how to access the remote webhook service. - For further details, see: - https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - The key "kubeConfig" is used to locate the data. - If the secret or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook is not honored. - The namespace for this secret is determined by the point of use. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - type: array - x-kubernetes-list-type: atomic - type: object - featureGate: - description: FeatureGate holds cluster-wide information about - feature gates. - properties: - customNoUpgrade: - description: |- - customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. - Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations - your cluster may fail in an unrecoverable way. featureSet must equal "CustomNoUpgrade" must be set to use this field. - nullable: true - properties: - disabled: - description: disabled is a list of all feature gates that - you want to force off - items: - description: FeatureGateName is a string to enforce - patterns on the name of a FeatureGate - pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$ - type: string - type: array - enabled: - description: enabled is a list of all feature gates that - you want to force on - items: - description: FeatureGateName is a string to enforce - patterns on the name of a FeatureGate - pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$ - type: string - type: array - type: object - featureSet: - description: |- - featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting. - Turning on or off features may cause irreversible changes in your cluster which cannot be undone. - type: string - x-kubernetes-validations: - - message: CustomNoUpgrade may not be changed - rule: 'oldSelf == ''CustomNoUpgrade'' ? self == ''CustomNoUpgrade'' - : true' - - message: TechPreviewNoUpgrade may not be changed - rule: 'oldSelf == ''TechPreviewNoUpgrade'' ? self == ''TechPreviewNoUpgrade'' - : true' - - message: DevPreviewNoUpgrade may not be changed - rule: 'oldSelf == ''DevPreviewNoUpgrade'' ? self == ''DevPreviewNoUpgrade'' - : true' - type: object - image: - description: |- - Image governs policies related to imagestream imports and runtime configuration - for external registries. It allows cluster admins to configure which registries - OpenShift is allowed to import images from, extra CA trust bundles for external - registries, and policies to block or allow registry hostnames. - When exposing OpenShift's image registry to the public, this also lets cluster - admins specify the external hostname. - properties: - additionalTrustedCA: - description: |- - additionalTrustedCA is a reference to a ConfigMap containing additional CAs that - should be trusted during imagestream import, pod image pull, build image pull, and - imageregistry pullthrough. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - allowedRegistriesForImport: - description: |- - allowedRegistriesForImport limits the container image registries that normal users may import - images from. Set this list to the registries that you trust to contain valid Docker - images and that you want applications to be able to import from. Users with - permission to create Images or ImageStreamMappings via the API are not affected by - this policy - typically only administrators or system integrations will have those - permissions. - items: - description: |- - RegistryLocation contains a location of the registry specified by the registry domain - name. The domain name might include wildcards, like '*' or '??'. - properties: - domainName: - description: |- - domainName specifies a domain name for the registry - In case the registry use non-standard (80 or 443) port, the port should be included - in the domain name as well. - type: string - insecure: - description: |- - insecure indicates whether the registry is secure (https) or insecure (http) - By default (if not specified) the registry is assumed as secure. - type: boolean - type: object - type: array - externalRegistryHostnames: - description: |- - externalRegistryHostnames provides the hostnames for the default external image - registry. The external hostname should be set only when the image registry - is exposed externally. The first value is used in 'publicDockerImageRepository' - field in ImageStreams. The value must be in "hostname[:port]" format. - items: - type: string - type: array - registrySources: - description: |- - registrySources contains configuration that determines how the container runtime - should treat individual registries when accessing images for builds+pods. (e.g. - whether or not to allow insecure access). It does not contain configuration for the - internal cluster registry. - properties: - allowedRegistries: - description: |- - allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. - - - Only one of BlockedRegistries or AllowedRegistries may be set. - items: - type: string - type: array - blockedRegistries: - description: |- - blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. - - - Only one of BlockedRegistries or AllowedRegistries may be set. - items: - type: string - type: array - containerRuntimeSearchRegistries: - description: |- - containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified - domains in their pull specs. Registries will be searched in the order provided in the list. - Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports. - format: hostname - items: - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - insecureRegistries: - description: insecureRegistries are registries which do - not have a valid TLS certificates or only support HTTP - connections. - items: - type: string - type: array - type: object - type: object - ingress: - description: |- - Ingress holds cluster-wide information about ingress, including the default ingress domain - used for routes. - properties: - appsDomain: - description: |- - appsDomain is an optional domain to use instead of the one specified - in the domain field when a Route is created without specifying an explicit - host. If appsDomain is nonempty, this value is used to generate default - host values for Route. Unlike domain, appsDomain may be modified after - installation. - This assumes a new ingresscontroller has been setup with a wildcard - certificate. - type: string - componentRoutes: - description: |- - componentRoutes is an optional list of routes that are managed by OpenShift components - that a cluster-admin is able to configure the hostname and serving certificate for. - The namespace and name of each route in this list should match an existing entry in the - status.componentRoutes list. - - - To determine the set of configurable Routes, look at namespace and name of entries in the - .status.componentRoutes list, where participating operators write the status of - configurable routes. - items: - description: ComponentRouteSpec allows for configuration - of a route's hostname and serving certificate. - properties: - hostname: - description: hostname is the hostname that should be - used by the route. - pattern: ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ - type: string - name: - description: |- - name is the logical name of the route to customize. - - - The namespace and name of this componentRoute must match a corresponding - entry in the list of status.componentRoutes if the route is to be customized. - maxLength: 256 - minLength: 1 - type: string - namespace: - description: |- - namespace is the namespace of the route to customize. - - - The namespace and name of this componentRoute must match a corresponding - entry in the list of status.componentRoutes if the route is to be customized. - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - servingCertKeyPairSecret: - description: |- - servingCertKeyPairSecret is a reference to a secret of type `kubernetes.io/tls` in the openshift-config namespace. - The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name. - If the custom hostname uses the default routing suffix of the cluster, - the Secret specification for a serving certificate will not be needed. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - required: - - hostname - - name - - namespace - type: object - type: array - x-kubernetes-list-map-keys: - - namespace - - name - x-kubernetes-list-type: map - domain: - description: |- - domain is used to generate a default host name for a route when the - route's host name is empty. The generated host name will follow this - pattern: "..". - - - It is also used as the default wildcard domain suffix for ingress. The - default ingresscontroller domain will follow this pattern: "*.". - - - Once set, changing domain is not currently supported. - type: string - loadBalancer: - description: |- - loadBalancer contains the load balancer details in general which are not only specific to the underlying infrastructure - provider of the current cluster and are required for Ingress Controller to work on OpenShift. - properties: - platform: - description: |- - platform holds configuration specific to the underlying - infrastructure provider for the ingress load balancers. - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - properties: - aws: - description: aws contains settings specific to the - Amazon Web Services infrastructure provider. - properties: - type: - description: |- - type allows user to set a load balancer type. - When this field is set the default ingresscontroller will get created using the specified LBType. - If this field is not set then the default ingress controller of LBType Classic will be created. - Valid values are: - - - * "Classic": A Classic Load Balancer that makes routing decisions at either - the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See - the following for additional details: - - - https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb - - - * "NLB": A Network Load Balancer that makes routing decisions at the - transport layer (TCP/SSL). See the following for additional details: - - - https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb - enum: - - NLB - - Classic - type: string - required: - - type - type: object - type: - description: |- - type is the underlying infrastructure provider for the cluster. - Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", - "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", - "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms, - and must handle unrecognized platforms as None if they do not support that platform. - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - type: object - type: object - requiredHSTSPolicies: - description: |- - requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created or updated routes - matching the domainPattern/s and namespaceSelector/s that are specified in the policy. - Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route - annotation, and affect route admission. - - - A candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation: - "haproxy.router.openshift.io/hsts_header" - E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains - - - - For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector, - then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted. Otherwise, the route - is rejected. - - The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies - determines the route's admission status. - - If the candidate route doesn't match any requiredHSTSPolicy domainPattern and optional namespaceSelector, - then it may use any HSTS Policy annotation. - - - The HSTS policy configuration may be changed after routes have already been created. An update to a previously - admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration. - However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working. - - - Note that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid. - items: - properties: - domainPatterns: - description: |- - domainPatterns is a list of domains for which the desired HSTS annotations are required. - If domainPatterns is specified and a route is created with a spec.host matching one of the domains, - the route must specify the HSTS Policy components described in the matching RequiredHSTSPolicy. - - - The use of wildcards is allowed like this: *.foo.com matches everything under foo.com. - foo.com only matches foo.com, so to cover foo.com and everything under it, you must specify *both*. - items: - type: string - minItems: 1 - type: array - includeSubDomainsPolicy: - description: |- - includeSubDomainsPolicy means the HSTS Policy should apply to any subdomains of the host's - domain name. Thus, for the host bar.foo.com, if includeSubDomainsPolicy was set to RequireIncludeSubDomains: - - the host app.bar.foo.com would inherit the HSTS Policy of bar.foo.com - - the host bar.foo.com would inherit the HSTS Policy of bar.foo.com - - the host foo.com would NOT inherit the HSTS Policy of bar.foo.com - - the host def.foo.com would NOT inherit the HSTS Policy of bar.foo.com - enum: - - RequireIncludeSubDomains - - RequireNoIncludeSubDomains - - NoOpinion - type: string - maxAge: - description: |- - maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts. - If set to 0, it negates the effect, and hosts are removed as HSTS hosts. - If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts. - maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS - policy will eventually expire on that client. - properties: - largestMaxAge: - description: |- - The largest allowed value (in seconds) of the RequiredHSTSPolicy max-age - This value can be left unspecified, in which case no upper limit is enforced. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - smallestMaxAge: - description: |- - The smallest allowed value (in seconds) of the RequiredHSTSPolicy max-age - Setting max-age=0 allows the deletion of an existing HSTS header from a host. This is a necessary - tool for administrators to quickly correct mistakes. - This value can be left unspecified, in which case no lower limit is enforced. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - type: object - namespaceSelector: - description: |- - namespaceSelector specifies a label selector such that the policy applies only to those routes that - are in namespaces with labels that match the selector, and are in one of the DomainPatterns. - Defaults to the empty LabelSelector, which matches everything. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - preloadPolicy: - description: |- - preloadPolicy directs the client to include hosts in its host preload list so that - it never needs to do an initial load to get the HSTS header (note that this is not defined - in RFC 6797 and is therefore client implementation-dependent). - enum: - - RequirePreload - - RequireNoPreload - - NoOpinion - type: string - required: - - domainPatterns - type: object - type: array - type: object - network: - description: |- - Network holds cluster-wide information about the network. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. - Please view network.spec for an explanation on what applies when configuring this resource. - TODO (csrwng): Add validation here to exclude changes that conflict with networking settings in the HostedCluster.Spec.Networking field. - properties: - clusterNetwork: - description: |- - IP address pool to use for pod IPs. - This field is immutable after installation. - items: - description: |- - ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs - are allocated. - properties: - cidr: - description: The complete block for pod IPs. - type: string - hostPrefix: - description: |- - The size (prefix) of block to allocate to each node. If this - field is not used by the plugin, it can be left unset. - format: int32 - minimum: 0 - type: integer - type: object - type: array - x-kubernetes-list-type: atomic - externalIP: - description: |- - externalIP defines configuration for controllers that - affect Service.ExternalIP. If nil, then ExternalIP is - not allowed to be set. - properties: - autoAssignCIDRs: - description: |- - autoAssignCIDRs is a list of CIDRs from which to automatically assign - Service.ExternalIP. These are assigned when the service is of type - LoadBalancer. In general, this is only useful for bare-metal clusters. - In Openshift 3.x, this was misleadingly called "IngressIPs". - Automatically assigned External IPs are not affected by any - ExternalIPPolicy rules. - Currently, only one entry may be provided. - items: - type: string - type: array - x-kubernetes-list-type: atomic - policy: - description: |- - policy is a set of restrictions applied to the ExternalIP field. - If nil or empty, then ExternalIP is not allowed to be set. - properties: - allowedCIDRs: - description: allowedCIDRs is the list of allowed CIDRs. - items: - type: string - type: array - x-kubernetes-list-type: atomic - rejectedCIDRs: - description: |- - rejectedCIDRs is the list of disallowed CIDRs. These take precedence - over allowedCIDRs. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - type: object - networkDiagnostics: - description: |- - networkDiagnostics defines network diagnostics configuration. - - - Takes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. - If networkDiagnostics is not specified or is empty, - and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true, - the network diagnostics feature will be disabled. - properties: - mode: - description: |- - mode controls the network diagnostics mode - - - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is All. - enum: - - "" - - All - - Disabled - type: string - sourcePlacement: - description: |- - sourcePlacement controls the scheduling of network diagnostics source deployment - - - See NetworkDiagnosticsSourcePlacement for more details about default values. - properties: - nodeSelector: - additionalProperties: - type: string - description: |- - nodeSelector is the node selector applied to network diagnostics components - - - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is `kubernetes.io/os: linux`. - type: object - tolerations: - description: |- - tolerations is a list of tolerations applied to network diagnostics components - - - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is an empty list. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - targetPlacement: - description: |- - targetPlacement controls the scheduling of network diagnostics target daemonset - - - See NetworkDiagnosticsTargetPlacement for more details about default values. - properties: - nodeSelector: - additionalProperties: - type: string - description: |- - nodeSelector is the node selector applied to network diagnostics components - - - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is `kubernetes.io/os: linux`. - type: object - tolerations: - description: |- - tolerations is a list of tolerations applied to network diagnostics components - - - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is `- operator: "Exists"` which means that all taints are tolerated. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - networkType: - description: |- - NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN). - This should match a value that the cluster-network-operator understands, - or else no networking will be installed. - Currently supported values are: - - OpenShiftSDN - This field is immutable after installation. - type: string - serviceNetwork: - description: |- - IP address pool for services. - Currently, we only support a single entry here. - This field is immutable after installation. - items: - type: string - type: array - x-kubernetes-list-type: atomic - serviceNodePortRange: - description: |- - The port range allowed for Services of type NodePort. - If not specified, the default of 30000-32767 will be used. - Such Services without a NodePort specified will have one - automatically allocated from this range. - This parameter can be updated after the cluster is - installed. - pattern: ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - type: object - oauth: - description: |- - OAuth holds cluster-wide information about OAuth. - It is used to configure the integrated OAuth server. - This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth. - properties: - identityProviders: - description: |- - identityProviders is an ordered list of ways for a user to identify themselves. - When this list is empty, no identities are provisioned for users. - items: - description: IdentityProvider provides identities for users - authenticating using credentials - properties: - basicAuth: - description: basicAuth contains configuration options - for the BasicAuth IdP - properties: - ca: - description: |- - ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - The key "ca.crt" is used to locate the data. - If specified and the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - If empty, the default system roots are used. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - tlsClientCert: - description: |- - tlsClientCert is an optional reference to a secret by name that contains the - PEM-encoded TLS client certificate to present when connecting to the server. - The key "tls.crt" is used to locate the data. - If specified and the secret or expected key is not found, the identity provider is not honored. - If the specified certificate data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - tlsClientKey: - description: |- - tlsClientKey is an optional reference to a secret by name that contains the - PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. - The key "tls.key" is used to locate the data. - If specified and the secret or expected key is not found, the identity provider is not honored. - If the specified certificate data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - url: - description: url is the remote URL to connect to - type: string - type: object - github: - description: github enables user authentication using - GitHub credentials - properties: - ca: - description: |- - ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - The key "ca.crt" is used to locate the data. - If specified and the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - If empty, the default system roots are used. - This can only be configured when hostname is set to a non-empty value. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: |- - clientSecret is a required reference to the secret by name containing the oauth client secret. - The key "clientSecret" is used to locate the data. - If the secret or expected key is not found, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - hostname: - description: |- - hostname is the optional domain (e.g. "mycompany.com") for use with a hosted instance of - GitHub Enterprise. - It must match the GitHub Enterprise settings value configured at /setup/settings#hostname. - type: string - organizations: - description: organizations optionally restricts - which organizations are allowed to log in - items: - type: string - type: array - teams: - description: teams optionally restricts which teams - are allowed to log in. Format is /. - items: - type: string - type: array - type: object - gitlab: - description: gitlab enables user authentication using - GitLab credentials - properties: - ca: - description: |- - ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - The key "ca.crt" is used to locate the data. - If specified and the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - If empty, the default system roots are used. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: |- - clientSecret is a required reference to the secret by name containing the oauth client secret. - The key "clientSecret" is used to locate the data. - If the secret or expected key is not found, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - url: - description: url is the oauth server base URL - type: string - type: object - google: - description: google enables user authentication using - Google credentials - properties: - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: |- - clientSecret is a required reference to the secret by name containing the oauth client secret. - The key "clientSecret" is used to locate the data. - If the secret or expected key is not found, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - hostedDomain: - description: hostedDomain is the optional Google - App domain (e.g. "mycompany.com") to restrict - logins to - type: string - type: object - htpasswd: - description: htpasswd enables user authentication using - an HTPasswd file to validate credentials - properties: - fileData: - description: |- - fileData is a required reference to a secret by name containing the data to use as the htpasswd file. - The key "htpasswd" is used to locate the data. - If the secret or expected key is not found, the identity provider is not honored. - If the specified htpasswd data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - type: object - keystone: - description: keystone enables user authentication using - keystone password credentials - properties: - ca: - description: |- - ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - The key "ca.crt" is used to locate the data. - If specified and the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - If empty, the default system roots are used. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - domainName: - description: domainName is required for keystone - v3 - type: string - tlsClientCert: - description: |- - tlsClientCert is an optional reference to a secret by name that contains the - PEM-encoded TLS client certificate to present when connecting to the server. - The key "tls.crt" is used to locate the data. - If specified and the secret or expected key is not found, the identity provider is not honored. - If the specified certificate data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - tlsClientKey: - description: |- - tlsClientKey is an optional reference to a secret by name that contains the - PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. - The key "tls.key" is used to locate the data. - If specified and the secret or expected key is not found, the identity provider is not honored. - If the specified certificate data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - url: - description: url is the remote URL to connect to - type: string - type: object - ldap: - description: ldap enables user authentication using - LDAP credentials - properties: - attributes: - description: attributes maps LDAP attributes to - identities - properties: - email: - description: |- - email is the list of attributes whose values should be used as the email address. Optional. - If unspecified, no email is set for the identity - items: - type: string - type: array - id: - description: |- - id is the list of attributes whose values should be used as the user ID. Required. - First non-empty attribute is used. At least one attribute is required. If none of the listed - attribute have a value, authentication fails. - LDAP standard identity attribute is "dn" - items: - type: string - type: array - name: - description: |- - name is the list of attributes whose values should be used as the display name. Optional. - If unspecified, no display name is set for the identity - LDAP standard display name attribute is "cn" - items: - type: string - type: array - preferredUsername: - description: |- - preferredUsername is the list of attributes whose values should be used as the preferred username. - LDAP standard login attribute is "uid" - items: - type: string - type: array - type: object - bindDN: - description: bindDN is an optional DN to bind with - during the search phase. - type: string - bindPassword: - description: |- - bindPassword is an optional reference to a secret by name - containing a password to bind with during the search phase. - The key "bindPassword" is used to locate the data. - If specified and the secret or expected key is not found, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - ca: - description: |- - ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - The key "ca.crt" is used to locate the data. - If specified and the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - If empty, the default system roots are used. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - insecure: - description: |- - insecure, if true, indicates the connection should not use TLS - WARNING: Should not be set to `true` with the URL scheme "ldaps://" as "ldaps://" URLs always - attempt to connect using TLS, even when `insecure` is set to `true` - When `true`, "ldap://" URLS connect insecurely. When `false`, "ldap://" URLs are upgraded to - a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830. - type: boolean - url: - description: |- - url is an RFC 2255 URL which specifies the LDAP search parameters to use. - The syntax of the URL is: - ldap://host:port/basedn?attribute?scope?filter - type: string - type: object - mappingMethod: - description: |- - mappingMethod determines how identities from this provider are mapped to users - Defaults to "claim" - type: string - name: - description: |- - name is used to qualify the identities returned by this provider. - - It MUST be unique and not shared by any other identity provider used - - It MUST be a valid path segment: name cannot equal "." or ".." or contain "/" or "%" or ":" - Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName - type: string - openID: - description: openID enables user authentication using - OpenID credentials - properties: - ca: - description: |- - ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - The key "ca.crt" is used to locate the data. - If specified and the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - If empty, the default system roots are used. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - claims: - description: claims mappings - properties: - email: - description: |- - email is the list of claims whose values should be used as the email address. Optional. - If unspecified, no email is set for the identity - items: - type: string - type: array - x-kubernetes-list-type: atomic - groups: - description: |- - groups is the list of claims value of which should be used to synchronize groups - from the OIDC provider to OpenShift for the user. - If multiple claims are specified, the first one with a non-empty value is used. - items: - description: |- - OpenIDClaim represents a claim retrieved from an OpenID provider's tokens or userInfo - responses - minLength: 1 - type: string - type: array - x-kubernetes-list-type: atomic - name: - description: |- - name is the list of claims whose values should be used as the display name. Optional. - If unspecified, no display name is set for the identity - items: - type: string - type: array - x-kubernetes-list-type: atomic - preferredUsername: - description: |- - preferredUsername is the list of claims whose values should be used as the preferred username. - If unspecified, the preferred username is determined from the value of the sub claim - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: |- - clientSecret is a required reference to the secret by name containing the oauth client secret. - The key "clientSecret" is used to locate the data. - If the secret or expected key is not found, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - extraAuthorizeParameters: - additionalProperties: - type: string - description: extraAuthorizeParameters are any custom - parameters to add to the authorize request. - type: object - extraScopes: - description: extraScopes are any scopes to request - in addition to the standard "openid" scope. - items: - type: string - type: array - issuer: - description: |- - issuer is the URL that the OpenID Provider asserts as its Issuer Identifier. - It must use the https scheme with no query or fragment component. - type: string - type: object - requestHeader: - description: requestHeader enables user authentication - using request header credentials - properties: - ca: - description: |- - ca is a required reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - Specifically, it allows verification of incoming requests to prevent header spoofing. - The key "ca.crt" is used to locate the data. - If the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - challengeURL: - description: |- - challengeURL is a URL to redirect unauthenticated /authorize requests to - Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be - redirected here. - ${url} is replaced with the current URL, escaped to be safe in a query parameter - https://www.example.com/sso-login?then=${url} - ${query} is replaced with the current query string - https://www.example.com/auth-proxy/oauth/authorize?${query} - Required when challenge is set to true. - type: string - clientCommonNames: - description: |- - clientCommonNames is an optional list of common names to require a match from. If empty, any - client certificate validated against the clientCA bundle is considered authoritative. - items: - type: string - type: array - emailHeaders: - description: emailHeaders is the set of headers - to check for the email address - items: - type: string - type: array - headers: - description: headers is the set of headers to check - for identity information - items: - type: string - type: array - loginURL: - description: |- - loginURL is a URL to redirect unauthenticated /authorize requests to - Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here - ${url} is replaced with the current URL, escaped to be safe in a query parameter - https://www.example.com/sso-login?then=${url} - ${query} is replaced with the current query string - https://www.example.com/auth-proxy/oauth/authorize?${query} - Required when login is set to true. - type: string - nameHeaders: - description: nameHeaders is the set of headers to - check for the display name - items: - type: string - type: array - preferredUsernameHeaders: - description: preferredUsernameHeaders is the set - of headers to check for the preferred username - items: - type: string - type: array - type: object - type: - description: type identifies the identity provider type - for this entry. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - templates: - description: templates allow you to customize pages like the - login page. - properties: - error: - description: |- - error is the name of a secret that specifies a go template to use to render error pages - during the authentication or grant flow. - The key "errors.html" is used to locate the template data. - If specified and the secret or expected key is not found, the default error page is used. - If the specified template is not valid, the default error page is used. - If unspecified, the default error page is used. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - login: - description: |- - login is the name of a secret that specifies a go template to use to render the login page. - The key "login.html" is used to locate the template data. - If specified and the secret or expected key is not found, the default login page is used. - If the specified template is not valid, the default login page is used. - If unspecified, the default login page is used. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - providerSelection: - description: |- - providerSelection is the name of a secret that specifies a go template to use to render - the provider selection page. - The key "providers.html" is used to locate the template data. - If specified and the secret or expected key is not found, the default provider selection page is used. - If the specified template is not valid, the default provider selection page is used. - If unspecified, the default provider selection page is used. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - tokenConfig: - description: tokenConfig contains options for authorization - and access tokens - properties: - accessTokenInactivityTimeout: - description: |- - accessTokenInactivityTimeout defines the token inactivity timeout - for tokens granted by any client. - The value represents the maximum amount of time that can occur between - consecutive uses of the token. Tokens become invalid if they are not - used within this temporal window. The user will need to acquire a new - token to regain access once a token times out. Takes valid time - duration string such as "5m", "1.5h" or "2h45m". The minimum allowed - value for duration is 300s (5 minutes). If the timeout is configured - per client, then that value takes precedence. If the timeout value is - not specified and the client does not override the value, then tokens - are valid until their lifetime. - - - WARNING: existing tokens' timeout will not be affected (lowered) by changing this value - type: string - accessTokenInactivityTimeoutSeconds: - description: 'accessTokenInactivityTimeoutSeconds - DEPRECATED: - setting this field has no effect.' - format: int32 - type: integer - accessTokenMaxAgeSeconds: - description: accessTokenMaxAgeSeconds defines the maximum - age of access tokens - format: int32 - type: integer - type: object - type: object - x-kubernetes-validations: - - message: spec.configuration.oauth.tokenConfig.accessTokenInactivityTimeout - minimum acceptable token timeout value is 300 seconds - rule: '!has(self.tokenConfig) || !has(self.tokenConfig.accessTokenInactivityTimeout) - || duration(self.tokenConfig.accessTokenInactivityTimeout).getSeconds() - >= 300' - operatorhub: - description: |- - OperatorHub specifies the configuration for the Operator Lifecycle Manager in the HostedCluster. This is only configured at deployment time but the controller are not reconcilling over it. - The OperatorHub configuration will be constantly reconciled if catalog placement is management, but only on cluster creation otherwise. - properties: - disableAllDefaultSources: - description: |- - disableAllDefaultSources allows you to disable all the default hub - sources. If this is true, a specific entry in sources can be used to - enable a default source. If this is false, a specific entry in - sources can be used to disable or enable a default source. - type: boolean - sources: - description: |- - sources is the list of default hub sources and their configuration. - If the list is empty, it implies that the default hub sources are - enabled on the cluster unless disableAllDefaultSources is true. - If disableAllDefaultSources is true and sources is not empty, - the configuration present in sources will take precedence. The list of - default hub sources and their current state will always be reflected in - the status block. - items: - description: HubSource is used to specify the hub source - and its configuration - properties: - disabled: - description: disabled is used to disable a default hub - source on cluster - type: boolean - name: - description: name is the name of one of the default - hub sources - maxLength: 253 - minLength: 1 - type: string - type: object - type: array - type: object - proxy: - description: Proxy holds cluster-wide information on how to configure - default proxies for the cluster. - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. Empty - means unset and will not result in an env var. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS - requests. Empty means unset and will not result in an env - var. - type: string - noProxy: - description: |- - noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. - Empty means unset and will not result in an env var. - type: string - readinessEndpoints: - description: readinessEndpoints is a list of endpoints used - to verify readiness of the proxy. - items: - type: string - type: array - trustedCA: - description: |- - trustedCA is a reference to a ConfigMap containing a CA certificate bundle. - The trustedCA field should only be consumed by a proxy validator. The - validator is responsible for reading the certificate bundle from the required - key "ca-bundle.crt", merging it with the system default trust bundle, - and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle" - in the "openshift-config-managed" namespace. Clients that expect to make - proxy connections must use the trusted-ca-bundle for all HTTPS requests to - the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as - well. - - - The namespace for the ConfigMap referenced by trustedCA is - "openshift-config". Here is an example ConfigMap (in yaml): - - - apiVersion: v1 - kind: ConfigMap - metadata: - name: user-ca-bundle - namespace: openshift-config - data: - ca-bundle.crt: | - -----BEGIN CERTIFICATE----- - Custom CA certificate bundle. - -----END CERTIFICATE----- - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - type: object - scheduler: - description: |- - Scheduler holds cluster-wide config information to run the Kubernetes Scheduler - and influence its placement decisions. The canonical name for this config is `cluster`. - properties: - defaultNodeSelector: - description: |- - defaultNodeSelector helps set the cluster-wide default node selector to - restrict pod placement to specific nodes. This is applied to the pods - created in all namespaces and creates an intersection with any existing - nodeSelectors already set on a pod, additionally constraining that pod's selector. - For example, - defaultNodeSelector: "type=user-node,region=east" would set nodeSelector - field in pod spec to "type=user-node,region=east" to all pods created - in all namespaces. Namespaces having project-wide node selectors won't be - impacted even if this field is set. This adds an annotation section to - the namespace. - For example, if a new namespace is created with - node-selector='type=user-node,region=east', - the annotation openshift.io/node-selector: type=user-node,region=east - gets added to the project. When the openshift.io/node-selector annotation - is set on the project the value is used in preference to the value we are setting - for defaultNodeSelector field. - For instance, - openshift.io/node-selector: "type=user-node,region=west" means - that the default of "type=user-node,region=east" set in defaultNodeSelector - would not be applied. - type: string - mastersSchedulable: - description: |- - MastersSchedulable allows masters nodes to be schedulable. When this flag is - turned on, all the master nodes in the cluster will be made schedulable, - so that workload pods can run on them. The default value for this field is false, - meaning none of the master nodes are schedulable. - Important Note: Once the workload pods start running on the master nodes, - extreme care must be taken to ensure that cluster-critical control plane components - are not impacted. - Please turn on this field after doing due diligence. - type: boolean - policy: - description: |- - DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. - policy is a reference to a ConfigMap containing scheduler policy which has - user specified predicates and priorities. If this ConfigMap is not available - scheduler will default to use DefaultAlgorithmProvider. - The namespace for this configmap is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - profile: - description: |- - profile sets which scheduling profile should be set in order to configure scheduling - decisions for new pods. - - - Valid values are "LowNodeUtilization", "HighNodeUtilization", "NoScoring" - Defaults to "LowNodeUtilization" - enum: - - "" - - LowNodeUtilization - - HighNodeUtilization - - NoScoring - type: string - profileCustomizations: - description: profileCustomizations contains configuration - for modifying the default behavior of existing scheduler - profiles. - properties: - dynamicResourceAllocation: - description: |- - dynamicResourceAllocation allows to enable or disable dynamic resource allocation within the scheduler. - Dynamic resource allocation is an API for requesting and sharing resources between pods and containers inside a pod. - Third-party resource drivers are responsible for tracking and allocating resources. - Different kinds of resources support arbitrary parameters for defining requirements and initialization. - Valid values are Enabled, Disabled and omitted. - When omitted, this means no opinion and the platform is left to choose a reasonable default, - which is subject to change over time. - The current default is Disabled. - enum: - - "" - - Enabled - - Disabled - type: string - type: object - type: object - type: object - controlPlaneRelease: - description: |- - ControlPlaneRelease specifies the desired OCP release payload for - control plane components running on the management cluster. - Updating this field will trigger a rollout of the control plane. The - behavior of the rollout will be driven by the ControllerAvailabilityPolicy - and InfrastructureAvailabilityPolicy. - If not defined, Release is used - properties: - image: - description: Image is the image pullspec of an OCP release payload - image. - pattern: ^(\w+\S+)$ - type: string - required: - - image - type: object - controllerAvailabilityPolicy: - default: HighlyAvailable - description: |- - ControllerAvailabilityPolicy specifies the availability policy applied to - critical control plane components. The default value is HighlyAvailable. - type: string - dns: - description: DNS specifies DNS configuration for the cluster. - properties: - baseDomain: - description: BaseDomain is the base domain of the cluster. - type: string - baseDomainPrefix: - description: |- - BaseDomainPrefix is the base domain prefix of the cluster. - defaults to clusterName if not set. Set it to "" if you don't want a prefix to be prepended to BaseDomain. - type: string - privateZoneID: - description: |- - PrivateZoneID is the Hosted Zone ID where all the DNS records that are only - available internally to the cluster exist. - type: string - publicZoneID: - description: |- - PublicZoneID is the Hosted Zone ID where all the DNS records that are - publicly accessible to the internet exist. - type: string - required: - - baseDomain - type: object - etcd: - default: - managed: - storage: - persistentVolume: - size: 8Gi - type: PersistentVolume - managementType: Managed - description: |- - Etcd specifies configuration for the control plane etcd cluster. The - default ManagementType is Managed. Once set, the ManagementType cannot be - changed. - properties: - managed: - description: Managed specifies the behavior of an etcd cluster - managed by HyperShift. - properties: - storage: - description: Storage specifies how etcd data is persisted. - properties: - persistentVolume: - description: |- - PersistentVolume is the configuration for PersistentVolume etcd storage. - With this implementation, a PersistentVolume will be allocated for every - etcd member (either 1 or 3 depending on the HostedCluster control plane - availability configuration). - properties: - size: - anyOf: - - type: integer - - type: string - default: 8Gi - description: Size is the minimum size of the data - volume for each etcd member. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - x-kubernetes-validations: - - message: Etcd PV storage size is immutable - rule: self == oldSelf - storageClassName: - description: |- - StorageClassName is the StorageClass of the data volume for each etcd member. - - - See https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1. - type: string - type: object - restoreSnapshotURL: - description: |- - RestoreSnapshotURL allows an optional URL to be provided where - an etcd snapshot can be downloaded, for example a pre-signed URL - referencing a storage service. - This snapshot will be restored on initial startup, only when the etcd PV - is empty. - items: - type: string - type: array - x-kubernetes-validations: - - message: RestoreSnapshotURL shouldn't contain more than - 1 entry - rule: self.size() <= 1 - type: - description: Type is the kind of persistent storage implementation - to use for etcd. - enum: - - PersistentVolume - type: string - required: - - type - type: object - required: - - storage - type: object - managementType: - description: ManagementType defines how the etcd cluster is managed. - enum: - - Managed - - Unmanaged - type: string - unmanaged: - description: |- - Unmanaged specifies configuration which enables the control plane to - integrate with an eternally managed etcd cluster. - properties: - endpoint: - description: |- - Endpoint is the full etcd cluster client endpoint URL. For example: - - - https://etcd-client:2379 - - - If the URL uses an HTTPS scheme, the TLS field is required. - pattern: ^https:// - type: string - tls: - description: TLS specifies TLS configuration for HTTPS etcd - client endpoints. - properties: - clientSecret: - description: |- - ClientSecret refers to a secret for client mTLS authentication with the etcd cluster. It - may have the following key/value pairs: - - - etcd-client-ca.crt: Certificate Authority value - etcd-client.crt: Client certificate value - etcd-client.key: Client certificate key value - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - required: - - clientSecret - type: object - required: - - endpoint - - tls - type: object - required: - - managementType - type: object - fips: - description: |- - FIPS indicates whether this cluster's nodes will be running in FIPS mode. - If set to true, the control plane's ignition server will be configured to - expect that nodes joining the cluster will be FIPS-enabled. - type: boolean - imageContentSources: - description: |- - ImageContentSources specifies image mirrors that can be used by cluster - nodes to pull content. - items: - description: |- - ImageContentSource specifies image mirrors that can be used by cluster nodes - to pull content. For cluster workloads, if a container image registry host of - the pullspec matches Source then one of the Mirrors are substituted as hosts - in the pullspec and tried in order to fetch the image. - properties: - mirrors: - description: Mirrors are one or more repositories that may also - contain the same images. - items: - type: string - type: array - source: - description: |- - Source is the repository that users refer to, e.g. in image pull - specifications. - type: string - required: - - source - type: object - type: array - infraID: - description: |- - InfraID is a globally unique identifier for the cluster. This identifier - will be used to associate various cloud resources with the HostedCluster - and its associated NodePools. - type: string - infrastructureAvailabilityPolicy: - default: SingleReplica - description: |- - InfrastructureAvailabilityPolicy specifies the availability policy applied - to infrastructure services which run on cluster nodes. The default value is - SingleReplica. - type: string - issuerURL: - default: https://kubernetes.default.svc - description: |- - IssuerURL is an OIDC issuer URL which is used as the issuer in all - ServiceAccount tokens generated by the control plane API server. The - default value is kubernetes.default.svc, which only works for in-cluster - validation. - format: uri - type: string - networking: - default: - clusterNetwork: - - cidr: 10.132.0.0/14 - networkType: OVNKubernetes - serviceNetwork: - - cidr: 172.31.0.0/16 - description: Networking specifies network configuration for the cluster. - properties: - apiServer: - description: |- - APIServer contains advanced network settings for the API server that affect - how the APIServer is exposed inside a cluster node. - properties: - advertiseAddress: - description: |- - AdvertiseAddress is the address that nodes will use to talk to the API - server. This is an address associated with the loopback adapter of each - node. If not specified, the controller will take default values. - The default values will be set as 172.20.0.1 or fd00::1. - type: string - allowedCIDRBlocks: - description: |- - AllowedCIDRBlocks is an allow list of CIDR blocks that can access the APIServer - If not specified, traffic is allowed from all addresses. - This depends on underlying support by the cloud provider for Service LoadBalancerSourceRanges - items: - pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$ - type: string - type: array - port: - description: |- - Port is the port at which the APIServer is exposed inside a node. Other - pods using host networking cannot listen on this port. - If unset 6443 is used. - This is useful to choose a port other than the default one which might interfere with customer environments e.g. https://github.com/openshift/hypershift/pull/356. - Setting this to 443 is possible only for backward compatibility reasons and it's discouraged. - Doing so, it would result in the controller overriding the KAS endpoint in the guest cluster having a discrepancy with the KAS Pod and potentially causing temporarily network failures. - format: int32 - type: integer - type: object - clusterNetwork: - default: - - cidr: 10.132.0.0/14 - description: ClusterNetwork is the list of IP address pools for - pods. - items: - description: |- - ClusterNetworkEntry is a single IP address block for pod IP blocks. IP blocks - are allocated with size 2^HostSubnetLength. - properties: - cidr: - description: CIDR is the IP block address pool. - type: string - hostPrefix: - description: |- - HostPrefix is the prefix size to allocate to each node from the CIDR. - For example, 24 would allocate 2^8=256 adresses to each node. If this - field is not used by the plugin, it can be left unset. - format: int32 - type: integer - required: - - cidr - type: object - type: array - machineNetwork: - description: MachineNetwork is the list of IP address pools for - machines. - items: - description: MachineNetworkEntry is a single IP address block - for node IP blocks. - properties: - cidr: - description: CIDR is the IP block address pool for machines - within the cluster. - type: string - required: - - cidr - type: object - type: array - networkType: - default: OVNKubernetes - description: NetworkType specifies the SDN provider used for cluster - networking. - enum: - - OpenShiftSDN - - Calico - - OVNKubernetes - - Other - type: string - serviceNetwork: - default: - - cidr: 172.31.0.0/16 - description: |- - ServiceNetwork is the list of IP address pools for services. - NOTE: currently only one entry is supported. - items: - description: ServiceNetworkEntry is a single IP address block - for the service network. - properties: - cidr: - description: CIDR is the IP block address pool for services - within the cluster. - type: string - required: - - cidr - type: object - type: array - required: - - clusterNetwork - - networkType - type: object - nodeSelector: - additionalProperties: - type: string - description: NodeSelector when specified, must be true for the pods - managed by the HostedCluster to be scheduled. - type: object - olmCatalogPlacement: - default: management - description: |- - OLMCatalogPlacement specifies the placement of OLM catalog components. By default, - this is set to management and OLM catalog components are deployed onto the management - cluster. If set to guest, the OLM catalog components will be deployed onto the guest - cluster. - enum: - - management - - guest - type: string - x-kubernetes-validations: - - message: OLMCatalogPlacement is immutable - rule: self == oldSelf - pausedUntil: - description: |- - PausedUntil is a field that can be used to pause reconciliation on a resource. - Either a date can be provided in RFC3339 format or a boolean. If a date is - provided: reconciliation is paused on the resource until that date. If the boolean true is - provided: reconciliation is paused on the resource until the field is removed. - type: string - platform: - description: |- - Platform specifies the underlying infrastructure provider for the cluster - and is used to configure platform specific behavior. - properties: - agent: - description: Agent specifies configuration for agent-based installations. - properties: - agentNamespace: - description: AgentNamespace is the namespace where to search - for Agents for this cluster - type: string - required: - - agentNamespace - type: object - aws: - description: AWS specifies configuration for clusters running - on Amazon Web Services. - properties: - additionalAllowedPrincipals: - description: |- - AdditionalAllowedPrincipals specifies a list of additional allowed principal ARNs - to be added to the hosted control plane's VPC Endpoint Service to enable additional - VPC Endpoint connection requests to be automatically accepted. - See https://docs.aws.amazon.com/vpc/latest/privatelink/configure-endpoint-service.html - for more details around VPC Endpoint Service allowed principals. - items: - type: string - type: array - cloudProviderConfig: - description: |- - CloudProviderConfig specifies AWS networking configuration for the control - plane. - This is mainly used for cloud provider controller config: - https://github.com/kubernetes/kubernetes/blob/f5be5052e3d0808abb904aebd3218fe4a5c2dd82/staging/src/k8s.io/legacy-cloud-providers/aws/aws.go#L1347-L1364 - TODO(dan): should this be named AWSNetworkConfig? - properties: - subnet: - description: Subnet is the subnet to use for control plane - cloud resources. - properties: - filters: - description: |- - Filters is a set of key/value pairs used to identify a resource - They are applied according to the rules defined by the AWS API: - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html - items: - description: Filter is a filter used to identify - an AWS resource - properties: - name: - description: Name of the filter. Filter names - are case-sensitive. - type: string - values: - description: Values includes one or more filter - values. Filter values are case-sensitive. - items: - type: string - type: array - required: - - name - - values - type: object - type: array - id: - description: ID of resource - type: string - type: object - vpc: - description: VPC is the VPC to use for control plane cloud - resources. - type: string - zone: - description: |- - Zone is the availability zone where control plane cloud resources are - created. - type: string - required: - - vpc - type: object - endpointAccess: - default: Public - description: |- - EndpointAccess specifies the publishing scope of cluster endpoints. The - default is Public. - enum: - - Public - - PublicAndPrivate - - Private - type: string - multiArch: - default: false - description: |- - MultiArch specifies whether the Hosted Cluster will be expected to support NodePools with different - CPU architectures, i.e., supporting arm64 NodePools and supporting amd64 NodePools on the same Hosted Cluster. - type: boolean - region: - description: |- - Region is the AWS region in which the cluster resides. This configures the - OCP control plane cloud integrations, and is used by NodePool to resolve - the correct boot AMI for a given release. - type: string - resourceTags: - description: |- - ResourceTags is a list of additional tags to apply to AWS resources created - for the cluster. See - https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for - information on tagging AWS resources. AWS supports a maximum of 50 tags per - resource. OpenShift reserves 25 tags for its use, leaving 25 tags available - for the user. - items: - description: AWSResourceTag is a tag to apply to AWS resources - created for the cluster. - properties: - key: - description: Key is the key of the tag. - maxLength: 128 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - value: - description: |- - Value is the value of the tag. - - - Some AWS service do not support empty values. Since tags are added to - resources in many services, the length of the tag value must meet the - requirements of all services. - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - required: - - key - - value - type: object - maxItems: 25 - type: array - rolesRef: - description: |- - RolesRef contains references to various AWS IAM roles required to enable - integrations such as OIDC. - properties: - controlPlaneOperatorARN: - description: "ControlPlaneOperatorARN is an ARN value - referencing a role appropriate for the Control Plane - Operator.\n\n\nThe following is an example of a valid - policy document:\n\n\n{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": - [\n\t\t{\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Action\": - [\n\t\t\t\t\"ec2:CreateVpcEndpoint\",\n\t\t\t\t\"ec2:DescribeVpcEndpoints\",\n\t\t\t\t\"ec2:ModifyVpcEndpoint\",\n\t\t\t\t\"ec2:DeleteVpcEndpoints\",\n\t\t\t\t\"ec2:CreateTags\",\n\t\t\t\t\"route53:ListHostedZones\",\n\t\t\t\t\"ec2:CreateSecurityGroup\",\n\t\t\t\t\"ec2:AuthorizeSecurityGroupIngress\",\n\t\t\t\t\"ec2:AuthorizeSecurityGroupEgress\",\n\t\t\t\t\"ec2:DeleteSecurityGroup\",\n\t\t\t\t\"ec2:RevokeSecurityGroupIngress\",\n\t\t\t\t\"ec2:RevokeSecurityGroupEgress\",\n\t\t\t\t\"ec2:DescribeSecurityGroups\",\n\t\t\t\t\"ec2:DescribeVpcs\",\n\t\t\t],\n\t\t\t\"Resource\": - \"*\"\n\t\t},\n\t\t{\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Action\": - [\n\t\t\t\t\"route53:ChangeResourceRecordSets\",\n\t\t\t\t\"route53:ListResourceRecordSets\"\n\t\t\t],\n\t\t\t\"Resource\": - \"arn:aws:route53:::%s\"\n\t\t}\n\t]\n}" - type: string - imageRegistryARN: - description: "ImageRegistryARN is an ARN value referencing - a role appropriate for the Image Registry Operator.\n\n\nThe - following is an example of a valid policy document:\n\n\n{\n\t\"Version\": - \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Effect\": - \"Allow\",\n\t\t\t\"Action\": [\n\t\t\t\t\"s3:CreateBucket\",\n\t\t\t\t\"s3:DeleteBucket\",\n\t\t\t\t\"s3:PutBucketTagging\",\n\t\t\t\t\"s3:GetBucketTagging\",\n\t\t\t\t\"s3:PutBucketPublicAccessBlock\",\n\t\t\t\t\"s3:GetBucketPublicAccessBlock\",\n\t\t\t\t\"s3:PutEncryptionConfiguration\",\n\t\t\t\t\"s3:GetEncryptionConfiguration\",\n\t\t\t\t\"s3:PutLifecycleConfiguration\",\n\t\t\t\t\"s3:GetLifecycleConfiguration\",\n\t\t\t\t\"s3:GetBucketLocation\",\n\t\t\t\t\"s3:ListBucket\",\n\t\t\t\t\"s3:GetObject\",\n\t\t\t\t\"s3:PutObject\",\n\t\t\t\t\"s3:DeleteObject\",\n\t\t\t\t\"s3:ListBucketMultipartUploads\",\n\t\t\t\t\"s3:AbortMultipartUpload\",\n\t\t\t\t\"s3:ListMultipartUploadParts\"\n\t\t\t],\n\t\t\t\"Resource\": - \"*\"\n\t\t}\n\t]\n}" - type: string - ingressARN: - description: "The referenced role must have a trust relationship - that allows it to be assumed via web identity.\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html.\nExample:\n{\n\t\t\"Version\": - \"2012-10-17\",\n\t\t\"Statement\": [\n\t\t\t{\n\t\t\t\t\"Effect\": - \"Allow\",\n\t\t\t\t\"Principal\": {\n\t\t\t\t\t\"Federated\": - \"{{ .ProviderARN }}\"\n\t\t\t\t},\n\t\t\t\t\t\"Action\": - \"sts:AssumeRoleWithWebIdentity\",\n\t\t\t\t\"Condition\": - {\n\t\t\t\t\t\"StringEquals\": {\n\t\t\t\t\t\t\"{{ .ProviderName - }}:sub\": {{ .ServiceAccounts }}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t]\n\t}\n\n\nIngressARN - is an ARN value referencing a role appropriate for the - Ingress Operator.\n\n\nThe following is an example of - a valid policy document:\n\n\n{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": - [\n\t\t{\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Action\": - [\n\t\t\t\t\"elasticloadbalancing:DescribeLoadBalancers\",\n\t\t\t\t\"tag:GetResources\",\n\t\t\t\t\"route53:ListHostedZones\"\n\t\t\t],\n\t\t\t\"Resource\": - \"*\"\n\t\t},\n\t\t{\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Action\": - [\n\t\t\t\t\"route53:ChangeResourceRecordSets\"\n\t\t\t],\n\t\t\t\"Resource\": - [\n\t\t\t\t\"arn:aws:route53:::PUBLIC_ZONE_ID\",\n\t\t\t\t\"arn:aws:route53:::PRIVATE_ZONE_ID\"\n\t\t\t]\n\t\t}\n\t]\n}" - type: string - kubeCloudControllerARN: - description: |- - KubeCloudControllerARN is an ARN value referencing a role appropriate for the KCM/KCC. - Source: https://cloud-provider-aws.sigs.k8s.io/prerequisites/#iam-policies - - - The following is an example of a valid policy document: - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DescribeTags", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInstances", - "ec2:DescribeImages", - "ec2:DescribeRegions", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVolumes", - "ec2:CreateSecurityGroup", - "ec2:CreateTags", - "ec2:CreateVolume", - "ec2:ModifyInstanceAttribute", - "ec2:ModifyVolume", - "ec2:AttachVolume", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateRoute", - "ec2:DeleteRoute", - "ec2:DeleteSecurityGroup", - "ec2:DeleteVolume", - "ec2:DetachVolume", - "ec2:RevokeSecurityGroupIngress", - "ec2:DescribeVpcs", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:AttachLoadBalancerToSubnets", - "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", - "elasticloadbalancing:CreateLoadBalancer", - "elasticloadbalancing:CreateLoadBalancerPolicy", - "elasticloadbalancing:CreateLoadBalancerListeners", - "elasticloadbalancing:ConfigureHealthCheck", - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:DeleteLoadBalancerListeners", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DetachLoadBalancerFromSubnets", - "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", - "elasticloadbalancing:ModifyLoadBalancerAttributes", - "elasticloadbalancing:RegisterInstancesWithLoadBalancer", - "elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:CreateTargetGroup", - "elasticloadbalancing:DeleteListener", - "elasticloadbalancing:DeleteTargetGroup", - "elasticloadbalancing:DeregisterTargets", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "elasticloadbalancing:ModifyListener", - "elasticloadbalancing:ModifyTargetGroup", - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:SetLoadBalancerPoliciesOfListener", - "iam:CreateServiceLinkedRole", - "kms:DescribeKey" - ], - "Resource": [ - "*" - ], - "Effect": "Allow" - } - ] - } - type: string - networkARN: - description: "NetworkARN is an ARN value referencing a - role appropriate for the Network Operator.\n\n\nThe - following is an example of a valid policy document:\n\n\n{\n\t\"Version\": - \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Effect\": - \"Allow\",\n\t\t\t\"Action\": [\n\t\t\t\t\"ec2:DescribeInstances\",\n - \ \"ec2:DescribeInstanceStatus\",\n \"ec2:DescribeInstanceTypes\",\n - \ \"ec2:UnassignPrivateIpAddresses\",\n \"ec2:AssignPrivateIpAddresses\",\n - \ \"ec2:UnassignIpv6Addresses\",\n \"ec2:AssignIpv6Addresses\",\n - \ \"ec2:DescribeSubnets\",\n \"ec2:DescribeNetworkInterfaces\"\n\t\t\t],\n\t\t\t\"Resource\": - \"*\"\n\t\t}\n\t]\n}" - type: string - nodePoolManagementARN: - description: "NodePoolManagementARN is an ARN value referencing - a role appropriate for the CAPI Controller.\n\n\nThe - following is an example of a valid policy document:\n\n\n{\n - \ \"Version\": \"2012-10-17\",\n \"Statement\": [\n - \ {\n \"Action\": [\n \"ec2:AssociateRouteTable\",\n - \ \"ec2:AttachInternetGateway\",\n \"ec2:AuthorizeSecurityGroupIngress\",\n - \ \"ec2:CreateInternetGateway\",\n \"ec2:CreateNatGateway\",\n - \ \"ec2:CreateRoute\",\n \"ec2:CreateRouteTable\",\n - \ \"ec2:CreateSecurityGroup\",\n \"ec2:CreateSubnet\",\n - \ \"ec2:CreateTags\",\n \"ec2:DeleteInternetGateway\",\n - \ \"ec2:DeleteNatGateway\",\n \"ec2:DeleteRouteTable\",\n - \ \"ec2:DeleteSecurityGroup\",\n \"ec2:DeleteSubnet\",\n - \ \"ec2:DeleteTags\",\n \"ec2:DescribeAccountAttributes\",\n - \ \"ec2:DescribeAddresses\",\n \"ec2:DescribeAvailabilityZones\",\n - \ \"ec2:DescribeImages\",\n \"ec2:DescribeInstances\",\n - \ \"ec2:DescribeInternetGateways\",\n \"ec2:DescribeNatGateways\",\n - \ \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DescribeNetworkInterfaceAttribute\",\n - \ \"ec2:DescribeRouteTables\",\n \"ec2:DescribeSecurityGroups\",\n - \ \"ec2:DescribeSubnets\",\n \"ec2:DescribeVpcs\",\n - \ \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeVolumes\",\n - \ \"ec2:DetachInternetGateway\",\n \"ec2:DisassociateRouteTable\",\n - \ \"ec2:DisassociateAddress\",\n \"ec2:ModifyInstanceAttribute\",\n - \ \"ec2:ModifyNetworkInterfaceAttribute\",\n \"ec2:ModifySubnetAttribute\",\n - \ \"ec2:RevokeSecurityGroupIngress\",\n \"ec2:RunInstances\",\n - \ \"ec2:TerminateInstances\",\n \"tag:GetResources\",\n - \ \"ec2:CreateLaunchTemplate\",\n \"ec2:CreateLaunchTemplateVersion\",\n - \ \"ec2:DescribeLaunchTemplates\",\n \"ec2:DescribeLaunchTemplateVersions\",\n - \ \"ec2:DeleteLaunchTemplate\",\n \"ec2:DeleteLaunchTemplateVersions\"\n - \ ],\n \"Resource\": [\n \"*\"\n ],\n - \ \"Effect\": \"Allow\"\n },\n {\n \"Condition\": - {\n \"StringLike\": {\n \"iam:AWSServiceName\": - \"elasticloadbalancing.amazonaws.com\"\n }\n },\n - \ \"Action\": [\n \"iam:CreateServiceLinkedRole\"\n - \ ],\n \"Resource\": [\n \"arn:*:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing\"\n - \ ],\n \"Effect\": \"Allow\"\n },\n {\n \"Action\": - [\n \"iam:PassRole\"\n ],\n \"Resource\": - [\n \"arn:*:iam::*:role/*-worker-role\"\n ],\n - \ \"Effect\": \"Allow\"\n },\n\t {\n\t \t\"Effect\": - \"Allow\",\n\t \t\"Action\": [\n\t \t\t\"kms:Decrypt\",\n\t - \ \t\t\"kms:ReEncrypt\",\n\t \t\t\"kms:GenerateDataKeyWithoutPlainText\",\n\t - \ \t\t\"kms:DescribeKey\"\n\t \t],\n\t \t\"Resource\": - \"*\"\n\t },\n\t {\n\t \t\"Effect\": \"Allow\",\n\t - \ \t\"Action\": [\n\t \t\t\"kms:CreateGrant\"\n\t \t],\n\t - \ \t\"Resource\": \"*\",\n\t \t\"Condition\": {\n\t - \ \t\t\"Bool\": {\n\t \t\t\t\"kms:GrantIsForAWSResource\": - true\n\t \t\t}\n\t \t}\n\t }\n ]\n}" - type: string - storageARN: - description: "StorageARN is an ARN value referencing a - role appropriate for the Storage Operator.\n\n\nThe - following is an example of a valid policy document:\n\n\n{\n\t\"Version\": - \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Effect\": - \"Allow\",\n\t\t\t\"Action\": [\n\t\t\t\t\"ec2:AttachVolume\",\n\t\t\t\t\"ec2:CreateSnapshot\",\n\t\t\t\t\"ec2:CreateTags\",\n\t\t\t\t\"ec2:CreateVolume\",\n\t\t\t\t\"ec2:DeleteSnapshot\",\n\t\t\t\t\"ec2:DeleteTags\",\n\t\t\t\t\"ec2:DeleteVolume\",\n\t\t\t\t\"ec2:DescribeInstances\",\n\t\t\t\t\"ec2:DescribeSnapshots\",\n\t\t\t\t\"ec2:DescribeTags\",\n\t\t\t\t\"ec2:DescribeVolumes\",\n\t\t\t\t\"ec2:DescribeVolumesModifications\",\n\t\t\t\t\"ec2:DetachVolume\",\n\t\t\t\t\"ec2:ModifyVolume\"\n\t\t\t],\n\t\t\t\"Resource\": - \"*\"\n\t\t}\n\t]\n}" - type: string - required: - - controlPlaneOperatorARN - - imageRegistryARN - - ingressARN - - kubeCloudControllerARN - - networkARN - - nodePoolManagementARN - - storageARN - type: object - serviceEndpoints: - description: |- - ServiceEndpoints specifies optional custom endpoints which will override - the default service endpoint of specific AWS Services. - - - There must be only one ServiceEndpoint for a given service name. - items: - description: |- - AWSServiceEndpoint stores the configuration for services to - override existing defaults of AWS Services. - properties: - name: - description: |- - Name is the name of the AWS service. - This must be provided and cannot be empty. - type: string - url: - description: |- - URL is fully qualified URI with scheme https, that overrides the default generated - endpoint for a client. - This must be provided and cannot be empty. - pattern: ^https:// - type: string - required: - - name - - url - type: object - type: array - required: - - region - - rolesRef - type: object - azure: - description: Azure defines azure specific settings - properties: - cloud: - default: AzurePublicCloud - description: 'Cloud is the cloud environment identifier, valid - values could be found here: https://github.com/Azure/go-autorest/blob/4c0e21ca2bbb3251fe7853e6f9df6397f53dd419/autorest/azure/environments.go#L33' - enum: - - AzurePublicCloud - - AzureUSGovernmentCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureStackCloud - type: string - credentials: - description: |- - Credentials is the object containing existing Azure credentials needed for creating and managing cloud - infrastructure resources. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - location: - description: |- - Location is the Azure region in where all the cloud infrastructure resources will be created. - - - Example: eastus - type: string - x-kubernetes-validations: - - message: Location is immutable - rule: self == oldSelf - resourceGroup: - default: default - description: |- - ResourceGroupName is the name of an existing resource group where all cloud resources created by the Hosted - Cluster are to be placed. The resource group is expected to exist under the same subscription as SubscriptionID. - - - In ARO HCP, this will be the managed resource group where customer cloud resources will be created. - - - Resource group naming requirements can be found here: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.ResourceGroup.Name/. - - - Example: if your resource group ID is /subscriptions//resourceGroups/, your - ResourceGroupName is . - pattern: ^[a-zA-Z0-9_()\-\.]{1,89}[a-zA-Z0-9_()\-]$ - type: string - x-kubernetes-validations: - - message: ResourceGroupName is immutable - rule: self == oldSelf - securityGroupID: - description: |- - SecurityGroupID is the ID of an existing security group on the SubnetID. This field is provided as part of the - configuration for the Azure cloud provider, aka Azure cloud controller manager (CCM). This security group is - expected to exist under the same subscription as SubscriptionID. - type: string - x-kubernetes-validations: - - message: SecurityGroupID is immutable - rule: self == oldSelf - subnetID: - description: |- - SubnetID is the subnet ID of an existing subnet where the load balancer for node egress will be created. This - subnet is expected to be a subnet within the VNET specified in VnetID. This subnet is expected to exist under the - same subscription as SubscriptionID. - - - In ARO HCP, managed services will create the aforementioned load balancer in ResourceGroupName. - type: string - x-kubernetes-validations: - - message: SubnetID is immutable - rule: self == oldSelf - subscriptionID: - description: SubscriptionID is a unique identifier for an - Azure subscription used to manage resources. - type: string - x-kubernetes-validations: - - message: SubscriptionID is immutable - rule: self == oldSelf - vnetID: - description: |- - VnetID is the ID of an existing VNET to use in creating VMs. The VNET can exist in a different resource group - other than the one specified in ResourceGroupName, but it must exist under the same subscription as - SubscriptionID. - - - In ARO HCP, this will be the ID of the customer provided VNET. - - - Example: /subscriptions//resourceGroups//providers/Microsoft.Network/virtualNetworks/ - type: string - x-kubernetes-validations: - - message: VnetID is immutable - rule: self == oldSelf - required: - - credentials - - location - - resourceGroup - - subnetID - - subscriptionID - type: object - ibmcloud: - description: IBMCloud defines IBMCloud specific settings for components - properties: - providerType: - description: ProviderType is a specific supported infrastructure - provider within IBM Cloud. - type: string - type: object - kubevirt: - description: KubeVirt defines KubeVirt specific settings for cluster - components. - properties: - baseDomainPassthrough: - description: |- - BaseDomainPassthrough toggles whether or not an automatically - generated base domain for the guest cluster should be used that - is a subdomain of the management cluster's *.apps DNS. - - - For the KubeVirt platform, the basedomain can be autogenerated using - the *.apps domain of the management/infra hosting cluster - This makes the guest cluster's base domain a subdomain of the - hypershift infra/mgmt cluster's base domain. - - - Example: - Infra/Mgmt cluster's DNS - Base: example.com - Cluster: mgmt-cluster.example.com - Apps: *.apps.mgmt-cluster.example.com - KubeVirt Guest cluster's DNS - Base: apps.mgmt-cluster.example.com - Cluster: guest.apps.mgmt-cluster.example.com - Apps: *.apps.guest.apps.mgmt-cluster.example.com - - - This is possible using OCP wildcard routes - type: boolean - x-kubernetes-validations: - - message: baseDomainPassthrough is immutable - rule: self == oldSelf - credentials: - description: |- - Credentials defines the client credentials used when creating KubeVirt virtual machines. - Defining credentials is only necessary when the KubeVirt virtual machines are being placed - on a cluster separate from the one hosting the Hosted Control Plane components. - - - The default behavior when Credentials is not defined is for the KubeVirt VMs to be placed on - the same cluster and namespace as the Hosted Control Plane. - properties: - infraKubeConfigSecret: - description: |- - InfraKubeConfigSecret is a reference to a secret that contains the kubeconfig for the external infra cluster - that will be used to host the KubeVirt virtual machines for this cluster. - properties: - key: - type: string - name: - type: string - required: - - key - - name - type: object - x-kubernetes-validations: - - message: infraKubeConfigSecret is immutable - rule: self == oldSelf - infraNamespace: - description: |- - InfraNamespace defines the namespace on the external infra cluster that is used to host the KubeVirt - virtual machines. This namespace must already exist before creating the HostedCluster and the kubeconfig - referenced in the InfraKubeConfigSecret must have access to manage the required resources within this - namespace. - type: string - x-kubernetes-validations: - - message: infraNamespace is immutable - rule: self == oldSelf - required: - - infraNamespace - type: object - generateID: - description: |- - GenerateID is used to uniquely apply a name suffix to resources associated with - kubevirt infrastructure resources - maxLength: 11 - type: string - x-kubernetes-validations: - - message: Kubevirt GenerateID is immutable once set - rule: self == oldSelf - storageDriver: - description: |- - StorageDriver defines how the KubeVirt CSI driver exposes StorageClasses on - the infra cluster (hosting the VMs) to the guest cluster. - properties: - manual: - description: |- - Manual is used to explicilty define how the infra storageclasses are - mapped to guest storageclasses - properties: - storageClassMapping: - description: |- - StorageClassMapping maps StorageClasses on the infra cluster hosting - the KubeVirt VMs to StorageClasses that are made available within the - Guest Cluster. - - - NOTE: It is possible that not all capablities of an infra cluster's - storageclass will be present for the corresponding guest clusters storageclass. - items: - properties: - group: - description: Group contains which group this - mapping belongs to. - type: string - guestStorageClassName: - description: |- - GuestStorageClassName is the name that the corresponding storageclass will - be called within the guest cluster - type: string - infraStorageClassName: - description: |- - InfraStorageClassName is the name of the infra cluster storage class that - will be exposed to the guest. - type: string - required: - - guestStorageClassName - - infraStorageClassName - type: object - type: array - x-kubernetes-validations: - - message: storageClassMapping is immutable - rule: self == oldSelf - volumeSnapshotClassMapping: - items: - properties: - group: - description: Group contains which group this - mapping belongs to. - type: string - guestVolumeSnapshotClassName: - description: |- - GuestVolumeSnapshotClassName is the name that the corresponding volumeSnapshotClass will - be called within the guest cluster - type: string - infraVolumeSnapshotClassName: - description: |- - InfraStorageClassName is the name of the infra cluster volume snapshot class that - will be exposed to the guest. - type: string - required: - - guestVolumeSnapshotClassName - - infraVolumeSnapshotClassName - type: object - type: array - x-kubernetes-validations: - - message: volumeSnapshotClassMapping is immutable - rule: self == oldSelf - type: object - x-kubernetes-validations: - - message: storageDriver.Manual is immutable - rule: self == oldSelf - type: - default: Default - description: Type represents the type of kubevirt csi - driver configuration to use - enum: - - None - - Default - - Manual - type: string - x-kubernetes-validations: - - message: storageDriver.Type is immutable - rule: self == oldSelf - type: object - x-kubernetes-validations: - - message: storageDriver is immutable - rule: self == oldSelf - type: object - x-kubernetes-validations: - - message: Kubevirt GenerateID is required once set - rule: '!has(oldSelf.generateID) || has(self.generateID)' - openstack: - description: OpenStack specifies configuration for clusters running - on OpenStack. - properties: - disableExternalNetwork: - description: |- - DisableExternalNetwork specifies whether or not to attempt to connect the cluster - to an external network. This allows for the creation of clusters when connecting - to an external network is not possible or desirable, e.g. if using a provider network. - type: boolean - externalNetwork: - description: |- - ExternalNetwork is the OpenStack Network to be used to get public internet to the VMs. - This option is ignored if DisableExternalNetwork is set to true. - - - If ExternalNetwork is defined it must refer to exactly one external network. - - - If ExternalNetwork is not defined or is empty the controller will use any - existing external network as long as there is only one. It is an - error if ExternalNetwork is not defined and there are multiple - external networks unless DisableExternalNetwork is also set. - - - If ExternalNetwork is not defined and there are no external networks - the controller will proceed as though DisableExternalNetwork was set. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an OpenStack - network. If provided, cannot be empty. - minProperties: 1 - properties: - description: - description: Description is the description of the - network to filter by. - type: string - name: - description: Name is the name of the network to filter - by. - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - description: ProjectID is the project ID of the network - to filter by. - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network to use. If ID - is provided, the other filters cannot be provided. Must - be in UUID format. - format: uuid - type: string - type: object - identityRef: - description: |- - IdentityRef is a reference to a secret holding OpenStack credentials - to be used when reconciling the hosted cluster. - properties: - cloudName: - description: CloudName specifies the name of the entry - in the clouds.yaml file to use. - type: string - name: - description: |- - Name is the name of a secret in the same namespace as the resource being provisioned. - The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file. - The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate. - type: string - required: - - cloudName - - name - type: object - ingressFloatingIP: - description: |- - IngressFloatingIP is an available floating IP in your OpenStack cluster that will - be associated with the OpenShift ingress port. - type: string - managedSubnets: - description: |- - ManagedSubnets describe the OpenStack Subnet to be created. Cluster actuator will create a network, - and a subnet with the defined DNSNameservers, AllocationPools and the CIDR defined in the HostedCluster - MachineNetwork, and a router connected to the subnet. Currently only one IPv4 - subnet is supported. - items: - properties: - allocationPools: - description: |- - AllocationPools is an array of AllocationPool objects that will be applied to OpenStack Subnet being created. - If set, OpenStack will only allocate these IPs for Machines. It will still be possible to create ports from - outside of these ranges manually. - items: - properties: - end: - description: End represents the end of the AlloctionPool, - that is the highest IP of the pool. - type: string - start: - description: Start represents the start of the - AllocationPool, that is the lowest IP of the - pool. - type: string - required: - - end - - start - type: object - type: array - dnsNameservers: - description: |- - DNSNameservers holds a list of DNS server addresses that will be provided when creating - the subnet. These addresses need to have the same IP version as CIDR. - items: - type: string - type: array - type: object - maxItems: 1 - type: array - x-kubernetes-list-type: atomic - network: - description: |- - Network specifies an existing network to use if no ManagedSubnets - are specified. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an OpenStack - network. If provided, cannot be empty. - minProperties: 1 - properties: - description: - description: Description is the description of the - network to filter by. - type: string - name: - description: Name is the name of the network to filter - by. - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - description: ProjectID is the project ID of the network - to filter by. - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network to use. If ID - is provided, the other filters cannot be provided. Must - be in UUID format. - format: uuid - type: string - type: object - networkMTU: - description: |- - NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID. - This value will be used only if the Cluster actuator creates the network. - If left empty, the network will have the default MTU defined in Openstack network service. - To use this field, the Openstack installation requires the net-mtu neutron API extension. - type: integer - router: - description: |- - Router specifies an existing router to be used if ManagedSubnets are - specified. If specified, no new router will be created. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an OpenStack - router. If provided, cannot be empty. - minProperties: 1 - properties: - description: - description: Description is the description of the - router to filter by. - type: string - name: - description: Name is the name of the router to filter - by. - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - description: ProjectID is the project ID of the router - to filter by. - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the router to use. If ID - is provided, the other filters cannot be provided. Must - be in UUID format. - format: uuid - type: string - type: object - subnets: - description: |- - Subnets specifies existing subnets to use if not ManagedSubnets are - specified. All subnets must be in the network specified by Network. - There can be zero, one, or two subnets. If no subnets are specified, - all subnets in Network will be used. If 2 subnets are specified, one - must be IPv4 and the other IPv6. - items: - description: SubnetParam specifies an OpenStack subnet to - use. It may be specified by either ID or filter, but not - both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select the - subnet. It must match exactly one subnet. - minProperties: 1 - properties: - cidr: - description: CIDR is the CIDR of the subnet to filter - by. - type: string - description: - description: Description is the description of the - subnet to filter by. - type: string - gatewayIP: - description: GatewayIP is the gateway IP of the - subnet to filter by. - type: string - ipVersion: - description: IPVersion is the IP version of the - subnet to filter by. - type: integer - ipv6AddressMode: - description: IPv6AddressMode is the IPv6 address - mode of the subnet to filter by. - type: string - ipv6RAMode: - description: IPv6RAMode is the IPv6 RA mode of the - subnet to filter by. - type: string - name: - description: Name is the name of the subnet to filter - by. - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - description: ProjectID is the project ID of the - subnet to filter by. - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the subnet. It will not - be validated. - format: uuid - type: string - type: object - maxItems: 2 - type: array - x-kubernetes-list-type: atomic - tags: - description: Tags to set on all resources in cluster which - support tags - items: - type: string - type: array - x-kubernetes-list-type: set - required: - - identityRef - type: object - powervs: - description: |- - PowerVS specifies configuration for clusters running on IBMCloud Power VS Service. - This field is immutable. Once set, It can't be changed. - properties: - accountID: - description: |- - AccountID is the IBMCloud account id. - This field is immutable. Once set, It can't be changed. - type: string - cisInstanceCRN: - description: |- - CISInstanceCRN is the IBMCloud CIS Service Instance's Cloud Resource Name - This field is immutable. Once set, It can't be changed. - pattern: '^crn:' - type: string - imageRegistryOperatorCloudCreds: - description: |- - ImageRegistryOperatorCloudCreds is a reference to a secret containing ibm cloud - credentials for image registry operator to get authenticated with ibm cloud. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - ingressOperatorCloudCreds: - description: |- - IngressOperatorCloudCreds is a reference to a secret containing ibm cloud - credentials for ingress operator to get authenticated with ibm cloud. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - kubeCloudControllerCreds: - description: |- - KubeCloudControllerCreds is a reference to a secret containing cloud - credentials with permissions matching the cloud controller policy. - This field is immutable. Once set, It can't be changed. - - - TODO(dan): document the "cloud controller policy" - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - nodePoolManagementCreds: - description: |- - NodePoolManagementCreds is a reference to a secret containing cloud - credentials with permissions matching the node pool management policy. - This field is immutable. Once set, It can't be changed. - - - TODO(dan): document the "node pool management policy" - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - region: - description: |- - Region is the IBMCloud region in which the cluster resides. This configures the - OCP control plane cloud integrations, and is used by NodePool to resolve - the correct boot image for a given release. - This field is immutable. Once set, It can't be changed. - type: string - resourceGroup: - description: |- - ResourceGroup is the IBMCloud Resource Group in which the cluster resides. - This field is immutable. Once set, It can't be changed. - type: string - serviceInstanceID: - description: |- - ServiceInstance is the reference to the Power VS service on which the server instance(VM) will be created. - Power VS service is a container for all Power VS instances at a specific geographic region. - serviceInstance can be created via IBM Cloud catalog or CLI. - ServiceInstanceID is the unique identifier that can be obtained from IBM Cloud UI or IBM Cloud cli. - - - More detail about Power VS service instance. - https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-creating-power-virtual-server - - - This field is immutable. Once set, It can't be changed. - type: string - storageOperatorCloudCreds: - description: |- - StorageOperatorCloudCreds is a reference to a secret containing ibm cloud - credentials for storage operator to get authenticated with ibm cloud. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - subnet: - description: |- - Subnet is the subnet to use for control plane cloud resources. - This field is immutable. Once set, It can't be changed. - properties: - id: - description: ID of resource - type: string - name: - description: Name of resource - type: string - type: object - vpc: - description: |- - VPC specifies IBM Cloud PowerVS Load Balancing configuration for the control - plane. - This field is immutable. Once set, It can't be changed. - properties: - name: - description: |- - Name for VPC to used for all the service load balancer. - This field is immutable. Once set, It can't be changed. - type: string - region: - description: |- - Region is the IBMCloud region in which VPC gets created, this VPC used for all the ingress traffic - into the OCP cluster. - This field is immutable. Once set, It can't be changed. - type: string - subnet: - description: |- - Subnet is the subnet to use for load balancer. - This field is immutable. Once set, It can't be changed. - type: string - zone: - description: |- - Zone is the availability zone where load balancer cloud resources are - created. - This field is immutable. Once set, It can't be changed. - type: string - required: - - name - - region - type: object - zone: - description: |- - Zone is the availability zone where control plane cloud resources are - created. - This field is immutable. Once set, It can't be changed. - type: string - required: - - accountID - - cisInstanceCRN - - imageRegistryOperatorCloudCreds - - ingressOperatorCloudCreds - - kubeCloudControllerCreds - - nodePoolManagementCreds - - region - - resourceGroup - - serviceInstanceID - - storageOperatorCloudCreds - - subnet - - vpc - - zone - type: object - type: - description: Type is the type of infrastructure provider for the - cluster. - enum: - - AWS - - None - - IBMCloud - - Agent - - KubeVirt - - Azure - - PowerVS - - OpenStack - type: string - required: - - type - type: object - pullSecret: - description: |- - PullSecret references a pull secret to be injected into the container - runtime of all cluster nodes. The secret must have a key named - ".dockerconfigjson" whose value is the pull secret JSON. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - release: - description: |- - Release specifies the desired OCP release payload for the hosted cluster. - - - Updating this field will trigger a rollout of the control plane. The - behavior of the rollout will be driven by the ControllerAvailabilityPolicy - and InfrastructureAvailabilityPolicy. - properties: - image: - description: Image is the image pullspec of an OCP release payload - image. - pattern: ^(\w+\S+)$ - type: string - required: - - image - type: object - secretEncryption: - description: |- - SecretEncryption specifies a Kubernetes secret encryption strategy for the - control plane. - properties: - aescbc: - description: AESCBC defines metadata about the AESCBC secret encryption - strategy - properties: - activeKey: - description: ActiveKey defines the active key used to encrypt - new secrets - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - backupKey: - description: |- - BackupKey defines the old key during the rotation process so previously created - secrets can continue to be decrypted until they are all re-encrypted with the active key. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - required: - - activeKey - type: object - kms: - description: KMS defines metadata about the kms secret encryption - strategy - properties: - aws: - description: AWS defines metadata about the configuration - of the AWS KMS Secret Encryption provider - properties: - activeKey: - description: ActiveKey defines the active key used to - encrypt new secrets - properties: - arn: - description: ARN is the Amazon Resource Name for the - encryption key - pattern: '^arn:' - type: string - required: - - arn - type: object - auth: - description: Auth defines metadata about the management - of credentials used to interact with AWS KMS - properties: - awsKms: - description: "The referenced role must have a trust - relationship that allows it to be assumed via web - identity.\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html.\nExample:\n{\n\t\t\"Version\": - \"2012-10-17\",\n\t\t\"Statement\": [\n\t\t\t{\n\t\t\t\t\"Effect\": - \"Allow\",\n\t\t\t\t\"Principal\": {\n\t\t\t\t\t\"Federated\": - \"{{ .ProviderARN }}\"\n\t\t\t\t},\n\t\t\t\t\t\"Action\": - \"sts:AssumeRoleWithWebIdentity\",\n\t\t\t\t\"Condition\": - {\n\t\t\t\t\t\"StringEquals\": {\n\t\t\t\t\t\t\"{{ - .ProviderName }}:sub\": {{ .ServiceAccounts }}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t]\n\t}\n\n\nAWSKMSARN - is an ARN value referencing a role appropriate for - managing the auth via the AWS KMS key.\n\n\nThe - following is an example of a valid policy document:\n\n\n{\n\t\"Version\": - \"2012-10-17\",\n\t\"Statement\": [\n \t{\n\t\t\t\"Effect\": - \"Allow\",\n\t\t\t\"Action\": [\n\t\t\t\t\"kms:Encrypt\",\n\t\t\t\t\"kms:Decrypt\",\n\t\t\t\t\"kms:ReEncrypt*\",\n\t\t\t\t\"kms:GenerateDataKey*\",\n\t\t\t\t\"kms:DescribeKey\"\n\t\t\t],\n\t\t\t\"Resource\": - %q\n\t\t}\n\t]\n}" - type: string - required: - - awsKms - type: object - backupKey: - description: |- - BackupKey defines the old key during the rotation process so previously created - secrets can continue to be decrypted until they are all re-encrypted with the active key. - properties: - arn: - description: ARN is the Amazon Resource Name for the - encryption key - pattern: '^arn:' - type: string - required: - - arn - type: object - region: - description: Region contains the AWS region - type: string - required: - - activeKey - - auth - - region - type: object - azure: - description: Azure defines metadata about the configuration - of the Azure KMS Secret Encryption provider using Azure - key vault - properties: - activeKey: - description: ActiveKey defines the active key used to - encrypt new secrets - properties: - keyName: - description: KeyName is the name of the keyvault key - used for encrypt/decrypt - type: string - keyVaultName: - description: |- - KeyVaultName is the name of the keyvault. Must match criteria specified at https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name - Your Microsoft Entra application used to create the cluster must be authorized to access this keyvault, e.g using the AzureCLI: - `az keyvault set-policy -n $KEYVAULT_NAME --key-permissions decrypt encrypt --spn ` - type: string - keyVersion: - description: KeyVersion contains the version of the - key to use - type: string - required: - - keyName - - keyVaultName - - keyVersion - type: object - backupKey: - description: |- - BackupKey defines the old key during the rotation process so previously created - secrets can continue to be decrypted until they are all re-encrypted with the active key. - properties: - keyName: - description: KeyName is the name of the keyvault key - used for encrypt/decrypt - type: string - keyVaultName: - description: |- - KeyVaultName is the name of the keyvault. Must match criteria specified at https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name - Your Microsoft Entra application used to create the cluster must be authorized to access this keyvault, e.g using the AzureCLI: - `az keyvault set-policy -n $KEYVAULT_NAME --key-permissions decrypt encrypt --spn ` - type: string - keyVersion: - description: KeyVersion contains the version of the - key to use - type: string - required: - - keyName - - keyVaultName - - keyVersion - type: object - required: - - activeKey - type: object - ibmcloud: - description: IBMCloud defines metadata for the IBM Cloud KMS - encryption strategy - properties: - auth: - description: Auth defines metadata for how authentication - is done with IBM Cloud KMS - properties: - managed: - description: |- - Managed defines metadata around the service to service authentication strategy for the IBM Cloud - KMS system (all provider managed). - type: object - type: - description: Type defines the IBM Cloud KMS authentication - strategy - enum: - - Managed - - Unmanaged - type: string - unmanaged: - description: Unmanaged defines the auth metadata the - customer provides to interact with IBM Cloud KMS - properties: - credentials: - description: |- - Credentials should reference a secret with a key field of IBMCloudIAMAPIKeySecretKey that contains a apikey to - call IBM Cloud KMS APIs - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - required: - - credentials - type: object - required: - - type - type: object - keyList: - description: KeyList defines the list of keys used for - data encryption - items: - description: IBMCloudKMSKeyEntry defines metadata for - an IBM Cloud KMS encryption key - properties: - correlationID: - description: CorrelationID is an identifier used - to track all api call usage from hypershift - type: string - crkID: - description: CRKID is the customer rook key id - type: string - instanceID: - description: InstanceID is the id for the key protect - instance - type: string - keyVersion: - description: |- - KeyVersion is a unique number associated with the key. The number increments whenever a new - key is enabled for data encryption. - type: integer - url: - description: URL is the url to call key protect - apis over - pattern: ^https:// - type: string - required: - - correlationID - - crkID - - instanceID - - keyVersion - - url - type: object - type: array - region: - description: Region is the IBM Cloud region - type: string - required: - - auth - - keyList - - region - type: object - provider: - description: Provider defines the KMS provider - enum: - - IBMCloud - - AWS - - Azure - type: string - required: - - provider - type: object - type: - description: Type defines the type of kube secret encryption being - used - enum: - - kms - - aescbc - type: string - required: - - type - type: object - serviceAccountSigningKey: - description: |- - ServiceAccountSigningKey is a reference to a secret containing the private key - used by the service account token issuer. The secret is expected to contain - a single key named "key". If not specified, a service account signing key will - be generated automatically for the cluster. When specifying a service account - signing key, a IssuerURL must also be specified. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - services: - description: |- - Services specifies how individual control plane services are published from - the hosting cluster of the control plane. - - - If a given service is not present in this list, it will be exposed publicly - by default. - items: - description: |- - ServicePublishingStrategyMapping specifies how individual control plane - services are published from the hosting cluster of a control plane. - properties: - service: - description: Service identifies the type of service being published. - enum: - - APIServer - - OAuthServer - - OIDC - - Konnectivity - - Ignition - - OVNSbDb - type: string - servicePublishingStrategy: - description: ServicePublishingStrategy specifies how to publish - Service. - properties: - loadBalancer: - description: LoadBalancer configures exposing a service - using a LoadBalancer. - properties: - hostname: - description: Hostname is the name of the DNS record - that will be created pointing to the LoadBalancer. - type: string - type: object - nodePort: - description: NodePort configures exposing a service using - a NodePort. - properties: - address: - description: Address is the host/ip that the NodePort - service is exposed over. - type: string - port: - description: |- - Port is the port of the NodePort service. If <=0, the port is dynamically - assigned when the service is created. - format: int32 - type: integer - required: - - address - type: object - route: - description: Route configures exposing a service using a - Route. - properties: - hostname: - description: Hostname is the name of the DNS record - that will be created pointing to the Route. - type: string - type: object - type: - description: Type is the publishing strategy used for the - service. - enum: - - LoadBalancer - - NodePort - - Route - - None - - S3 - type: string - required: - - type - type: object - required: - - service - - servicePublishingStrategy - type: object - type: array - sshKey: - description: |- - SSHKey references an SSH key to be injected into all cluster node sshd - servers. The secret must have a single key "id_rsa.pub" whose value is the - public part of an SSH key. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - tolerations: - description: Tolerations when specified, define what custome tolerations - are added to the hcp pods. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - updateService: - description: |- - updateService may be used to specify the preferred upstream update service. - By default it will use the appropriate update service for the cluster and region. - type: string - required: - - networking - - platform - - pullSecret - - release - - services - - sshKey - type: object - x-kubernetes-validations: - - message: Services is immutable. Changes might result in unpredictable - and disruptive behavior. - rule: 'self.platform.type != "IBMCloud" ? self.services == oldSelf.services - : true' - - message: Azure platform requires APIServer Route service with a hostname - to be defined - rule: 'self.platform.type == "Azure" ? self.services.exists(s, s.service - == "APIServer" && s.servicePublishingStrategy.type == "Route" && s.servicePublishingStrategy.route.hostname - != "") : true' - - message: Azure platform requires OAuthServer Route service with a hostname - to be defined - rule: 'self.platform.type == "Azure" ? self.services.exists(s, s.service - == "OAuthServer" && s.servicePublishingStrategy.type == "Route" && - s.servicePublishingStrategy.route.hostname != "") : true' - - message: Azure platform requires Konnectivity Route service with a hostname - to be defined - rule: 'self.platform.type == "Azure" ? self.services.exists(s, s.service - == "Konnectivity" && s.servicePublishingStrategy.type == "Route" && - s.servicePublishingStrategy.route.hostname != "") : true' - - message: Azure platform requires Ignition Route service with a hostname - to be defined - rule: 'self.platform.type == "Azure" ? self.services.exists(s, s.service - == "Ignition" && s.servicePublishingStrategy.type == "Route" && s.servicePublishingStrategy.route.hostname - != "") : true' - status: - description: Status is the latest observed status of the HostedCluster. - properties: - conditions: - description: |- - Conditions represents the latest available observations of a control - plane's current state. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint contains the endpoint information by which - external clients can access the control plane. This is populated - after the infrastructure is ready. - properties: - host: - description: Host is the hostname on which the API server is serving. - type: string - port: - description: Port is the port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - ignitionEndpoint: - description: |- - IgnitionEndpoint is the endpoint injected in the ign config userdata. - It exposes the config for instances to become kubernetes nodes. - type: string - kubeadminPassword: - description: |- - KubeadminPassword is a reference to the secret that contains the initial - kubeadmin user password for the guest cluster. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - kubeconfig: - description: |- - KubeConfig is a reference to the secret containing the default kubeconfig - for the cluster. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - oauthCallbackURLTemplate: - description: |- - OAuthCallbackURLTemplate contains a template for the URL to use as a callback - for identity providers. The [identity-provider-name] placeholder must be replaced - with the name of an identity provider defined on the HostedCluster. - This is populated after the infrastructure is ready. - type: string - platform: - description: Platform contains platform-specific status of the HostedCluster - properties: - aws: - description: AWSPlatformStatus contains status specific to the - AWS platform - properties: - defaultWorkerSecurityGroupID: - description: |- - DefaultWorkerSecurityGroupID is the ID of a security group created by - the control plane operator. It is always added to worker machines in - addition to any security groups specified in the NodePool. - type: string - type: object - type: object - version: - description: |- - Version is the status of the release version applied to the - HostedCluster. - properties: - availableUpdates: - description: |- - availableUpdates contains updates recommended for this - cluster. Updates which appear in conditionalUpdates but not in - availableUpdates may expose this cluster to known issues. This list - may be empty if no updates are recommended, if the update service - is unavailable, or if an invalid channel has been specified. - items: - description: Release represents an OpenShift release image and - associated metadata. - properties: - channels: - description: |- - channels is the set of Cincinnati channels to which the release - currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: |- - image is a container image location that contains the update. When this - field is part of spec, image is optional if version is specified and the - availableUpdates field contains a matching version. - type: string - url: - description: |- - url contains information about this release. This URL is set by - the 'url' metadata property on a release or the metadata returned by - the update API and should be displayed as a link in user - interfaces. The URL field may not be set for test or nightly - releases. - type: string - version: - description: |- - version is a semantic version identifying the update version. When this - field is part of spec, version is optional if image is specified. - type: string - type: object - nullable: true - type: array - conditionalUpdates: - description: |- - conditionalUpdates contains the list of updates that may be - recommended for this cluster if it meets specific required - conditions. Consumers interested in the set of updates that are - actually recommended for this cluster should use - availableUpdates. This list may be empty if no updates are - recommended, if the update service is unavailable, or if an empty - or invalid channel has been specified. - items: - description: |- - ConditionalUpdate represents an update which is recommended to some - clusters on the version the current cluster is reconciling, but which - may not be recommended for the current cluster. - properties: - conditions: - description: |- - conditions represents the observations of the conditional update's - current status. Known types are: - * Recommended, for whether the update is recommended for the current cluster. - items: - description: "Condition contains details for one aspect - of the current state of this API Resource.\n---\nThis - struct is intended for direct use as an array at the - field path .status.conditions. For example,\n\n\n\ttype - FooStatus struct{\n\t // Represents the observations - of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t - \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t - \ // +listType=map\n\t // +listMapKey=type\n\t - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, - False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - release: - description: release is the target of the update. - properties: - channels: - description: |- - channels is the set of Cincinnati channels to which the release - currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: |- - image is a container image location that contains the update. When this - field is part of spec, image is optional if version is specified and the - availableUpdates field contains a matching version. - type: string - url: - description: |- - url contains information about this release. This URL is set by - the 'url' metadata property on a release or the metadata returned by - the update API and should be displayed as a link in user - interfaces. The URL field may not be set for test or nightly - releases. - type: string - version: - description: |- - version is a semantic version identifying the update version. When this - field is part of spec, version is optional if image is specified. - type: string - type: object - risks: - description: |- - risks represents the range of issues associated with - updating to the target release. The cluster-version - operator will evaluate all entries, and only recommend the - update if there is at least one entry and all entries - recommend the update. - items: - description: |- - ConditionalUpdateRisk represents a reason and cluster-state - for not recommending a conditional update. - properties: - matchingRules: - description: |- - matchingRules is a slice of conditions for deciding which - clusters match the risk and which do not. The slice is - ordered by decreasing precedence. The cluster-version - operator will walk the slice in order, and stop after the - first it can successfully evaluate. If no condition can be - successfully evaluated, the update will not be recommended. - items: - description: |- - ClusterCondition is a union of typed cluster conditions. The 'type' - property determines which of the type-specific properties are relevant. - When evaluated on a cluster, the condition may match, not match, or - fail to evaluate. - properties: - promql: - description: promQL represents a cluster condition - based on PromQL. - properties: - promql: - description: |- - PromQL is a PromQL query classifying clusters. This query - query should return a 1 in the match case and a 0 in the - does-not-match case. Queries which return no time - series, or which return values besides 0 or 1, are - evaluation failures. - type: string - required: - - promql - type: object - type: - description: |- - type represents the cluster-condition type. This defines - the members and semantics of any additional properties. - enum: - - Always - - PromQL - type: string - required: - - type - type: object - minItems: 1 - type: array - x-kubernetes-list-type: atomic - message: - description: |- - message provides additional information about the risk of - updating, in the event that matchingRules match the cluster - state. This is only to be consumed by humans. It may - contain Line Feed characters (U+000A), which should be - rendered as new lines. - minLength: 1 - type: string - name: - description: |- - name is the CamelCase reason for not recommending a - conditional update, in the event that matchingRules match the - cluster state. - minLength: 1 - type: string - url: - description: url contains information about this risk. - format: uri - minLength: 1 - type: string - required: - - matchingRules - - message - - name - - url - type: object - minItems: 1 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - release - - risks - type: object - type: array - x-kubernetes-list-type: atomic - desired: - description: |- - desired is the version that the cluster is reconciling towards. - If the cluster is not yet fully initialized desired will be set - with the information available, which may be an image or a tag. - properties: - channels: - description: |- - channels is the set of Cincinnati channels to which the release - currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: |- - image is a container image location that contains the update. When this - field is part of spec, image is optional if version is specified and the - availableUpdates field contains a matching version. - type: string - url: - description: |- - url contains information about this release. This URL is set by - the 'url' metadata property on a release or the metadata returned by - the update API and should be displayed as a link in user - interfaces. The URL field may not be set for test or nightly - releases. - type: string - version: - description: |- - version is a semantic version identifying the update version. When this - field is part of spec, version is optional if image is specified. - type: string - type: object - history: - description: |- - history contains a list of the most recent versions applied to the cluster. - This value may be empty during cluster startup, and then will be updated - when a new update is being applied. The newest update is first in the - list and it is ordered by recency. Updates in the history have state - Completed if the rollout completed - if an update was failing or halfway - applied the state will be Partial. Only a limited amount of update history - is preserved. - items: - description: UpdateHistory is a single attempted update to the - cluster. - properties: - acceptedRisks: - description: |- - acceptedRisks records risks which were accepted to initiate the update. - For example, it may menition an Upgradeable=False or missing signature - that was overriden via desiredUpdate.force, or an update that was - initiated despite not being in the availableUpdates set of recommended - update targets. - type: string - completionTime: - description: |- - completionTime, if set, is when the update was fully applied. The update - that is currently being applied will have a null completion time. - Completion time will always be set for entries that are not the current - update (usually to the started time of the next update). - format: date-time - nullable: true - type: string - image: - description: |- - image is a container image location that contains the update. This value - is always populated. - type: string - startedTime: - description: startedTime is the time at which the update - was started. - format: date-time - type: string - state: - description: |- - state reflects whether the update was fully applied. The Partial state - indicates the update is not fully applied, while the Completed state - indicates the update was successfully rolled out at least once (all - parts of the update successfully applied). - type: string - verified: - description: |- - verified indicates whether the provided update was properly verified - before it was installed. If this is false the cluster may not be trusted. - Verified does not cover upgradeable checks that depend on the cluster - state at the time when the update target was accepted. - type: boolean - version: - description: |- - version is a semantic version identifying the update version. If the - requested image does not define a version, or if a failure occurs - retrieving the image, this value may be empty. - type: string - required: - - completionTime - - image - - startedTime - - state - - verified - type: object - type: array - observedGeneration: - description: |- - observedGeneration reports which version of the spec is being synced. - If this value is not equal to metadata.generation, then the desired - and conditions fields may represent a previous version. - format: int64 - type: integer - required: - - availableUpdates - - desired - - observedGeneration - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-hostedcontrolplanes.hypershift.openshift.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-hostedcontrolplanes.hypershift.openshift.io.yaml deleted file mode 100644 index d217204b0..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-hostedcontrolplanes.hypershift.openshift.io.yaml +++ /dev/null @@ -1,10227 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - labels: - cluster.x-k8s.io/v1beta1: v1beta1 - name: hostedcontrolplanes.hypershift.openshift.io -spec: - group: hypershift.openshift.io - names: - categories: - - cluster-api - kind: HostedControlPlane - listKind: HostedControlPlaneList - plural: hostedcontrolplanes - shortNames: - - hcp - - hcps - singular: hostedcontrolplane - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: HostedControlPlane defines the desired state of HostedControlPlane - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: HostedControlPlaneSpec defines the desired state of HostedControlPlane - properties: - additionalTrustBundle: - description: AdditionalTrustBundle references a ConfigMap containing - a PEM-encoded X.509 certificate bundle - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - apiAdvertiseAddress: - description: |- - deprecated - use networking.apiServer.AdvertiseAddress - APIAdvertiseAddress is the address at which the APIServer listens - inside a worker. - type: string - apiAllowedCIDRBlocks: - description: |- - deprecated - use networking.apiServer.APIAllowedCIDRBlocks - APIAllowedCIDRBlocks is an allow list of CIDR blocks that can access the APIServer - If not specified, traffic is allowed from all addresses. - This depends on underlying support by the cloud provider for Service LoadBalancerSourceRanges - items: - pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$ - type: string - type: array - apiPort: - description: |- - deprecated - use networking.apiServer.APIPort - APIPort is the port at which the APIServer listens inside a worker - format: int32 - type: integer - auditWebhook: - description: |- - AuditWebhook contains metadata for configuring an audit webhook - endpoint for a cluster to process cluster audit events. It references - a secret that contains the webhook information for the audit webhook endpoint. - It is a secret because if the endpoint has MTLS the kubeconfig will contain client - keys. This is currently only supported in IBM Cloud. The kubeconfig needs to be stored - in the secret with a secret key name that corresponds to the constant AuditWebhookKubeconfigKey. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - autoscaling: - description: |- - Autoscaling specifies auto-scaling behavior that applies to all NodePools - associated with the control plane. - properties: - maxNodeProvisionTime: - description: |- - MaxNodeProvisionTime is the maximum time to wait for node provisioning - before considering the provisioning to be unsuccessful, expressed as a Go - duration string. The default is 15 minutes. - pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ - type: string - maxNodesTotal: - description: |- - MaxNodesTotal is the maximum allowable number of nodes across all NodePools - for a HostedCluster. The autoscaler will not grow the cluster beyond this - number. - format: int32 - minimum: 0 - type: integer - maxPodGracePeriod: - description: |- - MaxPodGracePeriod is the maximum seconds to wait for graceful pod - termination before scaling down a NodePool. The default is 600 seconds. - format: int32 - minimum: 0 - type: integer - podPriorityThreshold: - description: |- - PodPriorityThreshold enables users to schedule "best-effort" pods, which - shouldn't trigger autoscaler actions, but only run when there are spare - resources available. The default is -10. - - - See the following for more details: - https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#how-does-cluster-autoscaler-work-with-pod-priority-and-preemption - format: int32 - type: integer - type: object - channel: - description: |- - channel is an identifier for explicitly requesting that a non-default - set of updates be applied to this cluster. The default channel will be - contain stable updates that are appropriate for production clusters. - type: string - clusterID: - description: |- - ClusterID is the unique id that identifies the cluster externally. - Making it optional here allows us to keep compatibility with previous - versions of the control-plane-operator that have no knowledge of this - field. - type: string - configuration: - description: |- - Configuration embeds resources that correspond to the openshift configuration API: - https://docs.openshift.com/container-platform/4.7/rest_api/config_apis/config-apis-index.html - properties: - apiServer: - description: |- - APIServer holds configuration (like serving certificates, client CA and CORS domains) - shared by all API servers in the system, among them especially kube-apiserver - and openshift-apiserver. - properties: - additionalCORSAllowedOrigins: - description: |- - additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the - API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth - server from JavaScript applications. - The values are regular expressions that correspond to the Golang regular expression language. - items: - type: string - type: array - audit: - default: - profile: Default - description: |- - audit specifies the settings for audit configuration to be applied to all OpenShift-provided - API servers in the cluster. - properties: - customRules: - description: |- - customRules specify profiles per group. These profile take precedence over the - top-level profile field if they apply. They are evaluation from top to bottom and - the first one that matches, applies. - items: - description: |- - AuditCustomRule describes a custom rule for an audit profile that takes precedence over - the top-level profile. - properties: - group: - description: group is a name of group a request - user must be member of in order to this profile - to apply. - minLength: 1 - type: string - profile: - description: |- - profile specifies the name of the desired audit policy configuration to be deployed to - all OpenShift-provided API servers in the cluster. - - - The following profiles are provided: - - Default: the existing default policy. - - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for - write requests (create, update, patch). - - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response - HTTP payloads for read requests (get, list). - - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. - - - If unset, the 'Default' profile is used as the default. - enum: - - Default - - WriteRequestBodies - - AllRequestBodies - - None - type: string - required: - - group - - profile - type: object - type: array - x-kubernetes-list-map-keys: - - group - x-kubernetes-list-type: map - profile: - default: Default - description: |- - profile specifies the name of the desired top-level audit profile to be applied to all requests - sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, - openshift-apiserver and oauth-apiserver), with the exception of those requests that match - one or more of the customRules. - - - The following profiles are provided: - - Default: default policy which means MetaData level logging with the exception of events - (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody - level). - - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for - write requests (create, update, patch). - - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response - HTTP payloads for read requests (get, list). - - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. - - - Warning: It is not recommended to disable audit logging by using the `None` profile unless you - are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. - If you disable audit logging and a support situation arises, you might need to enable audit logging - and reproduce the issue in order to troubleshoot properly. - - - If unset, the 'Default' profile is used as the default. - enum: - - Default - - WriteRequestBodies - - AllRequestBodies - - None - type: string - type: object - clientCA: - description: |- - clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for - incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. - You usually only have to set this if you have your own PKI you wish to honor client certificates from. - The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - - ConfigMap.Data["ca-bundle.crt"] - CA bundle. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - encryption: - description: encryption allows the configuration of encryption - of resources at the datastore layer. - properties: - type: - description: |- - type defines what encryption type should be used to encrypt resources at the datastore layer. - When this field is unset (i.e. when it is set to the empty string), identity is implied. - The behavior of unset can and will change over time. Even if encryption is enabled by default, - the meaning of unset may change to a different encryption type based on changes in best practices. - - - When encryption is enabled, all sensitive resources shipped with the platform are encrypted. - This list of sensitive resources can and will change over time. The current authoritative list is: - - - 1. secrets - 2. configmaps - 3. routes.route.openshift.io - 4. oauthaccesstokens.oauth.openshift.io - 5. oauthauthorizetokens.oauth.openshift.io - enum: - - "" - - identity - - aescbc - - aesgcm - type: string - type: object - servingCerts: - description: |- - servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates - will be used for serving secure traffic. - properties: - namedCertificates: - description: |- - namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. - If no named certificates are provided, or no named certificates match the server name as understood by a client, - the defaultServingCertificate will be used. - items: - description: APIServerNamedServingCert maps a server - DNS name, as understood by a client, to a certificate. - properties: - names: - description: |- - names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to - serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. - Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names. - items: - type: string - type: array - servingCertificate: - description: |- - servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. - The secret must exist in the openshift-config namespace and contain the following required fields: - - Secret.Data["tls.key"] - TLS private key. - - Secret.Data["tls.crt"] - TLS certificate. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - type: object - type: array - type: object - tlsSecurityProfile: - description: |- - tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. - - - If unset, a default (which may change between releases) is chosen. Note that only Old, - Intermediate and Custom profiles are currently supported, and the maximum available - minTLSVersion is VersionTLS12. - properties: - custom: - description: |- - custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: - - - ciphers: - - - - ECDHE-ECDSA-CHACHA20-POLY1305 - - - - ECDHE-RSA-CHACHA20-POLY1305 - - - - ECDHE-RSA-AES128-GCM-SHA256 - - - - ECDHE-ECDSA-AES128-GCM-SHA256 - - - minTLSVersion: VersionTLS11 - nullable: true - properties: - ciphers: - description: |- - ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): - - - ciphers: - - DES-CBC3-SHA - items: - type: string - type: array - minTLSVersion: - description: |- - minTLSVersion is used to specify the minimal version of the TLS protocol - that is negotiated during the TLS handshake. For example, to use TLS - versions 1.1, 1.2 and 1.3 (yaml): - - - minTLSVersion: VersionTLS11 - - - NOTE: currently the highest minTLSVersion allowed is VersionTLS12 - enum: - - VersionTLS10 - - VersionTLS11 - - VersionTLS12 - - VersionTLS13 - type: string - type: object - intermediate: - description: |- - intermediate is a TLS security profile based on: - - - https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 - - - and looks like this (yaml): - - - ciphers: - - - - TLS_AES_128_GCM_SHA256 - - - - TLS_AES_256_GCM_SHA384 - - - - TLS_CHACHA20_POLY1305_SHA256 - - - - ECDHE-ECDSA-AES128-GCM-SHA256 - - - - ECDHE-RSA-AES128-GCM-SHA256 - - - - ECDHE-ECDSA-AES256-GCM-SHA384 - - - - ECDHE-RSA-AES256-GCM-SHA384 - - - - ECDHE-ECDSA-CHACHA20-POLY1305 - - - - ECDHE-RSA-CHACHA20-POLY1305 - - - - DHE-RSA-AES128-GCM-SHA256 - - - - DHE-RSA-AES256-GCM-SHA384 - - - minTLSVersion: VersionTLS12 - nullable: true - type: object - modern: - description: |- - modern is a TLS security profile based on: - - - https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility - - - and looks like this (yaml): - - - ciphers: - - - - TLS_AES_128_GCM_SHA256 - - - - TLS_AES_256_GCM_SHA384 - - - - TLS_CHACHA20_POLY1305_SHA256 - - - minTLSVersion: VersionTLS13 - nullable: true - type: object - old: - description: |- - old is a TLS security profile based on: - - - https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility - - - and looks like this (yaml): - - - ciphers: - - - - TLS_AES_128_GCM_SHA256 - - - - TLS_AES_256_GCM_SHA384 - - - - TLS_CHACHA20_POLY1305_SHA256 - - - - ECDHE-ECDSA-AES128-GCM-SHA256 - - - - ECDHE-RSA-AES128-GCM-SHA256 - - - - ECDHE-ECDSA-AES256-GCM-SHA384 - - - - ECDHE-RSA-AES256-GCM-SHA384 - - - - ECDHE-ECDSA-CHACHA20-POLY1305 - - - - ECDHE-RSA-CHACHA20-POLY1305 - - - - DHE-RSA-AES128-GCM-SHA256 - - - - DHE-RSA-AES256-GCM-SHA384 - - - - DHE-RSA-CHACHA20-POLY1305 - - - - ECDHE-ECDSA-AES128-SHA256 - - - - ECDHE-RSA-AES128-SHA256 - - - - ECDHE-ECDSA-AES128-SHA - - - - ECDHE-RSA-AES128-SHA - - - - ECDHE-ECDSA-AES256-SHA384 - - - - ECDHE-RSA-AES256-SHA384 - - - - ECDHE-ECDSA-AES256-SHA - - - - ECDHE-RSA-AES256-SHA - - - - DHE-RSA-AES128-SHA256 - - - - DHE-RSA-AES256-SHA256 - - - - AES128-GCM-SHA256 - - - - AES256-GCM-SHA384 - - - - AES128-SHA256 - - - - AES256-SHA256 - - - - AES128-SHA - - - - AES256-SHA - - - - DES-CBC3-SHA - - - minTLSVersion: VersionTLS10 - nullable: true - type: object - type: - description: |- - type is one of Old, Intermediate, Modern or Custom. Custom provides - the ability to specify individual TLS security profile parameters. - Old, Intermediate and Modern are TLS security profiles based on: - - - https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations - - - The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers - are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be - reduced. - - - Note that the Modern profile is currently not supported because it is not - yet well adopted by common software libraries. - enum: - - Old - - Intermediate - - Modern - - Custom - type: string - type: object - type: object - authentication: - description: |- - Authentication specifies cluster-wide settings for authentication (like OAuth and - webhook token authenticators). - properties: - oauthMetadata: - description: |- - oauthMetadata contains the discovery endpoint data for OAuth 2.0 - Authorization Server Metadata for an external OAuth server. - This discovery document can be viewed from its served location: - oc get --raw '/.well-known/oauth-authorization-server' - For further details, see the IETF Draft: - https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - If oauthMetadata.name is non-empty, this value has precedence - over any metadata reference stored in status. - The key "oauthMetadata" is used to locate the data. - If specified and the config map or expected key is not found, no metadata is served. - If the specified metadata is not valid, no metadata is served. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - oidcProviders: - description: |- - OIDCProviders are OIDC identity providers that can issue tokens - for this cluster - Can only be set if "Type" is set to "OIDC". - - - At most one provider can be configured. - items: - properties: - claimMappings: - description: |- - ClaimMappings describes rules on how to transform information from an - ID token into a cluster identity - properties: - groups: - description: |- - Groups is a name of the claim that should be used to construct - groups for the cluster identity. - The referenced claim must use array of strings values. - properties: - claim: - description: Claim is a JWT token claim to be - used in the mapping - type: string - prefix: - description: |- - Prefix is a string to prefix the value from the token in the result of the - claim mapping. - - - By default, no prefixing occurs. - - - Example: if `prefix` is set to "myoidc:"" and the `claim` in JWT contains - an array of strings "a", "b" and "c", the mapping will result in an - array of string "myoidc:a", "myoidc:b" and "myoidc:c". - type: string - required: - - claim - type: object - username: - description: |- - Username is a name of the claim that should be used to construct - usernames for the cluster identity. - - - Default value: "sub" - properties: - claim: - description: Claim is a JWT token claim to be - used in the mapping - type: string - prefix: - properties: - prefixString: - minLength: 1 - type: string - required: - - prefixString - type: object - prefixPolicy: - description: |- - PrefixPolicy specifies how a prefix should apply. - - - By default, claims other than `email` will be prefixed with the issuer URL to - prevent naming clashes with other plugins. - - - Set to "NoPrefix" to disable prefixing. - - - Example: - (1) `prefix` is set to "myoidc:" and `claim` is set to "username". - If the JWT claim `username` contains value `userA`, the resulting - mapped value will be "myoidc:userA". - (2) `prefix` is set to "myoidc:" and `claim` is set to "email". If the - JWT `email` claim contains value "userA@myoidc.tld", the resulting - mapped value will be "myoidc:userA@myoidc.tld". - (3) `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`, - the JWT claims include "username":"userA" and "email":"userA@myoidc.tld", - and `claim` is set to: - (a) "username": the mapped value will be "https://myoidc.tld#userA" - (b) "email": the mapped value will be "userA@myoidc.tld" - enum: - - "" - - NoPrefix - - Prefix - type: string - required: - - claim - type: object - x-kubernetes-validations: - - message: prefix must be set if prefixPolicy is - 'Prefix', but must remain unset otherwise - rule: 'has(self.prefixPolicy) && self.prefixPolicy - == ''Prefix'' ? (has(self.prefix) && size(self.prefix.prefixString) - > 0) : !has(self.prefix)' - type: object - claimValidationRules: - description: ClaimValidationRules are rules that are - applied to validate token claims to authenticate users. - items: - properties: - requiredClaim: - description: |- - RequiredClaim allows configuring a required claim name and its expected - value - properties: - claim: - description: |- - Claim is a name of a required claim. Only claims with string values are - supported. - minLength: 1 - type: string - requiredValue: - description: RequiredValue is the required - value for the claim. - minLength: 1 - type: string - required: - - claim - - requiredValue - type: object - type: - default: RequiredClaim - description: Type sets the type of the validation - rule - enum: - - RequiredClaim - type: string - type: object - type: array - x-kubernetes-list-type: atomic - issuer: - description: Issuer describes atributes of the OIDC - token issuer - properties: - audiences: - description: |- - Audiences is an array of audiences that the token was issued for. - Valid tokens must include at least one of these values in their - "aud" claim. - Must be set to exactly one value. - items: - minLength: 1 - type: string - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: set - issuerCertificateAuthority: - description: |- - CertificateAuthority is a reference to a config map in the - configuration namespace. The .data of the configMap must contain - the "ca-bundle.crt" key. - If unset, system trust is used instead. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - issuerURL: - description: |- - URL is the serving URL of the token issuer. - Must use the https:// scheme. - pattern: ^https:\/\/[^\s] - type: string - required: - - audiences - - issuerURL - type: object - name: - description: Name of the OIDC provider - minLength: 1 - type: string - oidcClients: - description: |- - OIDCClients contains configuration for the platform's clients that - need to request tokens from the issuer - items: - properties: - clientID: - description: ClientID is the identifier of the - OIDC client from the OIDC provider - minLength: 1 - type: string - clientSecret: - description: |- - ClientSecret refers to a secret in the `openshift-config` namespace that - contains the client secret in the `clientSecret` key of the `.data` field - properties: - name: - description: name is the metadata.name of - the referenced secret - type: string - required: - - name - type: object - componentName: - description: |- - ComponentName is the name of the component that is supposed to consume this - client configuration - maxLength: 256 - minLength: 1 - type: string - componentNamespace: - description: |- - ComponentNamespace is the namespace of the component that is supposed to consume this - client configuration - maxLength: 63 - minLength: 1 - type: string - extraScopes: - description: ExtraScopes is an optional set of - scopes to request tokens with. - items: - type: string - type: array - x-kubernetes-list-type: set - required: - - clientID - - componentName - - componentNamespace - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - componentNamespace - - componentName - x-kubernetes-list-type: map - required: - - issuer - - name - type: object - maxItems: 1 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - serviceAccountIssuer: - description: |- - serviceAccountIssuer is the identifier of the bound service account token - issuer. - The default is https://kubernetes.default.svc - WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the - previous issuer value. Instead, the tokens issued by previous service account issuer will continue to - be trusted for a time period chosen by the platform (currently set to 24h). - This time period is subject to change over time. - This allows internal components to transition to use new service account issuer without service distruption. - type: string - type: - description: |- - type identifies the cluster managed, user facing authentication mode in use. - Specifically, it manages the component that responds to login attempts. - The default is IntegratedOAuth. - type: string - webhookTokenAuthenticator: - description: |- - webhookTokenAuthenticator configures a remote token reviewer. - These remote authentication webhooks can be used to verify bearer tokens - via the tokenreviews.authentication.k8s.io REST API. This is required to - honor bearer tokens that are provisioned by an external authentication service. - - - Can only be set if "Type" is set to "None". - properties: - kubeConfig: - description: |- - kubeConfig references a secret that contains kube config file data which - describes how to access the remote webhook service. - The namespace for the referenced secret is openshift-config. - - - For further details, see: - - - https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - - - The key "kubeConfig" is used to locate the data. - If the secret or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook is not honored. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - required: - - kubeConfig - type: object - webhookTokenAuthenticators: - description: webhookTokenAuthenticators is DEPRECATED, setting - it has no effect. - items: - description: |- - deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. - It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field. - properties: - kubeConfig: - description: |- - kubeConfig contains kube config file data which describes how to access the remote webhook service. - For further details, see: - https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - The key "kubeConfig" is used to locate the data. - If the secret or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook is not honored. - The namespace for this secret is determined by the point of use. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - type: array - x-kubernetes-list-type: atomic - type: object - configMapRefs: - description: |- - ConfigMapRefs holds references to any configmaps referenced by - configuration entries. Entries can reference the configmaps using local - object references. - - - Deprecated - This field is deprecated and will be removed in a future release - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - type: array - featureGate: - description: FeatureGate holds cluster-wide information about - feature gates. - properties: - customNoUpgrade: - description: |- - customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. - Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations - your cluster may fail in an unrecoverable way. featureSet must equal "CustomNoUpgrade" must be set to use this field. - nullable: true - properties: - disabled: - description: disabled is a list of all feature gates that - you want to force off - items: - description: FeatureGateName is a string to enforce - patterns on the name of a FeatureGate - pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$ - type: string - type: array - enabled: - description: enabled is a list of all feature gates that - you want to force on - items: - description: FeatureGateName is a string to enforce - patterns on the name of a FeatureGate - pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$ - type: string - type: array - type: object - featureSet: - description: |- - featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting. - Turning on or off features may cause irreversible changes in your cluster which cannot be undone. - type: string - x-kubernetes-validations: - - message: CustomNoUpgrade may not be changed - rule: 'oldSelf == ''CustomNoUpgrade'' ? self == ''CustomNoUpgrade'' - : true' - - message: TechPreviewNoUpgrade may not be changed - rule: 'oldSelf == ''TechPreviewNoUpgrade'' ? self == ''TechPreviewNoUpgrade'' - : true' - - message: DevPreviewNoUpgrade may not be changed - rule: 'oldSelf == ''DevPreviewNoUpgrade'' ? self == ''DevPreviewNoUpgrade'' - : true' - type: object - image: - description: |- - Image governs policies related to imagestream imports and runtime configuration - for external registries. It allows cluster admins to configure which registries - OpenShift is allowed to import images from, extra CA trust bundles for external - registries, and policies to block or allow registry hostnames. - When exposing OpenShift's image registry to the public, this also lets cluster - admins specify the external hostname. - properties: - additionalTrustedCA: - description: |- - additionalTrustedCA is a reference to a ConfigMap containing additional CAs that - should be trusted during imagestream import, pod image pull, build image pull, and - imageregistry pullthrough. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - allowedRegistriesForImport: - description: |- - allowedRegistriesForImport limits the container image registries that normal users may import - images from. Set this list to the registries that you trust to contain valid Docker - images and that you want applications to be able to import from. Users with - permission to create Images or ImageStreamMappings via the API are not affected by - this policy - typically only administrators or system integrations will have those - permissions. - items: - description: |- - RegistryLocation contains a location of the registry specified by the registry domain - name. The domain name might include wildcards, like '*' or '??'. - properties: - domainName: - description: |- - domainName specifies a domain name for the registry - In case the registry use non-standard (80 or 443) port, the port should be included - in the domain name as well. - type: string - insecure: - description: |- - insecure indicates whether the registry is secure (https) or insecure (http) - By default (if not specified) the registry is assumed as secure. - type: boolean - type: object - type: array - externalRegistryHostnames: - description: |- - externalRegistryHostnames provides the hostnames for the default external image - registry. The external hostname should be set only when the image registry - is exposed externally. The first value is used in 'publicDockerImageRepository' - field in ImageStreams. The value must be in "hostname[:port]" format. - items: - type: string - type: array - registrySources: - description: |- - registrySources contains configuration that determines how the container runtime - should treat individual registries when accessing images for builds+pods. (e.g. - whether or not to allow insecure access). It does not contain configuration for the - internal cluster registry. - properties: - allowedRegistries: - description: |- - allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. - - - Only one of BlockedRegistries or AllowedRegistries may be set. - items: - type: string - type: array - blockedRegistries: - description: |- - blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. - - - Only one of BlockedRegistries or AllowedRegistries may be set. - items: - type: string - type: array - containerRuntimeSearchRegistries: - description: |- - containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified - domains in their pull specs. Registries will be searched in the order provided in the list. - Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports. - format: hostname - items: - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - insecureRegistries: - description: insecureRegistries are registries which do - not have a valid TLS certificates or only support HTTP - connections. - items: - type: string - type: array - type: object - type: object - ingress: - description: |- - Ingress holds cluster-wide information about ingress, including the default ingress domain - used for routes. - properties: - appsDomain: - description: |- - appsDomain is an optional domain to use instead of the one specified - in the domain field when a Route is created without specifying an explicit - host. If appsDomain is nonempty, this value is used to generate default - host values for Route. Unlike domain, appsDomain may be modified after - installation. - This assumes a new ingresscontroller has been setup with a wildcard - certificate. - type: string - componentRoutes: - description: |- - componentRoutes is an optional list of routes that are managed by OpenShift components - that a cluster-admin is able to configure the hostname and serving certificate for. - The namespace and name of each route in this list should match an existing entry in the - status.componentRoutes list. - - - To determine the set of configurable Routes, look at namespace and name of entries in the - .status.componentRoutes list, where participating operators write the status of - configurable routes. - items: - description: ComponentRouteSpec allows for configuration - of a route's hostname and serving certificate. - properties: - hostname: - description: hostname is the hostname that should be - used by the route. - pattern: ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ - type: string - name: - description: |- - name is the logical name of the route to customize. - - - The namespace and name of this componentRoute must match a corresponding - entry in the list of status.componentRoutes if the route is to be customized. - maxLength: 256 - minLength: 1 - type: string - namespace: - description: |- - namespace is the namespace of the route to customize. - - - The namespace and name of this componentRoute must match a corresponding - entry in the list of status.componentRoutes if the route is to be customized. - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - servingCertKeyPairSecret: - description: |- - servingCertKeyPairSecret is a reference to a secret of type `kubernetes.io/tls` in the openshift-config namespace. - The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name. - If the custom hostname uses the default routing suffix of the cluster, - the Secret specification for a serving certificate will not be needed. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - required: - - hostname - - name - - namespace - type: object - type: array - x-kubernetes-list-map-keys: - - namespace - - name - x-kubernetes-list-type: map - domain: - description: |- - domain is used to generate a default host name for a route when the - route's host name is empty. The generated host name will follow this - pattern: "..". - - - It is also used as the default wildcard domain suffix for ingress. The - default ingresscontroller domain will follow this pattern: "*.". - - - Once set, changing domain is not currently supported. - type: string - loadBalancer: - description: |- - loadBalancer contains the load balancer details in general which are not only specific to the underlying infrastructure - provider of the current cluster and are required for Ingress Controller to work on OpenShift. - properties: - platform: - description: |- - platform holds configuration specific to the underlying - infrastructure provider for the ingress load balancers. - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - properties: - aws: - description: aws contains settings specific to the - Amazon Web Services infrastructure provider. - properties: - type: - description: |- - type allows user to set a load balancer type. - When this field is set the default ingresscontroller will get created using the specified LBType. - If this field is not set then the default ingress controller of LBType Classic will be created. - Valid values are: - - - * "Classic": A Classic Load Balancer that makes routing decisions at either - the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See - the following for additional details: - - - https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb - - - * "NLB": A Network Load Balancer that makes routing decisions at the - transport layer (TCP/SSL). See the following for additional details: - - - https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb - enum: - - NLB - - Classic - type: string - required: - - type - type: object - type: - description: |- - type is the underlying infrastructure provider for the cluster. - Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", - "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", - "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms, - and must handle unrecognized platforms as None if they do not support that platform. - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - type: object - type: object - requiredHSTSPolicies: - description: |- - requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created or updated routes - matching the domainPattern/s and namespaceSelector/s that are specified in the policy. - Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route - annotation, and affect route admission. - - - A candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation: - "haproxy.router.openshift.io/hsts_header" - E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains - - - - For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector, - then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted. Otherwise, the route - is rejected. - - The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies - determines the route's admission status. - - If the candidate route doesn't match any requiredHSTSPolicy domainPattern and optional namespaceSelector, - then it may use any HSTS Policy annotation. - - - The HSTS policy configuration may be changed after routes have already been created. An update to a previously - admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration. - However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working. - - - Note that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid. - items: - properties: - domainPatterns: - description: |- - domainPatterns is a list of domains for which the desired HSTS annotations are required. - If domainPatterns is specified and a route is created with a spec.host matching one of the domains, - the route must specify the HSTS Policy components described in the matching RequiredHSTSPolicy. - - - The use of wildcards is allowed like this: *.foo.com matches everything under foo.com. - foo.com only matches foo.com, so to cover foo.com and everything under it, you must specify *both*. - items: - type: string - minItems: 1 - type: array - includeSubDomainsPolicy: - description: |- - includeSubDomainsPolicy means the HSTS Policy should apply to any subdomains of the host's - domain name. Thus, for the host bar.foo.com, if includeSubDomainsPolicy was set to RequireIncludeSubDomains: - - the host app.bar.foo.com would inherit the HSTS Policy of bar.foo.com - - the host bar.foo.com would inherit the HSTS Policy of bar.foo.com - - the host foo.com would NOT inherit the HSTS Policy of bar.foo.com - - the host def.foo.com would NOT inherit the HSTS Policy of bar.foo.com - enum: - - RequireIncludeSubDomains - - RequireNoIncludeSubDomains - - NoOpinion - type: string - maxAge: - description: |- - maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts. - If set to 0, it negates the effect, and hosts are removed as HSTS hosts. - If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts. - maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS - policy will eventually expire on that client. - properties: - largestMaxAge: - description: |- - The largest allowed value (in seconds) of the RequiredHSTSPolicy max-age - This value can be left unspecified, in which case no upper limit is enforced. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - smallestMaxAge: - description: |- - The smallest allowed value (in seconds) of the RequiredHSTSPolicy max-age - Setting max-age=0 allows the deletion of an existing HSTS header from a host. This is a necessary - tool for administrators to quickly correct mistakes. - This value can be left unspecified, in which case no lower limit is enforced. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - type: object - namespaceSelector: - description: |- - namespaceSelector specifies a label selector such that the policy applies only to those routes that - are in namespaces with labels that match the selector, and are in one of the DomainPatterns. - Defaults to the empty LabelSelector, which matches everything. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - preloadPolicy: - description: |- - preloadPolicy directs the client to include hosts in its host preload list so that - it never needs to do an initial load to get the HSTS header (note that this is not defined - in RFC 6797 and is therefore client implementation-dependent). - enum: - - RequirePreload - - RequireNoPreload - - NoOpinion - type: string - required: - - domainPatterns - type: object - type: array - type: object - items: - description: |- - Items embeds the serialized configuration resources. - - - Deprecated - This field is deprecated and will be removed in a future release - items: - type: object - x-kubernetes-preserve-unknown-fields: true - type: array - x-kubernetes-preserve-unknown-fields: true - network: - description: |- - Network holds cluster-wide information about the network. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. - Please view network.spec for an explanation on what applies when configuring this resource. - TODO (csrwng): Add validation here to exclude changes that conflict with networking settings in the HostedCluster.Spec.Networking field. - properties: - clusterNetwork: - description: |- - IP address pool to use for pod IPs. - This field is immutable after installation. - items: - description: |- - ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs - are allocated. - properties: - cidr: - description: The complete block for pod IPs. - type: string - hostPrefix: - description: |- - The size (prefix) of block to allocate to each node. If this - field is not used by the plugin, it can be left unset. - format: int32 - minimum: 0 - type: integer - type: object - type: array - x-kubernetes-list-type: atomic - externalIP: - description: |- - externalIP defines configuration for controllers that - affect Service.ExternalIP. If nil, then ExternalIP is - not allowed to be set. - properties: - autoAssignCIDRs: - description: |- - autoAssignCIDRs is a list of CIDRs from which to automatically assign - Service.ExternalIP. These are assigned when the service is of type - LoadBalancer. In general, this is only useful for bare-metal clusters. - In Openshift 3.x, this was misleadingly called "IngressIPs". - Automatically assigned External IPs are not affected by any - ExternalIPPolicy rules. - Currently, only one entry may be provided. - items: - type: string - type: array - x-kubernetes-list-type: atomic - policy: - description: |- - policy is a set of restrictions applied to the ExternalIP field. - If nil or empty, then ExternalIP is not allowed to be set. - properties: - allowedCIDRs: - description: allowedCIDRs is the list of allowed CIDRs. - items: - type: string - type: array - x-kubernetes-list-type: atomic - rejectedCIDRs: - description: |- - rejectedCIDRs is the list of disallowed CIDRs. These take precedence - over allowedCIDRs. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - type: object - networkDiagnostics: - description: |- - networkDiagnostics defines network diagnostics configuration. - - - Takes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. - If networkDiagnostics is not specified or is empty, - and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true, - the network diagnostics feature will be disabled. - properties: - mode: - description: |- - mode controls the network diagnostics mode - - - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is All. - enum: - - "" - - All - - Disabled - type: string - sourcePlacement: - description: |- - sourcePlacement controls the scheduling of network diagnostics source deployment - - - See NetworkDiagnosticsSourcePlacement for more details about default values. - properties: - nodeSelector: - additionalProperties: - type: string - description: |- - nodeSelector is the node selector applied to network diagnostics components - - - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is `kubernetes.io/os: linux`. - type: object - tolerations: - description: |- - tolerations is a list of tolerations applied to network diagnostics components - - - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is an empty list. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - targetPlacement: - description: |- - targetPlacement controls the scheduling of network diagnostics target daemonset - - - See NetworkDiagnosticsTargetPlacement for more details about default values. - properties: - nodeSelector: - additionalProperties: - type: string - description: |- - nodeSelector is the node selector applied to network diagnostics components - - - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is `kubernetes.io/os: linux`. - type: object - tolerations: - description: |- - tolerations is a list of tolerations applied to network diagnostics components - - - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is `- operator: "Exists"` which means that all taints are tolerated. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - networkType: - description: |- - NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN). - This should match a value that the cluster-network-operator understands, - or else no networking will be installed. - Currently supported values are: - - OpenShiftSDN - This field is immutable after installation. - type: string - serviceNetwork: - description: |- - IP address pool for services. - Currently, we only support a single entry here. - This field is immutable after installation. - items: - type: string - type: array - x-kubernetes-list-type: atomic - serviceNodePortRange: - description: |- - The port range allowed for Services of type NodePort. - If not specified, the default of 30000-32767 will be used. - Such Services without a NodePort specified will have one - automatically allocated from this range. - This parameter can be updated after the cluster is - installed. - pattern: ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - type: object - oauth: - description: |- - OAuth holds cluster-wide information about OAuth. - It is used to configure the integrated OAuth server. - This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth. - properties: - identityProviders: - description: |- - identityProviders is an ordered list of ways for a user to identify themselves. - When this list is empty, no identities are provisioned for users. - items: - description: IdentityProvider provides identities for users - authenticating using credentials - properties: - basicAuth: - description: basicAuth contains configuration options - for the BasicAuth IdP - properties: - ca: - description: |- - ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - The key "ca.crt" is used to locate the data. - If specified and the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - If empty, the default system roots are used. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - tlsClientCert: - description: |- - tlsClientCert is an optional reference to a secret by name that contains the - PEM-encoded TLS client certificate to present when connecting to the server. - The key "tls.crt" is used to locate the data. - If specified and the secret or expected key is not found, the identity provider is not honored. - If the specified certificate data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - tlsClientKey: - description: |- - tlsClientKey is an optional reference to a secret by name that contains the - PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. - The key "tls.key" is used to locate the data. - If specified and the secret or expected key is not found, the identity provider is not honored. - If the specified certificate data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - url: - description: url is the remote URL to connect to - type: string - type: object - github: - description: github enables user authentication using - GitHub credentials - properties: - ca: - description: |- - ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - The key "ca.crt" is used to locate the data. - If specified and the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - If empty, the default system roots are used. - This can only be configured when hostname is set to a non-empty value. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: |- - clientSecret is a required reference to the secret by name containing the oauth client secret. - The key "clientSecret" is used to locate the data. - If the secret or expected key is not found, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - hostname: - description: |- - hostname is the optional domain (e.g. "mycompany.com") for use with a hosted instance of - GitHub Enterprise. - It must match the GitHub Enterprise settings value configured at /setup/settings#hostname. - type: string - organizations: - description: organizations optionally restricts - which organizations are allowed to log in - items: - type: string - type: array - teams: - description: teams optionally restricts which teams - are allowed to log in. Format is /. - items: - type: string - type: array - type: object - gitlab: - description: gitlab enables user authentication using - GitLab credentials - properties: - ca: - description: |- - ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - The key "ca.crt" is used to locate the data. - If specified and the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - If empty, the default system roots are used. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: |- - clientSecret is a required reference to the secret by name containing the oauth client secret. - The key "clientSecret" is used to locate the data. - If the secret or expected key is not found, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - url: - description: url is the oauth server base URL - type: string - type: object - google: - description: google enables user authentication using - Google credentials - properties: - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: |- - clientSecret is a required reference to the secret by name containing the oauth client secret. - The key "clientSecret" is used to locate the data. - If the secret or expected key is not found, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - hostedDomain: - description: hostedDomain is the optional Google - App domain (e.g. "mycompany.com") to restrict - logins to - type: string - type: object - htpasswd: - description: htpasswd enables user authentication using - an HTPasswd file to validate credentials - properties: - fileData: - description: |- - fileData is a required reference to a secret by name containing the data to use as the htpasswd file. - The key "htpasswd" is used to locate the data. - If the secret or expected key is not found, the identity provider is not honored. - If the specified htpasswd data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - type: object - keystone: - description: keystone enables user authentication using - keystone password credentials - properties: - ca: - description: |- - ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - The key "ca.crt" is used to locate the data. - If specified and the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - If empty, the default system roots are used. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - domainName: - description: domainName is required for keystone - v3 - type: string - tlsClientCert: - description: |- - tlsClientCert is an optional reference to a secret by name that contains the - PEM-encoded TLS client certificate to present when connecting to the server. - The key "tls.crt" is used to locate the data. - If specified and the secret or expected key is not found, the identity provider is not honored. - If the specified certificate data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - tlsClientKey: - description: |- - tlsClientKey is an optional reference to a secret by name that contains the - PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. - The key "tls.key" is used to locate the data. - If specified and the secret or expected key is not found, the identity provider is not honored. - If the specified certificate data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - url: - description: url is the remote URL to connect to - type: string - type: object - ldap: - description: ldap enables user authentication using - LDAP credentials - properties: - attributes: - description: attributes maps LDAP attributes to - identities - properties: - email: - description: |- - email is the list of attributes whose values should be used as the email address. Optional. - If unspecified, no email is set for the identity - items: - type: string - type: array - id: - description: |- - id is the list of attributes whose values should be used as the user ID. Required. - First non-empty attribute is used. At least one attribute is required. If none of the listed - attribute have a value, authentication fails. - LDAP standard identity attribute is "dn" - items: - type: string - type: array - name: - description: |- - name is the list of attributes whose values should be used as the display name. Optional. - If unspecified, no display name is set for the identity - LDAP standard display name attribute is "cn" - items: - type: string - type: array - preferredUsername: - description: |- - preferredUsername is the list of attributes whose values should be used as the preferred username. - LDAP standard login attribute is "uid" - items: - type: string - type: array - type: object - bindDN: - description: bindDN is an optional DN to bind with - during the search phase. - type: string - bindPassword: - description: |- - bindPassword is an optional reference to a secret by name - containing a password to bind with during the search phase. - The key "bindPassword" is used to locate the data. - If specified and the secret or expected key is not found, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - ca: - description: |- - ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - The key "ca.crt" is used to locate the data. - If specified and the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - If empty, the default system roots are used. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - insecure: - description: |- - insecure, if true, indicates the connection should not use TLS - WARNING: Should not be set to `true` with the URL scheme "ldaps://" as "ldaps://" URLs always - attempt to connect using TLS, even when `insecure` is set to `true` - When `true`, "ldap://" URLS connect insecurely. When `false`, "ldap://" URLs are upgraded to - a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830. - type: boolean - url: - description: |- - url is an RFC 2255 URL which specifies the LDAP search parameters to use. - The syntax of the URL is: - ldap://host:port/basedn?attribute?scope?filter - type: string - type: object - mappingMethod: - description: |- - mappingMethod determines how identities from this provider are mapped to users - Defaults to "claim" - type: string - name: - description: |- - name is used to qualify the identities returned by this provider. - - It MUST be unique and not shared by any other identity provider used - - It MUST be a valid path segment: name cannot equal "." or ".." or contain "/" or "%" or ":" - Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName - type: string - openID: - description: openID enables user authentication using - OpenID credentials - properties: - ca: - description: |- - ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - The key "ca.crt" is used to locate the data. - If specified and the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - If empty, the default system roots are used. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - claims: - description: claims mappings - properties: - email: - description: |- - email is the list of claims whose values should be used as the email address. Optional. - If unspecified, no email is set for the identity - items: - type: string - type: array - x-kubernetes-list-type: atomic - groups: - description: |- - groups is the list of claims value of which should be used to synchronize groups - from the OIDC provider to OpenShift for the user. - If multiple claims are specified, the first one with a non-empty value is used. - items: - description: |- - OpenIDClaim represents a claim retrieved from an OpenID provider's tokens or userInfo - responses - minLength: 1 - type: string - type: array - x-kubernetes-list-type: atomic - name: - description: |- - name is the list of claims whose values should be used as the display name. Optional. - If unspecified, no display name is set for the identity - items: - type: string - type: array - x-kubernetes-list-type: atomic - preferredUsername: - description: |- - preferredUsername is the list of claims whose values should be used as the preferred username. - If unspecified, the preferred username is determined from the value of the sub claim - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: |- - clientSecret is a required reference to the secret by name containing the oauth client secret. - The key "clientSecret" is used to locate the data. - If the secret or expected key is not found, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - extraAuthorizeParameters: - additionalProperties: - type: string - description: extraAuthorizeParameters are any custom - parameters to add to the authorize request. - type: object - extraScopes: - description: extraScopes are any scopes to request - in addition to the standard "openid" scope. - items: - type: string - type: array - issuer: - description: |- - issuer is the URL that the OpenID Provider asserts as its Issuer Identifier. - It must use the https scheme with no query or fragment component. - type: string - type: object - requestHeader: - description: requestHeader enables user authentication - using request header credentials - properties: - ca: - description: |- - ca is a required reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - Specifically, it allows verification of incoming requests to prevent header spoofing. - The key "ca.crt" is used to locate the data. - If the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - challengeURL: - description: |- - challengeURL is a URL to redirect unauthenticated /authorize requests to - Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be - redirected here. - ${url} is replaced with the current URL, escaped to be safe in a query parameter - https://www.example.com/sso-login?then=${url} - ${query} is replaced with the current query string - https://www.example.com/auth-proxy/oauth/authorize?${query} - Required when challenge is set to true. - type: string - clientCommonNames: - description: |- - clientCommonNames is an optional list of common names to require a match from. If empty, any - client certificate validated against the clientCA bundle is considered authoritative. - items: - type: string - type: array - emailHeaders: - description: emailHeaders is the set of headers - to check for the email address - items: - type: string - type: array - headers: - description: headers is the set of headers to check - for identity information - items: - type: string - type: array - loginURL: - description: |- - loginURL is a URL to redirect unauthenticated /authorize requests to - Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here - ${url} is replaced with the current URL, escaped to be safe in a query parameter - https://www.example.com/sso-login?then=${url} - ${query} is replaced with the current query string - https://www.example.com/auth-proxy/oauth/authorize?${query} - Required when login is set to true. - type: string - nameHeaders: - description: nameHeaders is the set of headers to - check for the display name - items: - type: string - type: array - preferredUsernameHeaders: - description: preferredUsernameHeaders is the set - of headers to check for the preferred username - items: - type: string - type: array - type: object - type: - description: type identifies the identity provider type - for this entry. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - templates: - description: templates allow you to customize pages like the - login page. - properties: - error: - description: |- - error is the name of a secret that specifies a go template to use to render error pages - during the authentication or grant flow. - The key "errors.html" is used to locate the template data. - If specified and the secret or expected key is not found, the default error page is used. - If the specified template is not valid, the default error page is used. - If unspecified, the default error page is used. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - login: - description: |- - login is the name of a secret that specifies a go template to use to render the login page. - The key "login.html" is used to locate the template data. - If specified and the secret or expected key is not found, the default login page is used. - If the specified template is not valid, the default login page is used. - If unspecified, the default login page is used. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - providerSelection: - description: |- - providerSelection is the name of a secret that specifies a go template to use to render - the provider selection page. - The key "providers.html" is used to locate the template data. - If specified and the secret or expected key is not found, the default provider selection page is used. - If the specified template is not valid, the default provider selection page is used. - If unspecified, the default provider selection page is used. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - tokenConfig: - description: tokenConfig contains options for authorization - and access tokens - properties: - accessTokenInactivityTimeout: - description: |- - accessTokenInactivityTimeout defines the token inactivity timeout - for tokens granted by any client. - The value represents the maximum amount of time that can occur between - consecutive uses of the token. Tokens become invalid if they are not - used within this temporal window. The user will need to acquire a new - token to regain access once a token times out. Takes valid time - duration string such as "5m", "1.5h" or "2h45m". The minimum allowed - value for duration is 300s (5 minutes). If the timeout is configured - per client, then that value takes precedence. If the timeout value is - not specified and the client does not override the value, then tokens - are valid until their lifetime. - - - WARNING: existing tokens' timeout will not be affected (lowered) by changing this value - type: string - accessTokenInactivityTimeoutSeconds: - description: 'accessTokenInactivityTimeoutSeconds - DEPRECATED: - setting this field has no effect.' - format: int32 - type: integer - accessTokenMaxAgeSeconds: - description: accessTokenMaxAgeSeconds defines the maximum - age of access tokens - format: int32 - type: integer - type: object - type: object - operatorhub: - description: |- - OperatorHub specifies the configuration for the Operator Lifecycle Manager in the HostedCluster. This is only configured at deployment time but the controller are not reconcilling over it. - The OperatorHub configuration will be constantly reconciled if catalog placement is management, but only on cluster creation otherwise. - properties: - disableAllDefaultSources: - description: |- - disableAllDefaultSources allows you to disable all the default hub - sources. If this is true, a specific entry in sources can be used to - enable a default source. If this is false, a specific entry in - sources can be used to disable or enable a default source. - type: boolean - sources: - description: |- - sources is the list of default hub sources and their configuration. - If the list is empty, it implies that the default hub sources are - enabled on the cluster unless disableAllDefaultSources is true. - If disableAllDefaultSources is true and sources is not empty, - the configuration present in sources will take precedence. The list of - default hub sources and their current state will always be reflected in - the status block. - items: - description: HubSource is used to specify the hub source - and its configuration - properties: - disabled: - description: disabled is used to disable a default hub - source on cluster - type: boolean - name: - description: name is the name of one of the default - hub sources - maxLength: 253 - minLength: 1 - type: string - type: object - type: array - type: object - proxy: - description: Proxy holds cluster-wide information on how to configure - default proxies for the cluster. - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. Empty - means unset and will not result in an env var. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS - requests. Empty means unset and will not result in an env - var. - type: string - noProxy: - description: |- - noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. - Empty means unset and will not result in an env var. - type: string - readinessEndpoints: - description: readinessEndpoints is a list of endpoints used - to verify readiness of the proxy. - items: - type: string - type: array - trustedCA: - description: |- - trustedCA is a reference to a ConfigMap containing a CA certificate bundle. - The trustedCA field should only be consumed by a proxy validator. The - validator is responsible for reading the certificate bundle from the required - key "ca-bundle.crt", merging it with the system default trust bundle, - and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle" - in the "openshift-config-managed" namespace. Clients that expect to make - proxy connections must use the trusted-ca-bundle for all HTTPS requests to - the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as - well. - - - The namespace for the ConfigMap referenced by trustedCA is - "openshift-config". Here is an example ConfigMap (in yaml): - - - apiVersion: v1 - kind: ConfigMap - metadata: - name: user-ca-bundle - namespace: openshift-config - data: - ca-bundle.crt: | - -----BEGIN CERTIFICATE----- - Custom CA certificate bundle. - -----END CERTIFICATE----- - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - type: object - scheduler: - description: |- - Scheduler holds cluster-wide config information to run the Kubernetes Scheduler - and influence its placement decisions. The canonical name for this config is `cluster`. - properties: - defaultNodeSelector: - description: |- - defaultNodeSelector helps set the cluster-wide default node selector to - restrict pod placement to specific nodes. This is applied to the pods - created in all namespaces and creates an intersection with any existing - nodeSelectors already set on a pod, additionally constraining that pod's selector. - For example, - defaultNodeSelector: "type=user-node,region=east" would set nodeSelector - field in pod spec to "type=user-node,region=east" to all pods created - in all namespaces. Namespaces having project-wide node selectors won't be - impacted even if this field is set. This adds an annotation section to - the namespace. - For example, if a new namespace is created with - node-selector='type=user-node,region=east', - the annotation openshift.io/node-selector: type=user-node,region=east - gets added to the project. When the openshift.io/node-selector annotation - is set on the project the value is used in preference to the value we are setting - for defaultNodeSelector field. - For instance, - openshift.io/node-selector: "type=user-node,region=west" means - that the default of "type=user-node,region=east" set in defaultNodeSelector - would not be applied. - type: string - mastersSchedulable: - description: |- - MastersSchedulable allows masters nodes to be schedulable. When this flag is - turned on, all the master nodes in the cluster will be made schedulable, - so that workload pods can run on them. The default value for this field is false, - meaning none of the master nodes are schedulable. - Important Note: Once the workload pods start running on the master nodes, - extreme care must be taken to ensure that cluster-critical control plane components - are not impacted. - Please turn on this field after doing due diligence. - type: boolean - policy: - description: |- - DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. - policy is a reference to a ConfigMap containing scheduler policy which has - user specified predicates and priorities. If this ConfigMap is not available - scheduler will default to use DefaultAlgorithmProvider. - The namespace for this configmap is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - profile: - description: |- - profile sets which scheduling profile should be set in order to configure scheduling - decisions for new pods. - - - Valid values are "LowNodeUtilization", "HighNodeUtilization", "NoScoring" - Defaults to "LowNodeUtilization" - enum: - - "" - - LowNodeUtilization - - HighNodeUtilization - - NoScoring - type: string - profileCustomizations: - description: profileCustomizations contains configuration - for modifying the default behavior of existing scheduler - profiles. - properties: - dynamicResourceAllocation: - description: |- - dynamicResourceAllocation allows to enable or disable dynamic resource allocation within the scheduler. - Dynamic resource allocation is an API for requesting and sharing resources between pods and containers inside a pod. - Third-party resource drivers are responsible for tracking and allocating resources. - Different kinds of resources support arbitrary parameters for defining requirements and initialization. - Valid values are Enabled, Disabled and omitted. - When omitted, this means no opinion and the platform is left to choose a reasonable default, - which is subject to change over time. - The current default is Disabled. - enum: - - "" - - Enabled - - Disabled - type: string - type: object - type: object - secretRefs: - description: |- - SecretRefs holds references to any secrets referenced by configuration - entries. Entries can reference the secrets using local object references. - - - Deprecated - This field is deprecated and will be removed in a future release - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - type: array - type: object - controlPlaneReleaseImage: - description: |- - ControlPlaneReleaseImage specifies the desired OCP release payload for - control plane components running on the management cluster. - If not defined, ReleaseImage is used - type: string - controllerAvailabilityPolicy: - default: SingleReplica - description: |- - ControllerAvailabilityPolicy specifies the availability policy applied to - critical control plane components. The default value is SingleReplica. - type: string - x-kubernetes-validations: - - message: ControllerAvailabilityPolicy is immutable - rule: self == oldSelf - dns: - description: DNSSpec specifies the DNS configuration in the cluster. - properties: - baseDomain: - description: BaseDomain is the base domain of the cluster. - type: string - baseDomainPrefix: - description: |- - BaseDomainPrefix is the base domain prefix of the cluster. - defaults to clusterName if not set - type: string - privateZoneID: - description: |- - PrivateZoneID is the Hosted Zone ID where all the DNS records that are only - available internally to the cluster exist. - type: string - publicZoneID: - description: |- - PublicZoneID is the Hosted Zone ID where all the DNS records that are - publicly accessible to the internet exist. - type: string - required: - - baseDomain - type: object - etcd: - description: |- - Etcd contains metadata about the etcd cluster the hypershift managed Openshift control plane components - use to store data. - properties: - managed: - description: Managed specifies the behavior of an etcd cluster - managed by HyperShift. - properties: - storage: - description: Storage specifies how etcd data is persisted. - properties: - persistentVolume: - description: |- - PersistentVolume is the configuration for PersistentVolume etcd storage. - With this implementation, a PersistentVolume will be allocated for every - etcd member (either 1 or 3 depending on the HostedCluster control plane - availability configuration). - properties: - size: - anyOf: - - type: integer - - type: string - default: 8Gi - description: Size is the minimum size of the data - volume for each etcd member. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - x-kubernetes-validations: - - message: Etcd PV storage size is immutable - rule: self == oldSelf - storageClassName: - description: |- - StorageClassName is the StorageClass of the data volume for each etcd member. - - - See https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1. - type: string - type: object - restoreSnapshotURL: - description: |- - RestoreSnapshotURL allows an optional URL to be provided where - an etcd snapshot can be downloaded, for example a pre-signed URL - referencing a storage service. - This snapshot will be restored on initial startup, only when the etcd PV - is empty. - items: - type: string - type: array - x-kubernetes-validations: - - message: RestoreSnapshotURL shouldn't contain more than - 1 entry - rule: self.size() <= 1 - type: - description: Type is the kind of persistent storage implementation - to use for etcd. - enum: - - PersistentVolume - type: string - required: - - type - type: object - required: - - storage - type: object - managementType: - description: ManagementType defines how the etcd cluster is managed. - enum: - - Managed - - Unmanaged - type: string - unmanaged: - description: |- - Unmanaged specifies configuration which enables the control plane to - integrate with an eternally managed etcd cluster. - properties: - endpoint: - description: |- - Endpoint is the full etcd cluster client endpoint URL. For example: - - - https://etcd-client:2379 - - - If the URL uses an HTTPS scheme, the TLS field is required. - pattern: ^https:// - type: string - tls: - description: TLS specifies TLS configuration for HTTPS etcd - client endpoints. - properties: - clientSecret: - description: |- - ClientSecret refers to a secret for client mTLS authentication with the etcd cluster. It - may have the following key/value pairs: - - - etcd-client-ca.crt: Certificate Authority value - etcd-client.crt: Client certificate value - etcd-client.key: Client certificate key value - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - required: - - clientSecret - type: object - required: - - endpoint - - tls - type: object - required: - - managementType - type: object - fips: - description: FIPS specifies if the nodes for the cluster will be running - in FIPS mode - type: boolean - imageContentSources: - description: ImageContentSources lists sources/repositories for the - release-image content. - items: - description: |- - ImageContentSource specifies image mirrors that can be used by cluster nodes - to pull content. For cluster workloads, if a container image registry host of - the pullspec matches Source then one of the Mirrors are substituted as hosts - in the pullspec and tried in order to fetch the image. - properties: - mirrors: - description: Mirrors are one or more repositories that may also - contain the same images. - items: - type: string - type: array - source: - description: |- - Source is the repository that users refer to, e.g. in image pull - specifications. - type: string - required: - - source - type: object - type: array - infraID: - type: string - infrastructureAvailabilityPolicy: - default: SingleReplica - description: |- - InfrastructureAvailabilityPolicy specifies the availability policy applied - to infrastructure services which run on cluster nodes. The default value is - SingleReplica. - type: string - issuerURL: - description: |- - IssuerURL is an OIDC issuer URL which is used as the issuer in all - ServiceAccount tokens generated by the control plane API server. The - default value is kubernetes.default.svc, which only works for in-cluster - validation. - type: string - kubeconfig: - description: KubeConfig specifies the name and key for the kubeconfig - secret - properties: - key: - type: string - name: - type: string - required: - - key - - name - type: object - machineCIDR: - description: |- - deprecated - use networking.MachineNetwork - type: string - networkType: - description: |- - deprecated - use networking.NetworkType - NetworkType specifies the SDN provider used for cluster networking. - enum: - - OpenShiftSDN - - Calico - - OVNKubernetes - - Other - type: string - networking: - description: |- - Networking specifies network configuration for the cluster. - Temporarily optional for backward compatibility, required in future releases. - properties: - apiServer: - description: |- - APIServer contains advanced network settings for the API server that affect - how the APIServer is exposed inside a cluster node. - properties: - advertiseAddress: - description: |- - AdvertiseAddress is the address that nodes will use to talk to the API - server. This is an address associated with the loopback adapter of each - node. If not specified, 172.20.0.1 is used. - type: string - allowedCIDRBlocks: - description: |- - AllowedCIDRBlocks is an allow list of CIDR blocks that can access the APIServer - If not specified, traffic is allowed from all addresses. - This depends on underlying support by the cloud provider for Service LoadBalancerSourceRanges - items: - pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$ - type: string - type: array - port: - description: |- - Port is the port at which the APIServer is exposed inside a node. Other - pods using host networking cannot listen on this port. If not specified, - 6443 is used. - format: int32 - type: integer - type: object - clusterNetwork: - default: - - cidr: 10.132.0.0/14 - description: |- - ClusterNetwork is the list of IP address pools for pods. - TODO: make this required in the next version of the API - items: - description: |- - ClusterNetworkEntry is a single IP address block for pod IP blocks. IP blocks - are allocated with size 2^HostSubnetLength. - properties: - cidr: - description: CIDR is the IP block address pool. - type: string - hostPrefix: - description: |- - HostPrefix is the prefix size to allocate to each node from the CIDR. - For example, 24 would allocate 2^8=256 adresses to each node. If this - field is not used by the plugin, it can be left unset. - format: int32 - type: integer - required: - - cidr - type: object - type: array - machineCIDR: - description: |- - Deprecated - This field will be removed in the next API release. - Use MachineNetwork instead - format: cidr - type: string - machineNetwork: - description: |- - MachineNetwork is the list of IP address pools for machines. - TODO: make this required in the next version of the API - items: - description: MachineNetworkEntry is a single IP address block - for node IP blocks. - properties: - cidr: - description: CIDR is the IP block address pool for machines - within the cluster. - type: string - required: - - cidr - type: object - type: array - networkType: - default: OVNKubernetes - description: NetworkType specifies the SDN provider used for cluster - networking. - enum: - - OpenShiftSDN - - Calico - - OVNKubernetes - - Other - type: string - podCIDR: - description: |- - Deprecated - This field will be removed in the next API release. - Use ClusterNetwork instead - format: cidr - type: string - serviceCIDR: - description: |- - Deprecated - This field will be removed in the next API release. - Use ServiceNetwork instead - format: cidr - type: string - serviceNetwork: - default: - - cidr: 172.31.0.0/16 - description: |- - ServiceNetwork is the list of IP address pools for services. - NOTE: currently only one entry is supported. - TODO: make this required in the next version of the API - items: - description: ServiceNetworkEntry is a single IP address block - for the service network. - properties: - cidr: - description: CIDR is the IP block address pool for services - within the cluster. - type: string - required: - - cidr - type: object - type: array - required: - - networkType - type: object - nodeSelector: - additionalProperties: - type: string - description: NodeSelector when specified, must be true for the pods - managed by the HostedCluster to be scheduled. - type: object - olmCatalogPlacement: - default: management - description: |- - OLMCatalogPlacement specifies the placement of OLM catalog components. By default, - this is set to management and OLM catalog components are deployed onto the management - cluster. If set to guest, the OLM catalog components will be deployed onto the guest - cluster. - enum: - - management - - guest - type: string - pausedUntil: - description: |- - PausedUntil is a field that can be used to pause reconciliation on a resource. - Either a date can be provided in RFC3339 format or a boolean. If a date is - provided: reconciliation is paused on the resource until that date. If the boolean true is - provided: reconciliation is paused on the resource until the field is removed. - type: string - platform: - description: |- - PlatformSpec specifies the underlying infrastructure provider for the cluster - and is used to configure platform specific behavior. - properties: - agent: - description: Agent specifies configuration for agent-based installations. - properties: - agentNamespace: - description: AgentNamespace is the namespace where to search - for Agents for this cluster - type: string - required: - - agentNamespace - type: object - aws: - description: AWS specifies configuration for clusters running - on Amazon Web Services. - properties: - additionalAllowedPrincipals: - description: |- - AdditionalAllowedPrincipals specifies a list of additional allowed principal ARNs - to be added to the hosted control plane's VPC Endpoint Service to enable additional - VPC Endpoint connection requests to be automatically accepted. - See https://docs.aws.amazon.com/vpc/latest/privatelink/configure-endpoint-service.html - for more details around VPC Endpoint Service allowed principals. - items: - type: string - type: array - cloudProviderConfig: - description: |- - CloudProviderConfig specifies AWS networking configuration for the control - plane. - This is mainly used for cloud provider controller config: - https://github.com/kubernetes/kubernetes/blob/f5be5052e3d0808abb904aebd3218fe4a5c2dd82/staging/src/k8s.io/legacy-cloud-providers/aws/aws.go#L1347-L1364 - TODO(dan): should this be named AWSNetworkConfig? - properties: - subnet: - description: Subnet is the subnet to use for control plane - cloud resources. - properties: - filters: - description: |- - Filters is a set of key/value pairs used to identify a resource - They are applied according to the rules defined by the AWS API: - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html - items: - description: Filter is a filter used to identify - an AWS resource - properties: - name: - description: Name of the filter. Filter names - are case-sensitive. - type: string - values: - description: Values includes one or more filter - values. Filter values are case-sensitive. - items: - type: string - type: array - required: - - name - - values - type: object - type: array - id: - description: ID of resource - type: string - type: object - vpc: - description: VPC is the VPC to use for control plane cloud - resources. - type: string - zone: - description: |- - Zone is the availability zone where control plane cloud resources are - created. - type: string - required: - - vpc - type: object - controlPlaneOperatorCreds: - description: |- - Deprecated - This field will be removed in the next API release. - Use RolesRef instead. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - endpointAccess: - default: Public - description: |- - EndpointAccess specifies the publishing scope of cluster endpoints. The - default is Public. - enum: - - Public - - PublicAndPrivate - - Private - type: string - kubeCloudControllerCreds: - description: |- - Deprecated - This field will be removed in the next API release. - Use RolesRef instead. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - multiArch: - default: false - description: |- - MultiArch specifies whether the Hosted Cluster will be expected to support NodePools with different - CPU architectures, i.e., supporting arm64 NodePools and supporting amd64 NodePools on the same Hosted Cluster. - type: boolean - nodePoolManagementCreds: - description: |- - Deprecated - This field will be removed in the next API release. - Use RolesRef instead. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - region: - description: |- - Region is the AWS region in which the cluster resides. This configures the - OCP control plane cloud integrations, and is used by NodePool to resolve - the correct boot AMI for a given release. - type: string - resourceTags: - description: |- - ResourceTags is a list of additional tags to apply to AWS resources created - for the cluster. See - https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for - information on tagging AWS resources. AWS supports a maximum of 50 tags per - resource. OpenShift reserves 25 tags for its use, leaving 25 tags available - for the user. - items: - description: AWSResourceTag is a tag to apply to AWS resources - created for the cluster. - properties: - key: - description: Key is the key of the tag. - maxLength: 128 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - value: - description: |- - Value is the value of the tag. - - - Some AWS service do not support empty values. Since tags are added to - resources in many services, the length of the tag value must meet the - requirements of all services. - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - required: - - key - - value - type: object - maxItems: 25 - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - roles: - description: |- - Deprecated - This field will be removed in the next API release. - Use RolesRef instead. - items: - properties: - arn: - type: string - name: - type: string - namespace: - type: string - required: - - arn - - name - - namespace - type: object - type: array - rolesRef: - description: |- - RolesRef contains references to various AWS IAM roles required to enable - integrations such as OIDC. - properties: - controlPlaneOperatorARN: - description: "ControlPlaneOperatorARN is an ARN value - referencing a role appropriate for the Control Plane - Operator.\n\n\nThe following is an example of a valid - policy document:\n\n\n{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": - [\n\t\t{\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Action\": - [\n\t\t\t\t\"ec2:CreateVpcEndpoint\",\n\t\t\t\t\"ec2:DescribeVpcEndpoints\",\n\t\t\t\t\"ec2:ModifyVpcEndpoint\",\n\t\t\t\t\"ec2:DeleteVpcEndpoints\",\n\t\t\t\t\"ec2:CreateTags\",\n\t\t\t\t\"route53:ListHostedZones\"\n\t\t\t],\n\t\t\t\"Resource\": - \"*\"\n\t\t},\n\t\t{\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Action\": - [\n\t\t\t\t\"route53:ChangeResourceRecordSets\",\n\t\t\t\t\"route53:ListResourceRecordSets\"\n\t\t\t],\n\t\t\t\"Resource\": - \"arn:aws:route53:::%s\"\n\t\t}\n\t]\n}" - type: string - imageRegistryARN: - description: "ImageRegistryARN is an ARN value referencing - a role appropriate for the Image Registry Operator.\n\n\nThe - following is an example of a valid policy document:\n\n\n{\n\t\"Version\": - \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Effect\": - \"Allow\",\n\t\t\t\"Action\": [\n\t\t\t\t\"s3:CreateBucket\",\n\t\t\t\t\"s3:DeleteBucket\",\n\t\t\t\t\"s3:PutBucketTagging\",\n\t\t\t\t\"s3:GetBucketTagging\",\n\t\t\t\t\"s3:PutBucketPublicAccessBlock\",\n\t\t\t\t\"s3:GetBucketPublicAccessBlock\",\n\t\t\t\t\"s3:PutEncryptionConfiguration\",\n\t\t\t\t\"s3:GetEncryptionConfiguration\",\n\t\t\t\t\"s3:PutLifecycleConfiguration\",\n\t\t\t\t\"s3:GetLifecycleConfiguration\",\n\t\t\t\t\"s3:GetBucketLocation\",\n\t\t\t\t\"s3:ListBucket\",\n\t\t\t\t\"s3:GetObject\",\n\t\t\t\t\"s3:PutObject\",\n\t\t\t\t\"s3:DeleteObject\",\n\t\t\t\t\"s3:ListBucketMultipartUploads\",\n\t\t\t\t\"s3:AbortMultipartUpload\",\n\t\t\t\t\"s3:ListMultipartUploadParts\"\n\t\t\t],\n\t\t\t\"Resource\": - \"*\"\n\t\t}\n\t]\n}" - type: string - ingressARN: - description: "The referenced role must have a trust relationship - that allows it to be assumed via web identity.\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html.\nExample:\n{\n\t\t\"Version\": - \"2012-10-17\",\n\t\t\"Statement\": [\n\t\t\t{\n\t\t\t\t\"Effect\": - \"Allow\",\n\t\t\t\t\"Principal\": {\n\t\t\t\t\t\"Federated\": - \"{{ .ProviderARN }}\"\n\t\t\t\t},\n\t\t\t\t\t\"Action\": - \"sts:AssumeRoleWithWebIdentity\",\n\t\t\t\t\"Condition\": - {\n\t\t\t\t\t\"StringEquals\": {\n\t\t\t\t\t\t\"{{ .ProviderName - }}:sub\": {{ .ServiceAccounts }}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t]\n\t}\n\n\nIngressARN - is an ARN value referencing a role appropriate for the - Ingress Operator.\n\n\nThe following is an example of - a valid policy document:\n\n\n{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": - [\n\t\t{\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Action\": - [\n\t\t\t\t\"elasticloadbalancing:DescribeLoadBalancers\",\n\t\t\t\t\"tag:GetResources\",\n\t\t\t\t\"route53:ListHostedZones\"\n\t\t\t],\n\t\t\t\"Resource\": - \"*\"\n\t\t},\n\t\t{\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Action\": - [\n\t\t\t\t\"route53:ChangeResourceRecordSets\"\n\t\t\t],\n\t\t\t\"Resource\": - [\n\t\t\t\t\"arn:aws:route53:::PUBLIC_ZONE_ID\",\n\t\t\t\t\"arn:aws:route53:::PRIVATE_ZONE_ID\"\n\t\t\t]\n\t\t}\n\t]\n}" - type: string - kubeCloudControllerARN: - description: |- - KubeCloudControllerARN is an ARN value referencing a role appropriate for the KCM/KCC. - - - The following is an example of a valid policy document: - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeImages", - "ec2:DescribeRegions", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVolumes", - "ec2:CreateSecurityGroup", - "ec2:CreateTags", - "ec2:CreateVolume", - "ec2:ModifyInstanceAttribute", - "ec2:ModifyVolume", - "ec2:AttachVolume", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateRoute", - "ec2:DeleteRoute", - "ec2:DeleteSecurityGroup", - "ec2:DeleteVolume", - "ec2:DetachVolume", - "ec2:RevokeSecurityGroupIngress", - "ec2:DescribeVpcs", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:AttachLoadBalancerToSubnets", - "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", - "elasticloadbalancing:CreateLoadBalancer", - "elasticloadbalancing:CreateLoadBalancerPolicy", - "elasticloadbalancing:CreateLoadBalancerListeners", - "elasticloadbalancing:ConfigureHealthCheck", - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:DeleteLoadBalancerListeners", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DetachLoadBalancerFromSubnets", - "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", - "elasticloadbalancing:ModifyLoadBalancerAttributes", - "elasticloadbalancing:RegisterInstancesWithLoadBalancer", - "elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:CreateTargetGroup", - "elasticloadbalancing:DeleteListener", - "elasticloadbalancing:DeleteTargetGroup", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "elasticloadbalancing:ModifyListener", - "elasticloadbalancing:ModifyTargetGroup", - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:SetLoadBalancerPoliciesOfListener", - "iam:CreateServiceLinkedRole", - "kms:DescribeKey" - ], - "Resource": [ - "*" - ], - "Effect": "Allow" - } - ] - } - type: string - networkARN: - description: "NetworkARN is an ARN value referencing a - role appropriate for the Network Operator.\n\n\nThe - following is an example of a valid policy document:\n\n\n{\n\t\"Version\": - \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Effect\": - \"Allow\",\n\t\t\t\"Action\": [\n\t\t\t\t\"ec2:DescribeInstances\",\n - \ \"ec2:DescribeInstanceStatus\",\n \"ec2:DescribeInstanceTypes\",\n - \ \"ec2:UnassignPrivateIpAddresses\",\n \"ec2:AssignPrivateIpAddresses\",\n - \ \"ec2:UnassignIpv6Addresses\",\n \"ec2:AssignIpv6Addresses\",\n - \ \"ec2:DescribeSubnets\",\n \"ec2:DescribeNetworkInterfaces\"\n\t\t\t],\n\t\t\t\"Resource\": - \"*\"\n\t\t}\n\t]\n}" - type: string - nodePoolManagementARN: - description: "NodePoolManagementARN is an ARN value referencing - a role appropriate for the CAPI Controller.\n\n\nThe - following is an example of a valid policy document:\n\n\n{\n - \ \"Version\": \"2012-10-17\",\n \"Statement\": [\n - \ {\n \"Action\": [\n \"ec2:AllocateAddress\",\n - \ \"ec2:AssociateRouteTable\",\n \"ec2:AttachInternetGateway\",\n - \ \"ec2:AuthorizeSecurityGroupIngress\",\n \"ec2:CreateInternetGateway\",\n - \ \"ec2:CreateNatGateway\",\n \"ec2:CreateRoute\",\n - \ \"ec2:CreateRouteTable\",\n \"ec2:CreateSecurityGroup\",\n - \ \"ec2:CreateSubnet\",\n \"ec2:CreateTags\",\n - \ \"ec2:DeleteInternetGateway\",\n \"ec2:DeleteNatGateway\",\n - \ \"ec2:DeleteRouteTable\",\n \"ec2:DeleteSecurityGroup\",\n - \ \"ec2:DeleteSubnet\",\n \"ec2:DeleteTags\",\n - \ \"ec2:DescribeAccountAttributes\",\n \"ec2:DescribeAddresses\",\n - \ \"ec2:DescribeAvailabilityZones\",\n \"ec2:DescribeImages\",\n - \ \"ec2:DescribeInstances\",\n \"ec2:DescribeInternetGateways\",\n - \ \"ec2:DescribeNatGateways\",\n \"ec2:DescribeNetworkInterfaces\",\n - \ \"ec2:DescribeNetworkInterfaceAttribute\",\n - \ \"ec2:DescribeRouteTables\",\n \"ec2:DescribeSecurityGroups\",\n - \ \"ec2:DescribeSubnets\",\n \"ec2:DescribeVpcs\",\n - \ \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeVolumes\",\n - \ \"ec2:DetachInternetGateway\",\n \"ec2:DisassociateRouteTable\",\n - \ \"ec2:DisassociateAddress\",\n \"ec2:ModifyInstanceAttribute\",\n - \ \"ec2:ModifyNetworkInterfaceAttribute\",\n \"ec2:ModifySubnetAttribute\",\n - \ \"ec2:ReleaseAddress\",\n \"ec2:RevokeSecurityGroupIngress\",\n - \ \"ec2:RunInstances\",\n \"ec2:TerminateInstances\",\n - \ \"tag:GetResources\",\n \"ec2:CreateLaunchTemplate\",\n - \ \"ec2:CreateLaunchTemplateVersion\",\n \"ec2:DescribeLaunchTemplates\",\n - \ \"ec2:DescribeLaunchTemplateVersions\",\n \"ec2:DeleteLaunchTemplate\",\n - \ \"ec2:DeleteLaunchTemplateVersions\"\n ],\n - \ \"Resource\": [\n \"*\"\n ],\n \"Effect\": - \"Allow\"\n },\n {\n \"Condition\": {\n \"StringLike\": - {\n \"iam:AWSServiceName\": \"elasticloadbalancing.amazonaws.com\"\n - \ }\n },\n \"Action\": [\n \"iam:CreateServiceLinkedRole\"\n - \ ],\n \"Resource\": [\n \"arn:*:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing\"\n - \ ],\n \"Effect\": \"Allow\"\n },\n {\n \"Action\": - [\n \"iam:PassRole\"\n ],\n \"Resource\": - [\n \"arn:*:iam::*:role/*-worker-role\"\n ],\n - \ \"Effect\": \"Allow\"\n },\n\t {\n\t \t\"Effect\": - \"Allow\",\n\t \t\"Action\": [\n\t \t\t\"kms:Decrypt\",\n\t - \ \t\t\"kms:Encrypt\",\n\t \t\t\"kms:GenerateDataKey\",\n\t - \ \t\t\"kms:GenerateDataKeyWithoutPlainText\",\n\t \t\t\"kms:DescribeKey\"\n\t - \ \t],\n\t \t\"Resource\": \"*\"\n\t },\n\t {\n\t - \ \t\"Effect\": \"Allow\",\n\t \t\"Action\": [\n\t - \ \t\t\"kms:RevokeGrant\",\n\t \t\t\"kms:CreateGrant\",\n\t - \ \t\t\"kms:ListGrants\"\n\t \t],\n\t \t\"Resource\": - \"*\",\n\t \t\"Condition\": {\n\t \t\t\"Bool\": {\n\t - \ \t\t\t\"kms:GrantIsForAWSResource\": true\n\t \t\t}\n\t - \ \t}\n\t }\n ]\n}" - type: string - storageARN: - description: "StorageARN is an ARN value referencing a - role appropriate for the Storage Operator.\n\n\nThe - following is an example of a valid policy document:\n\n\n{\n\t\"Version\": - \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Effect\": - \"Allow\",\n\t\t\t\"Action\": [\n\t\t\t\t\"ec2:AttachVolume\",\n\t\t\t\t\"ec2:CreateSnapshot\",\n\t\t\t\t\"ec2:CreateTags\",\n\t\t\t\t\"ec2:CreateVolume\",\n\t\t\t\t\"ec2:DeleteSnapshot\",\n\t\t\t\t\"ec2:DeleteTags\",\n\t\t\t\t\"ec2:DeleteVolume\",\n\t\t\t\t\"ec2:DescribeInstances\",\n\t\t\t\t\"ec2:DescribeSnapshots\",\n\t\t\t\t\"ec2:DescribeTags\",\n\t\t\t\t\"ec2:DescribeVolumes\",\n\t\t\t\t\"ec2:DescribeVolumesModifications\",\n\t\t\t\t\"ec2:DetachVolume\",\n\t\t\t\t\"ec2:ModifyVolume\"\n\t\t\t],\n\t\t\t\"Resource\": - \"*\"\n\t\t}\n\t]\n}" - type: string - required: - - controlPlaneOperatorARN - - imageRegistryARN - - ingressARN - - kubeCloudControllerARN - - networkARN - - nodePoolManagementARN - - storageARN - type: object - serviceEndpoints: - description: |- - ServiceEndpoints specifies optional custom endpoints which will override - the default service endpoint of specific AWS Services. - - - There must be only one ServiceEndpoint for a given service name. - items: - description: |- - AWSServiceEndpoint stores the configuration for services to - override existing defaults of AWS Services. - properties: - name: - description: |- - Name is the name of the AWS service. - This must be provided and cannot be empty. - type: string - url: - description: |- - URL is fully qualified URI with scheme https, that overrides the default generated - endpoint for a client. - This must be provided and cannot be empty. - pattern: ^https:// - type: string - required: - - name - - url - type: object - type: array - required: - - controlPlaneOperatorCreds - - kubeCloudControllerCreds - - nodePoolManagementCreds - - region - - rolesRef - type: object - azure: - description: Azure defines azure specific settings - properties: - cloud: - default: AzurePublicCloud - description: 'The cloud environment identifier, valid values - could be found here: https://github.com/Azure/go-autorest/blob/4c0e21ca2bbb3251fe7853e6f9df6397f53dd419/autorest/azure/environments.go#L33' - enum: - - AzurePublicCloud - - AzureUSGovernmentCloud - - AzureChinaCloud - - AzureGermanCloud - type: string - credentials: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - location: - type: string - resourceGroup: - type: string - securityGroupID: - type: string - subnetID: - type: string - subscriptionID: - type: string - vnetID: - type: string - required: - - credentials - - location - - resourceGroup - - securityGroupID - - subnetID - - subscriptionID - - vnetID - type: object - ibmcloud: - description: IBMCloud defines IBMCloud specific settings for components - properties: - providerType: - description: ProviderType is a specific supported infrastructure - provider within IBM Cloud. - type: string - type: object - kubevirt: - description: KubeVirt defines KubeVirt specific settings for cluster - components. - properties: - baseDomainPassthrough: - description: |- - BaseDomainPassthrough toggles whether or not an automatically - generated base domain for the guest cluster should be used that - is a subdomain of the management cluster's *.apps DNS. - - - For the KubeVirt platform, the basedomain can be autogenerated using - the *.apps domain of the management/infra hosting cluster - This makes the guest cluster's base domain a subdomain of the - hypershift infra/mgmt cluster's base domain. - - - Example: - Infra/Mgmt cluster's DNS - Base: example.com - Cluster: mgmt-cluster.example.com - Apps: *.apps.mgmt-cluster.example.com - KubeVirt Guest cluster's DNS - Base: apps.mgmt-cluster.example.com - Cluster: guest.apps.mgmt-cluster.example.com - Apps: *.apps.guest.apps.mgmt-cluster.example.com - - - This is possible using OCP wildcard routes - type: boolean - x-kubernetes-validations: - - message: baseDomainPassthrough is immutable - rule: self == oldSelf - credentials: - description: |- - Credentials defines the client credentials used when creating KubeVirt virtual machines. - Defining credentials is only necessary when the KubeVirt virtual machines are being placed - on a cluster separate from the one hosting the Hosted Control Plane components. - - - The default behavior when Credentials is not defined is for the KubeVirt VMs to be placed on - the same cluster and namespace as the Hosted Control Plane. - properties: - infraKubeConfigSecret: - description: |- - InfraKubeConfigSecret is a reference to a secret that contains the kubeconfig for the external infra cluster - that will be used to host the KubeVirt virtual machines for this cluster. - properties: - key: - type: string - name: - type: string - required: - - key - - name - type: object - x-kubernetes-validations: - - message: infraKubeConfigSecret is immutable - rule: self == oldSelf - infraNamespace: - description: |- - InfraNamespace defines the namespace on the external infra cluster that is used to host the KubeVirt - virtual machines. This namespace must already exist before creating the HostedCluster and the kubeconfig - referenced in the InfraKubeConfigSecret must have access to manage the required resources within this - namespace. - type: string - x-kubernetes-validations: - - message: infraNamespace is immutable - rule: self == oldSelf - required: - - infraNamespace - type: object - generateID: - description: |- - GenerateID is used to uniquely apply a name suffix to resources associated with - kubevirt infrastructure resources - maxLength: 11 - type: string - x-kubernetes-validations: - - message: Kubevirt GenerateID is immutable once set - rule: self == oldSelf - storageDriver: - description: |- - StorageDriver defines how the KubeVirt CSI driver exposes StorageClasses on - the infra cluster (hosting the VMs) to the guest cluster. - properties: - manual: - description: |- - Manual is used to explicilty define how the infra storageclasses are - mapped to guest storageclasses - properties: - storageClassMapping: - description: |- - StorageClassMapping maps StorageClasses on the infra cluster hosting - the KubeVirt VMs to StorageClasses that are made available within the - Guest Cluster. - - - NOTE: It is possible that not all capablities of an infra cluster's - storageclass will be present for the corresponding guest clusters storageclass. - items: - properties: - group: - description: Group contains which group this - mapping belongs to. - type: string - guestStorageClassName: - description: |- - GuestStorageClassName is the name that the corresponding storageclass will - be called within the guest cluster - type: string - infraStorageClassName: - description: |- - InfraStorageClassName is the name of the infra cluster storage class that - will be exposed to the guest. - type: string - required: - - guestStorageClassName - - infraStorageClassName - type: object - type: array - x-kubernetes-validations: - - message: storageClassMapping is immutable - rule: self == oldSelf - volumeSnapshotClassMapping: - items: - properties: - group: - description: Group contains which group this - mapping belongs to. - type: string - guestVolumeSnapshotClassName: - description: |- - GuestVolumeSnapshotClassName is the name that the corresponding volumeSnapshotClass will - be called within the guest cluster - type: string - infraVolumeSnapshotClassName: - description: |- - InfraStorageClassName is the name of the infra cluster volume snapshot class that - will be exposed to the guest. - type: string - required: - - guestVolumeSnapshotClassName - - infraVolumeSnapshotClassName - type: object - type: array - x-kubernetes-validations: - - message: volumeSnapshotClassMapping is immutable - rule: self == oldSelf - type: object - x-kubernetes-validations: - - message: storageDriver.Manual is immutable - rule: self == oldSelf - type: - default: Default - description: Type represents the type of kubevirt csi - driver configuration to use - enum: - - None - - Default - - Manual - type: string - x-kubernetes-validations: - - message: storageDriver.Type is immutable - rule: self == oldSelf - type: object - x-kubernetes-validations: - - message: storageDriver is immutable - rule: self == oldSelf - type: object - x-kubernetes-validations: - - message: Kubevirt GenerateID is required once set - rule: '!has(oldSelf.generateID) || has(self.generateID)' - powervs: - description: |- - PowerVS specifies configuration for clusters running on IBMCloud Power VS Service. - This field is immutable. Once set, It can't be changed. - properties: - accountID: - description: |- - AccountID is the IBMCloud account id. - This field is immutable. Once set, It can't be changed. - type: string - cisInstanceCRN: - description: |- - CISInstanceCRN is the IBMCloud CIS Service Instance's Cloud Resource Name - This field is immutable. Once set, It can't be changed. - pattern: '^crn:' - type: string - imageRegistryOperatorCloudCreds: - description: |- - ImageRegistryOperatorCloudCreds is a reference to a secret containing ibm cloud - credentials for image registry operator to get authenticated with ibm cloud. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - ingressOperatorCloudCreds: - description: |- - IngressOperatorCloudCreds is a reference to a secret containing ibm cloud - credentials for ingress operator to get authenticated with ibm cloud. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - kubeCloudControllerCreds: - description: |- - KubeCloudControllerCreds is a reference to a secret containing cloud - credentials with permissions matching the cloud controller policy. - This field is immutable. Once set, It can't be changed. - - - TODO(dan): document the "cloud controller policy" - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - nodePoolManagementCreds: - description: |- - NodePoolManagementCreds is a reference to a secret containing cloud - credentials with permissions matching the node pool management policy. - This field is immutable. Once set, It can't be changed. - - - TODO(dan): document the "node pool management policy" - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - region: - description: |- - Region is the IBMCloud region in which the cluster resides. This configures the - OCP control plane cloud integrations, and is used by NodePool to resolve - the correct boot image for a given release. - This field is immutable. Once set, It can't be changed. - type: string - resourceGroup: - description: |- - ResourceGroup is the IBMCloud Resource Group in which the cluster resides. - This field is immutable. Once set, It can't be changed. - type: string - serviceInstanceID: - description: |- - ServiceInstance is the reference to the Power VS service on which the server instance(VM) will be created. - Power VS service is a container for all Power VS instances at a specific geographic region. - serviceInstance can be created via IBM Cloud catalog or CLI. - ServiceInstanceID is the unique identifier that can be obtained from IBM Cloud UI or IBM Cloud cli. - - - More detail about Power VS service instance. - https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-creating-power-virtual-server - - - This field is immutable. Once set, It can't be changed. - type: string - storageOperatorCloudCreds: - description: |- - StorageOperatorCloudCreds is a reference to a secret containing ibm cloud - credentials for storage operator to get authenticated with ibm cloud. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - subnet: - description: |- - Subnet is the subnet to use for control plane cloud resources. - This field is immutable. Once set, It can't be changed. - properties: - id: - description: ID of resource - type: string - name: - description: Name of resource - type: string - type: object - vpc: - description: |- - VPC specifies IBM Cloud PowerVS Load Balancing configuration for the control - plane. - This field is immutable. Once set, It can't be changed. - properties: - name: - description: |- - Name for VPC to used for all the service load balancer. - This field is immutable. Once set, It can't be changed. - type: string - region: - description: |- - Region is the IBMCloud region in which VPC gets created, this VPC used for all the ingress traffic - into the OCP cluster. - This field is immutable. Once set, It can't be changed. - type: string - subnet: - description: |- - Subnet is the subnet to use for load balancer. - This field is immutable. Once set, It can't be changed. - type: string - zone: - description: |- - Zone is the availability zone where load balancer cloud resources are - created. - This field is immutable. Once set, It can't be changed. - type: string - required: - - name - - region - type: object - zone: - description: |- - Zone is the availability zone where control plane cloud resources are - created. - This field is immutable. Once set, It can't be changed. - type: string - required: - - accountID - - cisInstanceCRN - - imageRegistryOperatorCloudCreds - - ingressOperatorCloudCreds - - kubeCloudControllerCreds - - nodePoolManagementCreds - - region - - resourceGroup - - serviceInstanceID - - storageOperatorCloudCreds - - subnet - - vpc - - zone - type: object - type: - description: Type is the type of infrastructure provider for the - cluster. - enum: - - AWS - - None - - IBMCloud - - Agent - - KubeVirt - - Azure - - PowerVS - type: string - required: - - type - type: object - podCIDR: - description: |- - deprecated - use networking.ClusterNetwork - type: string - pullSecret: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - releaseImage: - description: ReleaseImage is the release image applied to the hosted - control plane. - type: string - secretEncryption: - description: |- - SecretEncryption contains metadata about the kubernetes secret encryption strategy being used for the - cluster when applicable. - properties: - aescbc: - description: AESCBC defines metadata about the AESCBC secret encryption - strategy - properties: - activeKey: - description: ActiveKey defines the active key used to encrypt - new secrets - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - backupKey: - description: |- - BackupKey defines the old key during the rotation process so previously created - secrets can continue to be decrypted until they are all re-encrypted with the active key. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - required: - - activeKey - type: object - kms: - description: KMS defines metadata about the kms secret encryption - strategy - properties: - aws: - description: AWS defines metadata about the configuration - of the AWS KMS Secret Encryption provider - properties: - activeKey: - description: ActiveKey defines the active key used to - encrypt new secrets - properties: - arn: - description: ARN is the Amazon Resource Name for the - encryption key - pattern: '^arn:' - type: string - required: - - arn - type: object - auth: - description: Auth defines metadata about the management - of credentials used to interact with AWS KMS - properties: - awsKms: - description: "The referenced role must have a trust - relationship that allows it to be assumed via web - identity.\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html.\nExample:\n{\n\t\t\"Version\": - \"2012-10-17\",\n\t\t\"Statement\": [\n\t\t\t{\n\t\t\t\t\"Effect\": - \"Allow\",\n\t\t\t\t\"Principal\": {\n\t\t\t\t\t\"Federated\": - \"{{ .ProviderARN }}\"\n\t\t\t\t},\n\t\t\t\t\t\"Action\": - \"sts:AssumeRoleWithWebIdentity\",\n\t\t\t\t\"Condition\": - {\n\t\t\t\t\t\"StringEquals\": {\n\t\t\t\t\t\t\"{{ - .ProviderName }}:sub\": {{ .ServiceAccounts }}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t]\n\t}\n\n\nAWSKMSARN - is an ARN value referencing a role appropriate for - managing the auth via the AWS KMS key.\n\n\nThe - following is an example of a valid policy document:\n\n\n{\n\t\"Version\": - \"2012-10-17\",\n\t\"Statement\": [\n \t{\n\t\t\t\"Effect\": - \"Allow\",\n\t\t\t\"Action\": [\n\t\t\t\t\"kms:Encrypt\",\n\t\t\t\t\"kms:Decrypt\",\n\t\t\t\t\"kms:ReEncrypt*\",\n\t\t\t\t\"kms:GenerateDataKey*\",\n\t\t\t\t\"kms:DescribeKey\"\n\t\t\t],\n\t\t\t\"Resource\": - %q\n\t\t}\n\t]\n}" - type: string - credentials: - description: |- - Deprecated - This field is deprecated and will be removed in a future release. Use AWSKMSRoleARN instead. - Credentials contains the name of the secret that holds the aws credentials that can be used - to make the necessary KMS calls. It should at key AWSCredentialsFileSecretKey contain the - aws credentials file that can be used to configure AWS SDKs - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - required: - - awsKms - - credentials - type: object - backupKey: - description: |- - BackupKey defines the old key during the rotation process so previously created - secrets can continue to be decrypted until they are all re-encrypted with the active key. - properties: - arn: - description: ARN is the Amazon Resource Name for the - encryption key - pattern: '^arn:' - type: string - required: - - arn - type: object - region: - description: Region contains the AWS region - type: string - required: - - activeKey - - auth - - region - type: object - azure: - description: Azure defines metadata about the configuration - of the Azure KMS Secret Encryption provider using Azure - key vault - properties: - activeKey: - description: ActiveKey defines the active key used to - encrypt new secrets - properties: - keyName: - description: KeyName is the name of the keyvault key - used for encrypt/decrypt - type: string - keyVaultName: - description: |- - KeyVaultName is the name of the keyvault. Must match criteria specified at https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name - Your Microsoft Entra application used to create the cluster must be authorized to access this keyvault, e.g using the AzureCLI: - `az keyvault set-policy -n $KEYVAULT_NAME --key-permissions decrypt encrypt --spn ` - type: string - keyVersion: - description: KeyVersion contains the version of the - key to use - type: string - required: - - keyName - - keyVaultName - - keyVersion - type: object - backupKey: - description: |- - BackupKey defines the old key during the rotation process so previously created - secrets can continue to be decrypted until they are all re-encrypted with the active key. - properties: - keyName: - description: KeyName is the name of the keyvault key - used for encrypt/decrypt - type: string - keyVaultName: - description: |- - KeyVaultName is the name of the keyvault. Must match criteria specified at https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name - Your Microsoft Entra application used to create the cluster must be authorized to access this keyvault, e.g using the AzureCLI: - `az keyvault set-policy -n $KEYVAULT_NAME --key-permissions decrypt encrypt --spn ` - type: string - keyVersion: - description: KeyVersion contains the version of the - key to use - type: string - required: - - keyName - - keyVaultName - - keyVersion - type: object - required: - - activeKey - type: object - ibmcloud: - description: IBMCloud defines metadata for the IBM Cloud KMS - encryption strategy - properties: - auth: - description: Auth defines metadata for how authentication - is done with IBM Cloud KMS - properties: - managed: - description: |- - Managed defines metadata around the service to service authentication strategy for the IBM Cloud - KMS system (all provider managed). - type: object - type: - description: Type defines the IBM Cloud KMS authentication - strategy - enum: - - Managed - - Unmanaged - type: string - unmanaged: - description: Unmanaged defines the auth metadata the - customer provides to interact with IBM Cloud KMS - properties: - credentials: - description: |- - Credentials should reference a secret with a key field of IBMCloudIAMAPIKeySecretKey that contains a apikey to - call IBM Cloud KMS APIs - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - required: - - credentials - type: object - required: - - type - type: object - keyList: - description: KeyList defines the list of keys used for - data encryption - items: - description: IBMCloudKMSKeyEntry defines metadata for - an IBM Cloud KMS encryption key - properties: - correlationID: - description: CorrelationID is an identifier used - to track all api call usage from hypershift - type: string - crkID: - description: CRKID is the customer rook key id - type: string - instanceID: - description: InstanceID is the id for the key protect - instance - type: string - keyVersion: - description: |- - KeyVersion is a unique number associated with the key. The number increments whenever a new - key is enabled for data encryption. - type: integer - url: - description: URL is the url to call key protect - apis over - pattern: ^https:// - type: string - required: - - correlationID - - crkID - - instanceID - - keyVersion - - url - type: object - type: array - region: - description: Region is the IBM Cloud region - type: string - required: - - auth - - keyList - - region - type: object - provider: - description: Provider defines the KMS provider - enum: - - IBMCloud - - AWS - - Azure - type: string - required: - - provider - type: object - type: - description: Type defines the type of kube secret encryption being - used - enum: - - kms - - aescbc - type: string - required: - - type - type: object - serviceAccountSigningKey: - description: |- - ServiceAccountSigningKey is a reference to a secret containing the private key - used by the service account token issuer. The secret is expected to contain - a single key named "key". If not specified, a service account signing key will - be generated automatically for the cluster. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - serviceCIDR: - description: |- - deprecated - use networking.ServiceNetwork - type: string - services: - description: |- - Services defines metadata about how control plane services are published - in the management cluster. - items: - description: |- - ServicePublishingStrategyMapping specifies how individual control plane - services are published from the hosting cluster of a control plane. - properties: - service: - description: Service identifies the type of service being published. - enum: - - APIServer - - OAuthServer - - OIDC - - Konnectivity - - Ignition - - OVNSbDb - type: string - servicePublishingStrategy: - description: ServicePublishingStrategy specifies how to publish - Service. - properties: - loadBalancer: - description: LoadBalancer configures exposing a service - using a LoadBalancer. - properties: - hostname: - description: Hostname is the name of the DNS record - that will be created pointing to the LoadBalancer. - type: string - type: object - nodePort: - description: NodePort configures exposing a service using - a NodePort. - properties: - address: - description: Address is the host/ip that the NodePort - service is exposed over. - type: string - port: - description: |- - Port is the port of the NodePort service. If <=0, the port is dynamically - assigned when the service is created. - format: int32 - type: integer - required: - - address - type: object - route: - description: Route configures exposing a service using a - Route. - properties: - hostname: - description: Hostname is the name of the DNS record - that will be created pointing to the Route. - type: string - type: object - type: - description: Type is the publishing strategy used for the - service. - enum: - - LoadBalancer - - NodePort - - Route - - None - - S3 - type: string - required: - - type - type: object - required: - - service - - servicePublishingStrategy - type: object - type: array - sshKey: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - tolerations: - description: Tolerations when specified, define what custome tolerations - are added to the hcp pods. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - updateService: - description: |- - updateService may be used to specify the preferred upstream update service. - By default it will use the appropriate update service for the cluster and region. - type: string - required: - - dns - - etcd - - infraID - - issuerURL - - platform - - pullSecret - - releaseImage - - services - - sshKey - type: object - status: - description: HostedControlPlaneStatus defines the observed state of HostedControlPlane - properties: - conditions: - description: |- - Condition contains details for one aspect of the current state of the HostedControlPlane. - Current condition types are: "Available" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint contains the endpoint information by which - external clients can access the control plane. This is populated - after the infrastructure is ready. - properties: - host: - description: Host is the hostname on which the API server is serving. - type: string - port: - description: Port is the port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - externalManagedControlPlane: - default: true - description: |- - ExternalManagedControlPlane indicates to cluster-api that the control plane - is managed by an external service. - https://github.com/kubernetes-sigs/cluster-api/blob/65e5385bffd71bf4aad3cf34a537f11b217c7fab/controllers/machine_controller.go#L468 - type: boolean - initialized: - default: false - description: |- - Initialized denotes whether or not the control plane has - provided a kubeadm-config. - Once this condition is marked true, its value is never changed. See the Ready condition for an indication of - the current readiness of the cluster's control plane. - This satisfies CAPI contract https://github.com/kubernetes-sigs/cluster-api/blob/cd3a694deac89d5ebeb888307deaa61487207aa0/controllers/cluster_controller_phases.go#L238-L252 - type: boolean - kubeConfig: - description: |- - KubeConfig is a reference to the secret containing the default kubeconfig - for this control plane. - properties: - key: - type: string - name: - type: string - required: - - key - - name - type: object - kubeadminPassword: - description: |- - KubeadminPassword is a reference to the secret containing the initial kubeadmin password - for the guest cluster. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - lastReleaseImageTransitionTime: - description: |- - lastReleaseImageTransitionTime is the time of the last update to the current - releaseImage property. - - - Deprecated: Use versionStatus.history[0].startedTime instead. - format: date-time - type: string - nodeCount: - description: NodeCount tracks the number of nodes in the HostedControlPlane. - type: integer - oauthCallbackURLTemplate: - description: |- - OAuthCallbackURLTemplate contains a template for the URL to use as a callback - for identity providers. The [identity-provider-name] placeholder must be replaced - with the name of an identity provider defined on the HostedCluster. - This is populated after the infrastructure is ready. - type: string - platform: - description: Platform contains platform-specific status of the HostedCluster - properties: - aws: - description: AWSPlatformStatus contains status specific to the - AWS platform - properties: - defaultWorkerSecurityGroupID: - description: |- - DefaultWorkerSecurityGroupID is the ID of a security group created by - the control plane operator. It is always added to worker machines in - addition to any security groups specified in the NodePool. - type: string - type: object - type: object - ready: - default: false - description: |- - Ready denotes that the HostedControlPlane API Server is ready to - receive requests - This satisfies CAPI contract https://github.com/kubernetes-sigs/cluster-api/blob/cd3a694deac89d5ebeb888307deaa61487207aa0/controllers/cluster_controller_phases.go#L226-L230 - type: boolean - releaseImage: - description: |- - ReleaseImage is the release image applied to the hosted control plane. - - - Deprecated: Use versionStatus.desired.image instead. - type: string - version: - description: |- - Version is the semantic version of the release applied by - the hosted control plane operator - - - Deprecated: Use versionStatus.desired.version instead. - type: string - versionStatus: - description: |- - versionStatus is the status of the release version applied by the - hosted control plane operator. - properties: - availableUpdates: - description: |- - availableUpdates contains updates recommended for this - cluster. Updates which appear in conditionalUpdates but not in - availableUpdates may expose this cluster to known issues. This list - may be empty if no updates are recommended, if the update service - is unavailable, or if an invalid channel has been specified. - items: - description: Release represents an OpenShift release image and - associated metadata. - properties: - channels: - description: |- - channels is the set of Cincinnati channels to which the release - currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: |- - image is a container image location that contains the update. When this - field is part of spec, image is optional if version is specified and the - availableUpdates field contains a matching version. - type: string - url: - description: |- - url contains information about this release. This URL is set by - the 'url' metadata property on a release or the metadata returned by - the update API and should be displayed as a link in user - interfaces. The URL field may not be set for test or nightly - releases. - type: string - version: - description: |- - version is a semantic version identifying the update version. When this - field is part of spec, version is optional if image is specified. - type: string - type: object - nullable: true - type: array - conditionalUpdates: - description: |- - conditionalUpdates contains the list of updates that may be - recommended for this cluster if it meets specific required - conditions. Consumers interested in the set of updates that are - actually recommended for this cluster should use - availableUpdates. This list may be empty if no updates are - recommended, if the update service is unavailable, or if an empty - or invalid channel has been specified. - items: - description: |- - ConditionalUpdate represents an update which is recommended to some - clusters on the version the current cluster is reconciling, but which - may not be recommended for the current cluster. - properties: - conditions: - description: |- - conditions represents the observations of the conditional update's - current status. Known types are: - * Recommended, for whether the update is recommended for the current cluster. - items: - description: "Condition contains details for one aspect - of the current state of this API Resource.\n---\nThis - struct is intended for direct use as an array at the - field path .status.conditions. For example,\n\n\n\ttype - FooStatus struct{\n\t // Represents the observations - of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t - \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t - \ // +listType=map\n\t // +listMapKey=type\n\t - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, - False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - release: - description: release is the target of the update. - properties: - channels: - description: |- - channels is the set of Cincinnati channels to which the release - currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: |- - image is a container image location that contains the update. When this - field is part of spec, image is optional if version is specified and the - availableUpdates field contains a matching version. - type: string - url: - description: |- - url contains information about this release. This URL is set by - the 'url' metadata property on a release or the metadata returned by - the update API and should be displayed as a link in user - interfaces. The URL field may not be set for test or nightly - releases. - type: string - version: - description: |- - version is a semantic version identifying the update version. When this - field is part of spec, version is optional if image is specified. - type: string - type: object - risks: - description: |- - risks represents the range of issues associated with - updating to the target release. The cluster-version - operator will evaluate all entries, and only recommend the - update if there is at least one entry and all entries - recommend the update. - items: - description: |- - ConditionalUpdateRisk represents a reason and cluster-state - for not recommending a conditional update. - properties: - matchingRules: - description: |- - matchingRules is a slice of conditions for deciding which - clusters match the risk and which do not. The slice is - ordered by decreasing precedence. The cluster-version - operator will walk the slice in order, and stop after the - first it can successfully evaluate. If no condition can be - successfully evaluated, the update will not be recommended. - items: - description: |- - ClusterCondition is a union of typed cluster conditions. The 'type' - property determines which of the type-specific properties are relevant. - When evaluated on a cluster, the condition may match, not match, or - fail to evaluate. - properties: - promql: - description: promQL represents a cluster condition - based on PromQL. - properties: - promql: - description: |- - PromQL is a PromQL query classifying clusters. This query - query should return a 1 in the match case and a 0 in the - does-not-match case. Queries which return no time - series, or which return values besides 0 or 1, are - evaluation failures. - type: string - required: - - promql - type: object - type: - description: |- - type represents the cluster-condition type. This defines - the members and semantics of any additional properties. - enum: - - Always - - PromQL - type: string - required: - - type - type: object - minItems: 1 - type: array - x-kubernetes-list-type: atomic - message: - description: |- - message provides additional information about the risk of - updating, in the event that matchingRules match the cluster - state. This is only to be consumed by humans. It may - contain Line Feed characters (U+000A), which should be - rendered as new lines. - minLength: 1 - type: string - name: - description: |- - name is the CamelCase reason for not recommending a - conditional update, in the event that matchingRules match the - cluster state. - minLength: 1 - type: string - url: - description: url contains information about this risk. - format: uri - minLength: 1 - type: string - required: - - matchingRules - - message - - name - - url - type: object - minItems: 1 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - release - - risks - type: object - type: array - x-kubernetes-list-type: atomic - desired: - description: |- - desired is the version that the cluster is reconciling towards. - If the cluster is not yet fully initialized desired will be set - with the information available, which may be an image or a tag. - properties: - channels: - description: |- - channels is the set of Cincinnati channels to which the release - currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: |- - image is a container image location that contains the update. When this - field is part of spec, image is optional if version is specified and the - availableUpdates field contains a matching version. - type: string - url: - description: |- - url contains information about this release. This URL is set by - the 'url' metadata property on a release or the metadata returned by - the update API and should be displayed as a link in user - interfaces. The URL field may not be set for test or nightly - releases. - type: string - version: - description: |- - version is a semantic version identifying the update version. When this - field is part of spec, version is optional if image is specified. - type: string - type: object - history: - description: |- - history contains a list of the most recent versions applied to the cluster. - This value may be empty during cluster startup, and then will be updated - when a new update is being applied. The newest update is first in the - list and it is ordered by recency. Updates in the history have state - Completed if the rollout completed - if an update was failing or halfway - applied the state will be Partial. Only a limited amount of update history - is preserved. - items: - description: UpdateHistory is a single attempted update to the - cluster. - properties: - acceptedRisks: - description: |- - acceptedRisks records risks which were accepted to initiate the update. - For example, it may menition an Upgradeable=False or missing signature - that was overriden via desiredUpdate.force, or an update that was - initiated despite not being in the availableUpdates set of recommended - update targets. - type: string - completionTime: - description: |- - completionTime, if set, is when the update was fully applied. The update - that is currently being applied will have a null completion time. - Completion time will always be set for entries that are not the current - update (usually to the started time of the next update). - format: date-time - nullable: true - type: string - image: - description: |- - image is a container image location that contains the update. This value - is always populated. - type: string - startedTime: - description: startedTime is the time at which the update - was started. - format: date-time - type: string - state: - description: |- - state reflects whether the update was fully applied. The Partial state - indicates the update is not fully applied, while the Completed state - indicates the update was successfully rolled out at least once (all - parts of the update successfully applied). - type: string - verified: - description: |- - verified indicates whether the provided update was properly verified - before it was installed. If this is false the cluster may not be trusted. - Verified does not cover upgradeable checks that depend on the cluster - state at the time when the update target was accepted. - type: boolean - version: - description: |- - version is a semantic version identifying the update version. If the - requested image does not define a version, or if a failure occurs - retrieving the image, this value may be empty. - type: string - required: - - completionTime - - image - - startedTime - - state - - verified - type: object - type: array - observedGeneration: - description: |- - observedGeneration reports which version of the spec is being synced. - If this value is not equal to metadata.generation, then the desired - and conditions fields may represent a previous version. - format: int64 - type: integer - required: - - availableUpdates - - desired - - observedGeneration - type: object - required: - - initialized - - ready - type: object - type: object - served: true - storage: false - subresources: - status: {} - - name: v1beta1 - schema: - openAPIV3Schema: - description: HostedControlPlane defines the desired state of HostedControlPlane - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: HostedControlPlaneSpec defines the desired state of HostedControlPlane - properties: - additionalTrustBundle: - description: AdditionalTrustBundle references a ConfigMap containing - a PEM-encoded X.509 certificate bundle - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - auditWebhook: - description: |- - AuditWebhook contains metadata for configuring an audit webhook - endpoint for a cluster to process cluster audit events. It references - a secret that contains the webhook information for the audit webhook endpoint. - It is a secret because if the endpoint has MTLS the kubeconfig will contain client - keys. This is currently only supported in IBM Cloud. The kubeconfig needs to be stored - in the secret with a secret key name that corresponds to the constant AuditWebhookKubeconfigKey. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - autoscaling: - description: |- - Autoscaling specifies auto-scaling behavior that applies to all NodePools - associated with the control plane. - properties: - maxNodeProvisionTime: - description: |- - MaxNodeProvisionTime is the maximum time to wait for node provisioning - before considering the provisioning to be unsuccessful, expressed as a Go - duration string. The default is 15 minutes. - pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ - type: string - maxNodesTotal: - description: |- - MaxNodesTotal is the maximum allowable number of nodes across all NodePools - for a HostedCluster. The autoscaler will not grow the cluster beyond this - number. - format: int32 - minimum: 0 - type: integer - maxPodGracePeriod: - description: |- - MaxPodGracePeriod is the maximum seconds to wait for graceful pod - termination before scaling down a NodePool. The default is 600 seconds. - format: int32 - minimum: 0 - type: integer - podPriorityThreshold: - description: |- - PodPriorityThreshold enables users to schedule "best-effort" pods, which - shouldn't trigger autoscaler actions, but only run when there are spare - resources available. The default is -10. - - - See the following for more details: - https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#how-does-cluster-autoscaler-work-with-pod-priority-and-preemption - format: int32 - type: integer - type: object - channel: - description: |- - channel is an identifier for explicitly requesting that a non-default - set of updates be applied to this cluster. The default channel will be - contain stable updates that are appropriate for production clusters. - type: string - clusterID: - description: |- - ClusterID is the unique id that identifies the cluster externally. - Making it optional here allows us to keep compatibility with previous - versions of the control-plane-operator that have no knowledge of this - field. - type: string - configuration: - description: |- - Configuration embeds resources that correspond to the openshift configuration API: - https://docs.openshift.com/container-platform/4.7/rest_api/config_apis/config-apis-index.html - properties: - apiServer: - description: |- - APIServer holds configuration (like serving certificates, client CA and CORS domains) - shared by all API servers in the system, among them especially kube-apiserver - and openshift-apiserver. - properties: - additionalCORSAllowedOrigins: - description: |- - additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the - API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth - server from JavaScript applications. - The values are regular expressions that correspond to the Golang regular expression language. - items: - type: string - type: array - audit: - default: - profile: Default - description: |- - audit specifies the settings for audit configuration to be applied to all OpenShift-provided - API servers in the cluster. - properties: - customRules: - description: |- - customRules specify profiles per group. These profile take precedence over the - top-level profile field if they apply. They are evaluation from top to bottom and - the first one that matches, applies. - items: - description: |- - AuditCustomRule describes a custom rule for an audit profile that takes precedence over - the top-level profile. - properties: - group: - description: group is a name of group a request - user must be member of in order to this profile - to apply. - minLength: 1 - type: string - profile: - description: |- - profile specifies the name of the desired audit policy configuration to be deployed to - all OpenShift-provided API servers in the cluster. - - - The following profiles are provided: - - Default: the existing default policy. - - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for - write requests (create, update, patch). - - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response - HTTP payloads for read requests (get, list). - - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. - - - If unset, the 'Default' profile is used as the default. - enum: - - Default - - WriteRequestBodies - - AllRequestBodies - - None - type: string - required: - - group - - profile - type: object - type: array - x-kubernetes-list-map-keys: - - group - x-kubernetes-list-type: map - profile: - default: Default - description: |- - profile specifies the name of the desired top-level audit profile to be applied to all requests - sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, - openshift-apiserver and oauth-apiserver), with the exception of those requests that match - one or more of the customRules. - - - The following profiles are provided: - - Default: default policy which means MetaData level logging with the exception of events - (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody - level). - - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for - write requests (create, update, patch). - - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response - HTTP payloads for read requests (get, list). - - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. - - - Warning: It is not recommended to disable audit logging by using the `None` profile unless you - are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. - If you disable audit logging and a support situation arises, you might need to enable audit logging - and reproduce the issue in order to troubleshoot properly. - - - If unset, the 'Default' profile is used as the default. - enum: - - Default - - WriteRequestBodies - - AllRequestBodies - - None - type: string - type: object - clientCA: - description: |- - clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for - incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. - You usually only have to set this if you have your own PKI you wish to honor client certificates from. - The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - - ConfigMap.Data["ca-bundle.crt"] - CA bundle. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - encryption: - description: encryption allows the configuration of encryption - of resources at the datastore layer. - properties: - type: - description: |- - type defines what encryption type should be used to encrypt resources at the datastore layer. - When this field is unset (i.e. when it is set to the empty string), identity is implied. - The behavior of unset can and will change over time. Even if encryption is enabled by default, - the meaning of unset may change to a different encryption type based on changes in best practices. - - - When encryption is enabled, all sensitive resources shipped with the platform are encrypted. - This list of sensitive resources can and will change over time. The current authoritative list is: - - - 1. secrets - 2. configmaps - 3. routes.route.openshift.io - 4. oauthaccesstokens.oauth.openshift.io - 5. oauthauthorizetokens.oauth.openshift.io - enum: - - "" - - identity - - aescbc - - aesgcm - type: string - type: object - servingCerts: - description: |- - servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates - will be used for serving secure traffic. - properties: - namedCertificates: - description: |- - namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. - If no named certificates are provided, or no named certificates match the server name as understood by a client, - the defaultServingCertificate will be used. - items: - description: APIServerNamedServingCert maps a server - DNS name, as understood by a client, to a certificate. - properties: - names: - description: |- - names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to - serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. - Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names. - items: - type: string - type: array - servingCertificate: - description: |- - servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. - The secret must exist in the openshift-config namespace and contain the following required fields: - - Secret.Data["tls.key"] - TLS private key. - - Secret.Data["tls.crt"] - TLS certificate. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - type: object - type: array - type: object - tlsSecurityProfile: - description: |- - tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. - - - If unset, a default (which may change between releases) is chosen. Note that only Old, - Intermediate and Custom profiles are currently supported, and the maximum available - minTLSVersion is VersionTLS12. - properties: - custom: - description: |- - custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: - - - ciphers: - - - - ECDHE-ECDSA-CHACHA20-POLY1305 - - - - ECDHE-RSA-CHACHA20-POLY1305 - - - - ECDHE-RSA-AES128-GCM-SHA256 - - - - ECDHE-ECDSA-AES128-GCM-SHA256 - - - minTLSVersion: VersionTLS11 - nullable: true - properties: - ciphers: - description: |- - ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): - - - ciphers: - - DES-CBC3-SHA - items: - type: string - type: array - minTLSVersion: - description: |- - minTLSVersion is used to specify the minimal version of the TLS protocol - that is negotiated during the TLS handshake. For example, to use TLS - versions 1.1, 1.2 and 1.3 (yaml): - - - minTLSVersion: VersionTLS11 - - - NOTE: currently the highest minTLSVersion allowed is VersionTLS12 - enum: - - VersionTLS10 - - VersionTLS11 - - VersionTLS12 - - VersionTLS13 - type: string - type: object - intermediate: - description: |- - intermediate is a TLS security profile based on: - - - https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 - - - and looks like this (yaml): - - - ciphers: - - - - TLS_AES_128_GCM_SHA256 - - - - TLS_AES_256_GCM_SHA384 - - - - TLS_CHACHA20_POLY1305_SHA256 - - - - ECDHE-ECDSA-AES128-GCM-SHA256 - - - - ECDHE-RSA-AES128-GCM-SHA256 - - - - ECDHE-ECDSA-AES256-GCM-SHA384 - - - - ECDHE-RSA-AES256-GCM-SHA384 - - - - ECDHE-ECDSA-CHACHA20-POLY1305 - - - - ECDHE-RSA-CHACHA20-POLY1305 - - - - DHE-RSA-AES128-GCM-SHA256 - - - - DHE-RSA-AES256-GCM-SHA384 - - - minTLSVersion: VersionTLS12 - nullable: true - type: object - modern: - description: |- - modern is a TLS security profile based on: - - - https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility - - - and looks like this (yaml): - - - ciphers: - - - - TLS_AES_128_GCM_SHA256 - - - - TLS_AES_256_GCM_SHA384 - - - - TLS_CHACHA20_POLY1305_SHA256 - - - minTLSVersion: VersionTLS13 - nullable: true - type: object - old: - description: |- - old is a TLS security profile based on: - - - https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility - - - and looks like this (yaml): - - - ciphers: - - - - TLS_AES_128_GCM_SHA256 - - - - TLS_AES_256_GCM_SHA384 - - - - TLS_CHACHA20_POLY1305_SHA256 - - - - ECDHE-ECDSA-AES128-GCM-SHA256 - - - - ECDHE-RSA-AES128-GCM-SHA256 - - - - ECDHE-ECDSA-AES256-GCM-SHA384 - - - - ECDHE-RSA-AES256-GCM-SHA384 - - - - ECDHE-ECDSA-CHACHA20-POLY1305 - - - - ECDHE-RSA-CHACHA20-POLY1305 - - - - DHE-RSA-AES128-GCM-SHA256 - - - - DHE-RSA-AES256-GCM-SHA384 - - - - DHE-RSA-CHACHA20-POLY1305 - - - - ECDHE-ECDSA-AES128-SHA256 - - - - ECDHE-RSA-AES128-SHA256 - - - - ECDHE-ECDSA-AES128-SHA - - - - ECDHE-RSA-AES128-SHA - - - - ECDHE-ECDSA-AES256-SHA384 - - - - ECDHE-RSA-AES256-SHA384 - - - - ECDHE-ECDSA-AES256-SHA - - - - ECDHE-RSA-AES256-SHA - - - - DHE-RSA-AES128-SHA256 - - - - DHE-RSA-AES256-SHA256 - - - - AES128-GCM-SHA256 - - - - AES256-GCM-SHA384 - - - - AES128-SHA256 - - - - AES256-SHA256 - - - - AES128-SHA - - - - AES256-SHA - - - - DES-CBC3-SHA - - - minTLSVersion: VersionTLS10 - nullable: true - type: object - type: - description: |- - type is one of Old, Intermediate, Modern or Custom. Custom provides - the ability to specify individual TLS security profile parameters. - Old, Intermediate and Modern are TLS security profiles based on: - - - https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations - - - The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers - are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be - reduced. - - - Note that the Modern profile is currently not supported because it is not - yet well adopted by common software libraries. - enum: - - Old - - Intermediate - - Modern - - Custom - type: string - type: object - type: object - authentication: - description: |- - Authentication specifies cluster-wide settings for authentication (like OAuth and - webhook token authenticators). - properties: - oauthMetadata: - description: |- - oauthMetadata contains the discovery endpoint data for OAuth 2.0 - Authorization Server Metadata for an external OAuth server. - This discovery document can be viewed from its served location: - oc get --raw '/.well-known/oauth-authorization-server' - For further details, see the IETF Draft: - https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - If oauthMetadata.name is non-empty, this value has precedence - over any metadata reference stored in status. - The key "oauthMetadata" is used to locate the data. - If specified and the config map or expected key is not found, no metadata is served. - If the specified metadata is not valid, no metadata is served. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - oidcProviders: - description: |- - OIDCProviders are OIDC identity providers that can issue tokens - for this cluster - Can only be set if "Type" is set to "OIDC". - - - At most one provider can be configured. - items: - properties: - claimMappings: - description: |- - ClaimMappings describes rules on how to transform information from an - ID token into a cluster identity - properties: - groups: - description: |- - Groups is a name of the claim that should be used to construct - groups for the cluster identity. - The referenced claim must use array of strings values. - properties: - claim: - description: Claim is a JWT token claim to be - used in the mapping - type: string - prefix: - description: |- - Prefix is a string to prefix the value from the token in the result of the - claim mapping. - - - By default, no prefixing occurs. - - - Example: if `prefix` is set to "myoidc:"" and the `claim` in JWT contains - an array of strings "a", "b" and "c", the mapping will result in an - array of string "myoidc:a", "myoidc:b" and "myoidc:c". - type: string - required: - - claim - type: object - username: - description: |- - Username is a name of the claim that should be used to construct - usernames for the cluster identity. - - - Default value: "sub" - properties: - claim: - description: Claim is a JWT token claim to be - used in the mapping - type: string - prefix: - properties: - prefixString: - minLength: 1 - type: string - required: - - prefixString - type: object - prefixPolicy: - description: |- - PrefixPolicy specifies how a prefix should apply. - - - By default, claims other than `email` will be prefixed with the issuer URL to - prevent naming clashes with other plugins. - - - Set to "NoPrefix" to disable prefixing. - - - Example: - (1) `prefix` is set to "myoidc:" and `claim` is set to "username". - If the JWT claim `username` contains value `userA`, the resulting - mapped value will be "myoidc:userA". - (2) `prefix` is set to "myoidc:" and `claim` is set to "email". If the - JWT `email` claim contains value "userA@myoidc.tld", the resulting - mapped value will be "myoidc:userA@myoidc.tld". - (3) `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`, - the JWT claims include "username":"userA" and "email":"userA@myoidc.tld", - and `claim` is set to: - (a) "username": the mapped value will be "https://myoidc.tld#userA" - (b) "email": the mapped value will be "userA@myoidc.tld" - enum: - - "" - - NoPrefix - - Prefix - type: string - required: - - claim - type: object - x-kubernetes-validations: - - message: prefix must be set if prefixPolicy is - 'Prefix', but must remain unset otherwise - rule: 'has(self.prefixPolicy) && self.prefixPolicy - == ''Prefix'' ? (has(self.prefix) && size(self.prefix.prefixString) - > 0) : !has(self.prefix)' - type: object - claimValidationRules: - description: ClaimValidationRules are rules that are - applied to validate token claims to authenticate users. - items: - properties: - requiredClaim: - description: |- - RequiredClaim allows configuring a required claim name and its expected - value - properties: - claim: - description: |- - Claim is a name of a required claim. Only claims with string values are - supported. - minLength: 1 - type: string - requiredValue: - description: RequiredValue is the required - value for the claim. - minLength: 1 - type: string - required: - - claim - - requiredValue - type: object - type: - default: RequiredClaim - description: Type sets the type of the validation - rule - enum: - - RequiredClaim - type: string - type: object - type: array - x-kubernetes-list-type: atomic - issuer: - description: Issuer describes atributes of the OIDC - token issuer - properties: - audiences: - description: |- - Audiences is an array of audiences that the token was issued for. - Valid tokens must include at least one of these values in their - "aud" claim. - Must be set to exactly one value. - items: - minLength: 1 - type: string - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: set - issuerCertificateAuthority: - description: |- - CertificateAuthority is a reference to a config map in the - configuration namespace. The .data of the configMap must contain - the "ca-bundle.crt" key. - If unset, system trust is used instead. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - issuerURL: - description: |- - URL is the serving URL of the token issuer. - Must use the https:// scheme. - pattern: ^https:\/\/[^\s] - type: string - required: - - audiences - - issuerURL - type: object - name: - description: Name of the OIDC provider - minLength: 1 - type: string - oidcClients: - description: |- - OIDCClients contains configuration for the platform's clients that - need to request tokens from the issuer - items: - properties: - clientID: - description: ClientID is the identifier of the - OIDC client from the OIDC provider - minLength: 1 - type: string - clientSecret: - description: |- - ClientSecret refers to a secret in the `openshift-config` namespace that - contains the client secret in the `clientSecret` key of the `.data` field - properties: - name: - description: name is the metadata.name of - the referenced secret - type: string - required: - - name - type: object - componentName: - description: |- - ComponentName is the name of the component that is supposed to consume this - client configuration - maxLength: 256 - minLength: 1 - type: string - componentNamespace: - description: |- - ComponentNamespace is the namespace of the component that is supposed to consume this - client configuration - maxLength: 63 - minLength: 1 - type: string - extraScopes: - description: ExtraScopes is an optional set of - scopes to request tokens with. - items: - type: string - type: array - x-kubernetes-list-type: set - required: - - clientID - - componentName - - componentNamespace - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - componentNamespace - - componentName - x-kubernetes-list-type: map - required: - - issuer - - name - type: object - maxItems: 1 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - serviceAccountIssuer: - description: |- - serviceAccountIssuer is the identifier of the bound service account token - issuer. - The default is https://kubernetes.default.svc - WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the - previous issuer value. Instead, the tokens issued by previous service account issuer will continue to - be trusted for a time period chosen by the platform (currently set to 24h). - This time period is subject to change over time. - This allows internal components to transition to use new service account issuer without service distruption. - type: string - type: - description: |- - type identifies the cluster managed, user facing authentication mode in use. - Specifically, it manages the component that responds to login attempts. - The default is IntegratedOAuth. - type: string - webhookTokenAuthenticator: - description: |- - webhookTokenAuthenticator configures a remote token reviewer. - These remote authentication webhooks can be used to verify bearer tokens - via the tokenreviews.authentication.k8s.io REST API. This is required to - honor bearer tokens that are provisioned by an external authentication service. - - - Can only be set if "Type" is set to "None". - properties: - kubeConfig: - description: |- - kubeConfig references a secret that contains kube config file data which - describes how to access the remote webhook service. - The namespace for the referenced secret is openshift-config. - - - For further details, see: - - - https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - - - The key "kubeConfig" is used to locate the data. - If the secret or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook is not honored. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - required: - - kubeConfig - type: object - webhookTokenAuthenticators: - description: webhookTokenAuthenticators is DEPRECATED, setting - it has no effect. - items: - description: |- - deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. - It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field. - properties: - kubeConfig: - description: |- - kubeConfig contains kube config file data which describes how to access the remote webhook service. - For further details, see: - https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - The key "kubeConfig" is used to locate the data. - If the secret or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook is not honored. - The namespace for this secret is determined by the point of use. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - type: array - x-kubernetes-list-type: atomic - type: object - featureGate: - description: FeatureGate holds cluster-wide information about - feature gates. - properties: - customNoUpgrade: - description: |- - customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. - Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations - your cluster may fail in an unrecoverable way. featureSet must equal "CustomNoUpgrade" must be set to use this field. - nullable: true - properties: - disabled: - description: disabled is a list of all feature gates that - you want to force off - items: - description: FeatureGateName is a string to enforce - patterns on the name of a FeatureGate - pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$ - type: string - type: array - enabled: - description: enabled is a list of all feature gates that - you want to force on - items: - description: FeatureGateName is a string to enforce - patterns on the name of a FeatureGate - pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$ - type: string - type: array - type: object - featureSet: - description: |- - featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting. - Turning on or off features may cause irreversible changes in your cluster which cannot be undone. - type: string - x-kubernetes-validations: - - message: CustomNoUpgrade may not be changed - rule: 'oldSelf == ''CustomNoUpgrade'' ? self == ''CustomNoUpgrade'' - : true' - - message: TechPreviewNoUpgrade may not be changed - rule: 'oldSelf == ''TechPreviewNoUpgrade'' ? self == ''TechPreviewNoUpgrade'' - : true' - - message: DevPreviewNoUpgrade may not be changed - rule: 'oldSelf == ''DevPreviewNoUpgrade'' ? self == ''DevPreviewNoUpgrade'' - : true' - type: object - image: - description: |- - Image governs policies related to imagestream imports and runtime configuration - for external registries. It allows cluster admins to configure which registries - OpenShift is allowed to import images from, extra CA trust bundles for external - registries, and policies to block or allow registry hostnames. - When exposing OpenShift's image registry to the public, this also lets cluster - admins specify the external hostname. - properties: - additionalTrustedCA: - description: |- - additionalTrustedCA is a reference to a ConfigMap containing additional CAs that - should be trusted during imagestream import, pod image pull, build image pull, and - imageregistry pullthrough. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - allowedRegistriesForImport: - description: |- - allowedRegistriesForImport limits the container image registries that normal users may import - images from. Set this list to the registries that you trust to contain valid Docker - images and that you want applications to be able to import from. Users with - permission to create Images or ImageStreamMappings via the API are not affected by - this policy - typically only administrators or system integrations will have those - permissions. - items: - description: |- - RegistryLocation contains a location of the registry specified by the registry domain - name. The domain name might include wildcards, like '*' or '??'. - properties: - domainName: - description: |- - domainName specifies a domain name for the registry - In case the registry use non-standard (80 or 443) port, the port should be included - in the domain name as well. - type: string - insecure: - description: |- - insecure indicates whether the registry is secure (https) or insecure (http) - By default (if not specified) the registry is assumed as secure. - type: boolean - type: object - type: array - externalRegistryHostnames: - description: |- - externalRegistryHostnames provides the hostnames for the default external image - registry. The external hostname should be set only when the image registry - is exposed externally. The first value is used in 'publicDockerImageRepository' - field in ImageStreams. The value must be in "hostname[:port]" format. - items: - type: string - type: array - registrySources: - description: |- - registrySources contains configuration that determines how the container runtime - should treat individual registries when accessing images for builds+pods. (e.g. - whether or not to allow insecure access). It does not contain configuration for the - internal cluster registry. - properties: - allowedRegistries: - description: |- - allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. - - - Only one of BlockedRegistries or AllowedRegistries may be set. - items: - type: string - type: array - blockedRegistries: - description: |- - blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. - - - Only one of BlockedRegistries or AllowedRegistries may be set. - items: - type: string - type: array - containerRuntimeSearchRegistries: - description: |- - containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified - domains in their pull specs. Registries will be searched in the order provided in the list. - Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports. - format: hostname - items: - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - insecureRegistries: - description: insecureRegistries are registries which do - not have a valid TLS certificates or only support HTTP - connections. - items: - type: string - type: array - type: object - type: object - ingress: - description: |- - Ingress holds cluster-wide information about ingress, including the default ingress domain - used for routes. - properties: - appsDomain: - description: |- - appsDomain is an optional domain to use instead of the one specified - in the domain field when a Route is created without specifying an explicit - host. If appsDomain is nonempty, this value is used to generate default - host values for Route. Unlike domain, appsDomain may be modified after - installation. - This assumes a new ingresscontroller has been setup with a wildcard - certificate. - type: string - componentRoutes: - description: |- - componentRoutes is an optional list of routes that are managed by OpenShift components - that a cluster-admin is able to configure the hostname and serving certificate for. - The namespace and name of each route in this list should match an existing entry in the - status.componentRoutes list. - - - To determine the set of configurable Routes, look at namespace and name of entries in the - .status.componentRoutes list, where participating operators write the status of - configurable routes. - items: - description: ComponentRouteSpec allows for configuration - of a route's hostname and serving certificate. - properties: - hostname: - description: hostname is the hostname that should be - used by the route. - pattern: ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ - type: string - name: - description: |- - name is the logical name of the route to customize. - - - The namespace and name of this componentRoute must match a corresponding - entry in the list of status.componentRoutes if the route is to be customized. - maxLength: 256 - minLength: 1 - type: string - namespace: - description: |- - namespace is the namespace of the route to customize. - - - The namespace and name of this componentRoute must match a corresponding - entry in the list of status.componentRoutes if the route is to be customized. - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - servingCertKeyPairSecret: - description: |- - servingCertKeyPairSecret is a reference to a secret of type `kubernetes.io/tls` in the openshift-config namespace. - The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name. - If the custom hostname uses the default routing suffix of the cluster, - the Secret specification for a serving certificate will not be needed. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - required: - - hostname - - name - - namespace - type: object - type: array - x-kubernetes-list-map-keys: - - namespace - - name - x-kubernetes-list-type: map - domain: - description: |- - domain is used to generate a default host name for a route when the - route's host name is empty. The generated host name will follow this - pattern: "..". - - - It is also used as the default wildcard domain suffix for ingress. The - default ingresscontroller domain will follow this pattern: "*.". - - - Once set, changing domain is not currently supported. - type: string - loadBalancer: - description: |- - loadBalancer contains the load balancer details in general which are not only specific to the underlying infrastructure - provider of the current cluster and are required for Ingress Controller to work on OpenShift. - properties: - platform: - description: |- - platform holds configuration specific to the underlying - infrastructure provider for the ingress load balancers. - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - properties: - aws: - description: aws contains settings specific to the - Amazon Web Services infrastructure provider. - properties: - type: - description: |- - type allows user to set a load balancer type. - When this field is set the default ingresscontroller will get created using the specified LBType. - If this field is not set then the default ingress controller of LBType Classic will be created. - Valid values are: - - - * "Classic": A Classic Load Balancer that makes routing decisions at either - the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See - the following for additional details: - - - https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb - - - * "NLB": A Network Load Balancer that makes routing decisions at the - transport layer (TCP/SSL). See the following for additional details: - - - https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb - enum: - - NLB - - Classic - type: string - required: - - type - type: object - type: - description: |- - type is the underlying infrastructure provider for the cluster. - Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", - "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", - "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms, - and must handle unrecognized platforms as None if they do not support that platform. - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - type: object - type: object - requiredHSTSPolicies: - description: |- - requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created or updated routes - matching the domainPattern/s and namespaceSelector/s that are specified in the policy. - Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route - annotation, and affect route admission. - - - A candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation: - "haproxy.router.openshift.io/hsts_header" - E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains - - - - For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector, - then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted. Otherwise, the route - is rejected. - - The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies - determines the route's admission status. - - If the candidate route doesn't match any requiredHSTSPolicy domainPattern and optional namespaceSelector, - then it may use any HSTS Policy annotation. - - - The HSTS policy configuration may be changed after routes have already been created. An update to a previously - admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration. - However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working. - - - Note that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid. - items: - properties: - domainPatterns: - description: |- - domainPatterns is a list of domains for which the desired HSTS annotations are required. - If domainPatterns is specified and a route is created with a spec.host matching one of the domains, - the route must specify the HSTS Policy components described in the matching RequiredHSTSPolicy. - - - The use of wildcards is allowed like this: *.foo.com matches everything under foo.com. - foo.com only matches foo.com, so to cover foo.com and everything under it, you must specify *both*. - items: - type: string - minItems: 1 - type: array - includeSubDomainsPolicy: - description: |- - includeSubDomainsPolicy means the HSTS Policy should apply to any subdomains of the host's - domain name. Thus, for the host bar.foo.com, if includeSubDomainsPolicy was set to RequireIncludeSubDomains: - - the host app.bar.foo.com would inherit the HSTS Policy of bar.foo.com - - the host bar.foo.com would inherit the HSTS Policy of bar.foo.com - - the host foo.com would NOT inherit the HSTS Policy of bar.foo.com - - the host def.foo.com would NOT inherit the HSTS Policy of bar.foo.com - enum: - - RequireIncludeSubDomains - - RequireNoIncludeSubDomains - - NoOpinion - type: string - maxAge: - description: |- - maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts. - If set to 0, it negates the effect, and hosts are removed as HSTS hosts. - If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts. - maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS - policy will eventually expire on that client. - properties: - largestMaxAge: - description: |- - The largest allowed value (in seconds) of the RequiredHSTSPolicy max-age - This value can be left unspecified, in which case no upper limit is enforced. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - smallestMaxAge: - description: |- - The smallest allowed value (in seconds) of the RequiredHSTSPolicy max-age - Setting max-age=0 allows the deletion of an existing HSTS header from a host. This is a necessary - tool for administrators to quickly correct mistakes. - This value can be left unspecified, in which case no lower limit is enforced. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - type: object - namespaceSelector: - description: |- - namespaceSelector specifies a label selector such that the policy applies only to those routes that - are in namespaces with labels that match the selector, and are in one of the DomainPatterns. - Defaults to the empty LabelSelector, which matches everything. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - preloadPolicy: - description: |- - preloadPolicy directs the client to include hosts in its host preload list so that - it never needs to do an initial load to get the HSTS header (note that this is not defined - in RFC 6797 and is therefore client implementation-dependent). - enum: - - RequirePreload - - RequireNoPreload - - NoOpinion - type: string - required: - - domainPatterns - type: object - type: array - type: object - network: - description: |- - Network holds cluster-wide information about the network. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. - Please view network.spec for an explanation on what applies when configuring this resource. - TODO (csrwng): Add validation here to exclude changes that conflict with networking settings in the HostedCluster.Spec.Networking field. - properties: - clusterNetwork: - description: |- - IP address pool to use for pod IPs. - This field is immutable after installation. - items: - description: |- - ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs - are allocated. - properties: - cidr: - description: The complete block for pod IPs. - type: string - hostPrefix: - description: |- - The size (prefix) of block to allocate to each node. If this - field is not used by the plugin, it can be left unset. - format: int32 - minimum: 0 - type: integer - type: object - type: array - x-kubernetes-list-type: atomic - externalIP: - description: |- - externalIP defines configuration for controllers that - affect Service.ExternalIP. If nil, then ExternalIP is - not allowed to be set. - properties: - autoAssignCIDRs: - description: |- - autoAssignCIDRs is a list of CIDRs from which to automatically assign - Service.ExternalIP. These are assigned when the service is of type - LoadBalancer. In general, this is only useful for bare-metal clusters. - In Openshift 3.x, this was misleadingly called "IngressIPs". - Automatically assigned External IPs are not affected by any - ExternalIPPolicy rules. - Currently, only one entry may be provided. - items: - type: string - type: array - x-kubernetes-list-type: atomic - policy: - description: |- - policy is a set of restrictions applied to the ExternalIP field. - If nil or empty, then ExternalIP is not allowed to be set. - properties: - allowedCIDRs: - description: allowedCIDRs is the list of allowed CIDRs. - items: - type: string - type: array - x-kubernetes-list-type: atomic - rejectedCIDRs: - description: |- - rejectedCIDRs is the list of disallowed CIDRs. These take precedence - over allowedCIDRs. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - type: object - networkDiagnostics: - description: |- - networkDiagnostics defines network diagnostics configuration. - - - Takes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. - If networkDiagnostics is not specified or is empty, - and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true, - the network diagnostics feature will be disabled. - properties: - mode: - description: |- - mode controls the network diagnostics mode - - - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is All. - enum: - - "" - - All - - Disabled - type: string - sourcePlacement: - description: |- - sourcePlacement controls the scheduling of network diagnostics source deployment - - - See NetworkDiagnosticsSourcePlacement for more details about default values. - properties: - nodeSelector: - additionalProperties: - type: string - description: |- - nodeSelector is the node selector applied to network diagnostics components - - - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is `kubernetes.io/os: linux`. - type: object - tolerations: - description: |- - tolerations is a list of tolerations applied to network diagnostics components - - - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is an empty list. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - targetPlacement: - description: |- - targetPlacement controls the scheduling of network diagnostics target daemonset - - - See NetworkDiagnosticsTargetPlacement for more details about default values. - properties: - nodeSelector: - additionalProperties: - type: string - description: |- - nodeSelector is the node selector applied to network diagnostics components - - - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is `kubernetes.io/os: linux`. - type: object - tolerations: - description: |- - tolerations is a list of tolerations applied to network diagnostics components - - - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is `- operator: "Exists"` which means that all taints are tolerated. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - networkType: - description: |- - NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN). - This should match a value that the cluster-network-operator understands, - or else no networking will be installed. - Currently supported values are: - - OpenShiftSDN - This field is immutable after installation. - type: string - serviceNetwork: - description: |- - IP address pool for services. - Currently, we only support a single entry here. - This field is immutable after installation. - items: - type: string - type: array - x-kubernetes-list-type: atomic - serviceNodePortRange: - description: |- - The port range allowed for Services of type NodePort. - If not specified, the default of 30000-32767 will be used. - Such Services without a NodePort specified will have one - automatically allocated from this range. - This parameter can be updated after the cluster is - installed. - pattern: ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - type: object - oauth: - description: |- - OAuth holds cluster-wide information about OAuth. - It is used to configure the integrated OAuth server. - This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth. - properties: - identityProviders: - description: |- - identityProviders is an ordered list of ways for a user to identify themselves. - When this list is empty, no identities are provisioned for users. - items: - description: IdentityProvider provides identities for users - authenticating using credentials - properties: - basicAuth: - description: basicAuth contains configuration options - for the BasicAuth IdP - properties: - ca: - description: |- - ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - The key "ca.crt" is used to locate the data. - If specified and the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - If empty, the default system roots are used. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - tlsClientCert: - description: |- - tlsClientCert is an optional reference to a secret by name that contains the - PEM-encoded TLS client certificate to present when connecting to the server. - The key "tls.crt" is used to locate the data. - If specified and the secret or expected key is not found, the identity provider is not honored. - If the specified certificate data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - tlsClientKey: - description: |- - tlsClientKey is an optional reference to a secret by name that contains the - PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. - The key "tls.key" is used to locate the data. - If specified and the secret or expected key is not found, the identity provider is not honored. - If the specified certificate data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - url: - description: url is the remote URL to connect to - type: string - type: object - github: - description: github enables user authentication using - GitHub credentials - properties: - ca: - description: |- - ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - The key "ca.crt" is used to locate the data. - If specified and the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - If empty, the default system roots are used. - This can only be configured when hostname is set to a non-empty value. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: |- - clientSecret is a required reference to the secret by name containing the oauth client secret. - The key "clientSecret" is used to locate the data. - If the secret or expected key is not found, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - hostname: - description: |- - hostname is the optional domain (e.g. "mycompany.com") for use with a hosted instance of - GitHub Enterprise. - It must match the GitHub Enterprise settings value configured at /setup/settings#hostname. - type: string - organizations: - description: organizations optionally restricts - which organizations are allowed to log in - items: - type: string - type: array - teams: - description: teams optionally restricts which teams - are allowed to log in. Format is /. - items: - type: string - type: array - type: object - gitlab: - description: gitlab enables user authentication using - GitLab credentials - properties: - ca: - description: |- - ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - The key "ca.crt" is used to locate the data. - If specified and the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - If empty, the default system roots are used. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: |- - clientSecret is a required reference to the secret by name containing the oauth client secret. - The key "clientSecret" is used to locate the data. - If the secret or expected key is not found, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - url: - description: url is the oauth server base URL - type: string - type: object - google: - description: google enables user authentication using - Google credentials - properties: - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: |- - clientSecret is a required reference to the secret by name containing the oauth client secret. - The key "clientSecret" is used to locate the data. - If the secret or expected key is not found, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - hostedDomain: - description: hostedDomain is the optional Google - App domain (e.g. "mycompany.com") to restrict - logins to - type: string - type: object - htpasswd: - description: htpasswd enables user authentication using - an HTPasswd file to validate credentials - properties: - fileData: - description: |- - fileData is a required reference to a secret by name containing the data to use as the htpasswd file. - The key "htpasswd" is used to locate the data. - If the secret or expected key is not found, the identity provider is not honored. - If the specified htpasswd data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - type: object - keystone: - description: keystone enables user authentication using - keystone password credentials - properties: - ca: - description: |- - ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - The key "ca.crt" is used to locate the data. - If specified and the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - If empty, the default system roots are used. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - domainName: - description: domainName is required for keystone - v3 - type: string - tlsClientCert: - description: |- - tlsClientCert is an optional reference to a secret by name that contains the - PEM-encoded TLS client certificate to present when connecting to the server. - The key "tls.crt" is used to locate the data. - If specified and the secret or expected key is not found, the identity provider is not honored. - If the specified certificate data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - tlsClientKey: - description: |- - tlsClientKey is an optional reference to a secret by name that contains the - PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. - The key "tls.key" is used to locate the data. - If specified and the secret or expected key is not found, the identity provider is not honored. - If the specified certificate data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - url: - description: url is the remote URL to connect to - type: string - type: object - ldap: - description: ldap enables user authentication using - LDAP credentials - properties: - attributes: - description: attributes maps LDAP attributes to - identities - properties: - email: - description: |- - email is the list of attributes whose values should be used as the email address. Optional. - If unspecified, no email is set for the identity - items: - type: string - type: array - id: - description: |- - id is the list of attributes whose values should be used as the user ID. Required. - First non-empty attribute is used. At least one attribute is required. If none of the listed - attribute have a value, authentication fails. - LDAP standard identity attribute is "dn" - items: - type: string - type: array - name: - description: |- - name is the list of attributes whose values should be used as the display name. Optional. - If unspecified, no display name is set for the identity - LDAP standard display name attribute is "cn" - items: - type: string - type: array - preferredUsername: - description: |- - preferredUsername is the list of attributes whose values should be used as the preferred username. - LDAP standard login attribute is "uid" - items: - type: string - type: array - type: object - bindDN: - description: bindDN is an optional DN to bind with - during the search phase. - type: string - bindPassword: - description: |- - bindPassword is an optional reference to a secret by name - containing a password to bind with during the search phase. - The key "bindPassword" is used to locate the data. - If specified and the secret or expected key is not found, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - ca: - description: |- - ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - The key "ca.crt" is used to locate the data. - If specified and the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - If empty, the default system roots are used. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - insecure: - description: |- - insecure, if true, indicates the connection should not use TLS - WARNING: Should not be set to `true` with the URL scheme "ldaps://" as "ldaps://" URLs always - attempt to connect using TLS, even when `insecure` is set to `true` - When `true`, "ldap://" URLS connect insecurely. When `false`, "ldap://" URLs are upgraded to - a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830. - type: boolean - url: - description: |- - url is an RFC 2255 URL which specifies the LDAP search parameters to use. - The syntax of the URL is: - ldap://host:port/basedn?attribute?scope?filter - type: string - type: object - mappingMethod: - description: |- - mappingMethod determines how identities from this provider are mapped to users - Defaults to "claim" - type: string - name: - description: |- - name is used to qualify the identities returned by this provider. - - It MUST be unique and not shared by any other identity provider used - - It MUST be a valid path segment: name cannot equal "." or ".." or contain "/" or "%" or ":" - Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName - type: string - openID: - description: openID enables user authentication using - OpenID credentials - properties: - ca: - description: |- - ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - The key "ca.crt" is used to locate the data. - If specified and the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - If empty, the default system roots are used. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - claims: - description: claims mappings - properties: - email: - description: |- - email is the list of claims whose values should be used as the email address. Optional. - If unspecified, no email is set for the identity - items: - type: string - type: array - x-kubernetes-list-type: atomic - groups: - description: |- - groups is the list of claims value of which should be used to synchronize groups - from the OIDC provider to OpenShift for the user. - If multiple claims are specified, the first one with a non-empty value is used. - items: - description: |- - OpenIDClaim represents a claim retrieved from an OpenID provider's tokens or userInfo - responses - minLength: 1 - type: string - type: array - x-kubernetes-list-type: atomic - name: - description: |- - name is the list of claims whose values should be used as the display name. Optional. - If unspecified, no display name is set for the identity - items: - type: string - type: array - x-kubernetes-list-type: atomic - preferredUsername: - description: |- - preferredUsername is the list of claims whose values should be used as the preferred username. - If unspecified, the preferred username is determined from the value of the sub claim - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: |- - clientSecret is a required reference to the secret by name containing the oauth client secret. - The key "clientSecret" is used to locate the data. - If the secret or expected key is not found, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced secret - type: string - required: - - name - type: object - extraAuthorizeParameters: - additionalProperties: - type: string - description: extraAuthorizeParameters are any custom - parameters to add to the authorize request. - type: object - extraScopes: - description: extraScopes are any scopes to request - in addition to the standard "openid" scope. - items: - type: string - type: array - issuer: - description: |- - issuer is the URL that the OpenID Provider asserts as its Issuer Identifier. - It must use the https scheme with no query or fragment component. - type: string - type: object - requestHeader: - description: requestHeader enables user authentication - using request header credentials - properties: - ca: - description: |- - ca is a required reference to a config map by name containing the PEM-encoded CA bundle. - It is used as a trust anchor to validate the TLS certificate presented by the remote server. - Specifically, it allows verification of incoming requests to prevent header spoofing. - The key "ca.crt" is used to locate the data. - If the config map or expected key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider is not honored. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - challengeURL: - description: |- - challengeURL is a URL to redirect unauthenticated /authorize requests to - Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be - redirected here. - ${url} is replaced with the current URL, escaped to be safe in a query parameter - https://www.example.com/sso-login?then=${url} - ${query} is replaced with the current query string - https://www.example.com/auth-proxy/oauth/authorize?${query} - Required when challenge is set to true. - type: string - clientCommonNames: - description: |- - clientCommonNames is an optional list of common names to require a match from. If empty, any - client certificate validated against the clientCA bundle is considered authoritative. - items: - type: string - type: array - emailHeaders: - description: emailHeaders is the set of headers - to check for the email address - items: - type: string - type: array - headers: - description: headers is the set of headers to check - for identity information - items: - type: string - type: array - loginURL: - description: |- - loginURL is a URL to redirect unauthenticated /authorize requests to - Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here - ${url} is replaced with the current URL, escaped to be safe in a query parameter - https://www.example.com/sso-login?then=${url} - ${query} is replaced with the current query string - https://www.example.com/auth-proxy/oauth/authorize?${query} - Required when login is set to true. - type: string - nameHeaders: - description: nameHeaders is the set of headers to - check for the display name - items: - type: string - type: array - preferredUsernameHeaders: - description: preferredUsernameHeaders is the set - of headers to check for the preferred username - items: - type: string - type: array - type: object - type: - description: type identifies the identity provider type - for this entry. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - templates: - description: templates allow you to customize pages like the - login page. - properties: - error: - description: |- - error is the name of a secret that specifies a go template to use to render error pages - during the authentication or grant flow. - The key "errors.html" is used to locate the template data. - If specified and the secret or expected key is not found, the default error page is used. - If the specified template is not valid, the default error page is used. - If unspecified, the default error page is used. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - login: - description: |- - login is the name of a secret that specifies a go template to use to render the login page. - The key "login.html" is used to locate the template data. - If specified and the secret or expected key is not found, the default login page is used. - If the specified template is not valid, the default login page is used. - If unspecified, the default login page is used. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - providerSelection: - description: |- - providerSelection is the name of a secret that specifies a go template to use to render - the provider selection page. - The key "providers.html" is used to locate the template data. - If specified and the secret or expected key is not found, the default provider selection page is used. - If the specified template is not valid, the default provider selection page is used. - If unspecified, the default provider selection page is used. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - tokenConfig: - description: tokenConfig contains options for authorization - and access tokens - properties: - accessTokenInactivityTimeout: - description: |- - accessTokenInactivityTimeout defines the token inactivity timeout - for tokens granted by any client. - The value represents the maximum amount of time that can occur between - consecutive uses of the token. Tokens become invalid if they are not - used within this temporal window. The user will need to acquire a new - token to regain access once a token times out. Takes valid time - duration string such as "5m", "1.5h" or "2h45m". The minimum allowed - value for duration is 300s (5 minutes). If the timeout is configured - per client, then that value takes precedence. If the timeout value is - not specified and the client does not override the value, then tokens - are valid until their lifetime. - - - WARNING: existing tokens' timeout will not be affected (lowered) by changing this value - type: string - accessTokenInactivityTimeoutSeconds: - description: 'accessTokenInactivityTimeoutSeconds - DEPRECATED: - setting this field has no effect.' - format: int32 - type: integer - accessTokenMaxAgeSeconds: - description: accessTokenMaxAgeSeconds defines the maximum - age of access tokens - format: int32 - type: integer - type: object - type: object - x-kubernetes-validations: - - message: spec.configuration.oauth.tokenConfig.accessTokenInactivityTimeout - minimum acceptable token timeout value is 300 seconds - rule: '!has(self.tokenConfig) || !has(self.tokenConfig.accessTokenInactivityTimeout) - || duration(self.tokenConfig.accessTokenInactivityTimeout).getSeconds() - >= 300' - operatorhub: - description: |- - OperatorHub specifies the configuration for the Operator Lifecycle Manager in the HostedCluster. This is only configured at deployment time but the controller are not reconcilling over it. - The OperatorHub configuration will be constantly reconciled if catalog placement is management, but only on cluster creation otherwise. - properties: - disableAllDefaultSources: - description: |- - disableAllDefaultSources allows you to disable all the default hub - sources. If this is true, a specific entry in sources can be used to - enable a default source. If this is false, a specific entry in - sources can be used to disable or enable a default source. - type: boolean - sources: - description: |- - sources is the list of default hub sources and their configuration. - If the list is empty, it implies that the default hub sources are - enabled on the cluster unless disableAllDefaultSources is true. - If disableAllDefaultSources is true and sources is not empty, - the configuration present in sources will take precedence. The list of - default hub sources and their current state will always be reflected in - the status block. - items: - description: HubSource is used to specify the hub source - and its configuration - properties: - disabled: - description: disabled is used to disable a default hub - source on cluster - type: boolean - name: - description: name is the name of one of the default - hub sources - maxLength: 253 - minLength: 1 - type: string - type: object - type: array - type: object - proxy: - description: Proxy holds cluster-wide information on how to configure - default proxies for the cluster. - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. Empty - means unset and will not result in an env var. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS - requests. Empty means unset and will not result in an env - var. - type: string - noProxy: - description: |- - noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. - Empty means unset and will not result in an env var. - type: string - readinessEndpoints: - description: readinessEndpoints is a list of endpoints used - to verify readiness of the proxy. - items: - type: string - type: array - trustedCA: - description: |- - trustedCA is a reference to a ConfigMap containing a CA certificate bundle. - The trustedCA field should only be consumed by a proxy validator. The - validator is responsible for reading the certificate bundle from the required - key "ca-bundle.crt", merging it with the system default trust bundle, - and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle" - in the "openshift-config-managed" namespace. Clients that expect to make - proxy connections must use the trusted-ca-bundle for all HTTPS requests to - the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as - well. - - - The namespace for the ConfigMap referenced by trustedCA is - "openshift-config". Here is an example ConfigMap (in yaml): - - - apiVersion: v1 - kind: ConfigMap - metadata: - name: user-ca-bundle - namespace: openshift-config - data: - ca-bundle.crt: | - -----BEGIN CERTIFICATE----- - Custom CA certificate bundle. - -----END CERTIFICATE----- - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - type: object - scheduler: - description: |- - Scheduler holds cluster-wide config information to run the Kubernetes Scheduler - and influence its placement decisions. The canonical name for this config is `cluster`. - properties: - defaultNodeSelector: - description: |- - defaultNodeSelector helps set the cluster-wide default node selector to - restrict pod placement to specific nodes. This is applied to the pods - created in all namespaces and creates an intersection with any existing - nodeSelectors already set on a pod, additionally constraining that pod's selector. - For example, - defaultNodeSelector: "type=user-node,region=east" would set nodeSelector - field in pod spec to "type=user-node,region=east" to all pods created - in all namespaces. Namespaces having project-wide node selectors won't be - impacted even if this field is set. This adds an annotation section to - the namespace. - For example, if a new namespace is created with - node-selector='type=user-node,region=east', - the annotation openshift.io/node-selector: type=user-node,region=east - gets added to the project. When the openshift.io/node-selector annotation - is set on the project the value is used in preference to the value we are setting - for defaultNodeSelector field. - For instance, - openshift.io/node-selector: "type=user-node,region=west" means - that the default of "type=user-node,region=east" set in defaultNodeSelector - would not be applied. - type: string - mastersSchedulable: - description: |- - MastersSchedulable allows masters nodes to be schedulable. When this flag is - turned on, all the master nodes in the cluster will be made schedulable, - so that workload pods can run on them. The default value for this field is false, - meaning none of the master nodes are schedulable. - Important Note: Once the workload pods start running on the master nodes, - extreme care must be taken to ensure that cluster-critical control plane components - are not impacted. - Please turn on this field after doing due diligence. - type: boolean - policy: - description: |- - DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. - policy is a reference to a ConfigMap containing scheduler policy which has - user specified predicates and priorities. If this ConfigMap is not available - scheduler will default to use DefaultAlgorithmProvider. - The namespace for this configmap is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - profile: - description: |- - profile sets which scheduling profile should be set in order to configure scheduling - decisions for new pods. - - - Valid values are "LowNodeUtilization", "HighNodeUtilization", "NoScoring" - Defaults to "LowNodeUtilization" - enum: - - "" - - LowNodeUtilization - - HighNodeUtilization - - NoScoring - type: string - profileCustomizations: - description: profileCustomizations contains configuration - for modifying the default behavior of existing scheduler - profiles. - properties: - dynamicResourceAllocation: - description: |- - dynamicResourceAllocation allows to enable or disable dynamic resource allocation within the scheduler. - Dynamic resource allocation is an API for requesting and sharing resources between pods and containers inside a pod. - Third-party resource drivers are responsible for tracking and allocating resources. - Different kinds of resources support arbitrary parameters for defining requirements and initialization. - Valid values are Enabled, Disabled and omitted. - When omitted, this means no opinion and the platform is left to choose a reasonable default, - which is subject to change over time. - The current default is Disabled. - enum: - - "" - - Enabled - - Disabled - type: string - type: object - type: object - type: object - controlPlaneReleaseImage: - description: |- - ControlPlaneReleaseImage specifies the desired OCP release payload for - control plane components running on the management cluster. - If not defined, ReleaseImage is used - type: string - controllerAvailabilityPolicy: - default: SingleReplica - description: |- - ControllerAvailabilityPolicy specifies the availability policy applied to - critical control plane components. The default value is SingleReplica. - type: string - x-kubernetes-validations: - - message: ControllerAvailabilityPolicy is immutable - rule: self == oldSelf - dns: - description: DNSSpec specifies the DNS configuration in the cluster. - properties: - baseDomain: - description: BaseDomain is the base domain of the cluster. - type: string - baseDomainPrefix: - description: |- - BaseDomainPrefix is the base domain prefix of the cluster. - defaults to clusterName if not set. Set it to "" if you don't want a prefix to be prepended to BaseDomain. - type: string - privateZoneID: - description: |- - PrivateZoneID is the Hosted Zone ID where all the DNS records that are only - available internally to the cluster exist. - type: string - publicZoneID: - description: |- - PublicZoneID is the Hosted Zone ID where all the DNS records that are - publicly accessible to the internet exist. - type: string - required: - - baseDomain - type: object - etcd: - description: |- - Etcd contains metadata about the etcd cluster the hypershift managed Openshift control plane components - use to store data. - properties: - managed: - description: Managed specifies the behavior of an etcd cluster - managed by HyperShift. - properties: - storage: - description: Storage specifies how etcd data is persisted. - properties: - persistentVolume: - description: |- - PersistentVolume is the configuration for PersistentVolume etcd storage. - With this implementation, a PersistentVolume will be allocated for every - etcd member (either 1 or 3 depending on the HostedCluster control plane - availability configuration). - properties: - size: - anyOf: - - type: integer - - type: string - default: 8Gi - description: Size is the minimum size of the data - volume for each etcd member. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - x-kubernetes-validations: - - message: Etcd PV storage size is immutable - rule: self == oldSelf - storageClassName: - description: |- - StorageClassName is the StorageClass of the data volume for each etcd member. - - - See https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1. - type: string - type: object - restoreSnapshotURL: - description: |- - RestoreSnapshotURL allows an optional URL to be provided where - an etcd snapshot can be downloaded, for example a pre-signed URL - referencing a storage service. - This snapshot will be restored on initial startup, only when the etcd PV - is empty. - items: - type: string - type: array - x-kubernetes-validations: - - message: RestoreSnapshotURL shouldn't contain more than - 1 entry - rule: self.size() <= 1 - type: - description: Type is the kind of persistent storage implementation - to use for etcd. - enum: - - PersistentVolume - type: string - required: - - type - type: object - required: - - storage - type: object - managementType: - description: ManagementType defines how the etcd cluster is managed. - enum: - - Managed - - Unmanaged - type: string - unmanaged: - description: |- - Unmanaged specifies configuration which enables the control plane to - integrate with an eternally managed etcd cluster. - properties: - endpoint: - description: |- - Endpoint is the full etcd cluster client endpoint URL. For example: - - - https://etcd-client:2379 - - - If the URL uses an HTTPS scheme, the TLS field is required. - pattern: ^https:// - type: string - tls: - description: TLS specifies TLS configuration for HTTPS etcd - client endpoints. - properties: - clientSecret: - description: |- - ClientSecret refers to a secret for client mTLS authentication with the etcd cluster. It - may have the following key/value pairs: - - - etcd-client-ca.crt: Certificate Authority value - etcd-client.crt: Client certificate value - etcd-client.key: Client certificate key value - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - required: - - clientSecret - type: object - required: - - endpoint - - tls - type: object - required: - - managementType - type: object - fips: - description: FIPS specifies if the nodes for the cluster will be running - in FIPS mode - type: boolean - imageContentSources: - description: ImageContentSources lists sources/repositories for the - release-image content. - items: - description: |- - ImageContentSource specifies image mirrors that can be used by cluster nodes - to pull content. For cluster workloads, if a container image registry host of - the pullspec matches Source then one of the Mirrors are substituted as hosts - in the pullspec and tried in order to fetch the image. - properties: - mirrors: - description: Mirrors are one or more repositories that may also - contain the same images. - items: - type: string - type: array - source: - description: |- - Source is the repository that users refer to, e.g. in image pull - specifications. - type: string - required: - - source - type: object - type: array - infraID: - type: string - infrastructureAvailabilityPolicy: - default: SingleReplica - description: |- - InfrastructureAvailabilityPolicy specifies the availability policy applied - to infrastructure services which run on cluster nodes. The default value is - SingleReplica. - type: string - issuerURL: - description: |- - IssuerURL is an OIDC issuer URL which is used as the issuer in all - ServiceAccount tokens generated by the control plane API server. The - default value is kubernetes.default.svc, which only works for in-cluster - validation. - type: string - kubeconfig: - description: KubeConfig specifies the name and key for the kubeconfig - secret - properties: - key: - type: string - name: - type: string - required: - - key - - name - type: object - networking: - description: |- - Networking specifies network configuration for the cluster. - Temporarily optional for backward compatibility, required in future releases. - properties: - apiServer: - description: |- - APIServer contains advanced network settings for the API server that affect - how the APIServer is exposed inside a cluster node. - properties: - advertiseAddress: - description: |- - AdvertiseAddress is the address that nodes will use to talk to the API - server. This is an address associated with the loopback adapter of each - node. If not specified, the controller will take default values. - The default values will be set as 172.20.0.1 or fd00::1. - type: string - allowedCIDRBlocks: - description: |- - AllowedCIDRBlocks is an allow list of CIDR blocks that can access the APIServer - If not specified, traffic is allowed from all addresses. - This depends on underlying support by the cloud provider for Service LoadBalancerSourceRanges - items: - pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$ - type: string - type: array - port: - description: |- - Port is the port at which the APIServer is exposed inside a node. Other - pods using host networking cannot listen on this port. - If unset 6443 is used. - This is useful to choose a port other than the default one which might interfere with customer environments e.g. https://github.com/openshift/hypershift/pull/356. - Setting this to 443 is possible only for backward compatibility reasons and it's discouraged. - Doing so, it would result in the controller overriding the KAS endpoint in the guest cluster having a discrepancy with the KAS Pod and potentially causing temporarily network failures. - format: int32 - type: integer - type: object - clusterNetwork: - default: - - cidr: 10.132.0.0/14 - description: ClusterNetwork is the list of IP address pools for - pods. - items: - description: |- - ClusterNetworkEntry is a single IP address block for pod IP blocks. IP blocks - are allocated with size 2^HostSubnetLength. - properties: - cidr: - description: CIDR is the IP block address pool. - type: string - hostPrefix: - description: |- - HostPrefix is the prefix size to allocate to each node from the CIDR. - For example, 24 would allocate 2^8=256 adresses to each node. If this - field is not used by the plugin, it can be left unset. - format: int32 - type: integer - required: - - cidr - type: object - type: array - machineNetwork: - description: MachineNetwork is the list of IP address pools for - machines. - items: - description: MachineNetworkEntry is a single IP address block - for node IP blocks. - properties: - cidr: - description: CIDR is the IP block address pool for machines - within the cluster. - type: string - required: - - cidr - type: object - type: array - networkType: - default: OVNKubernetes - description: NetworkType specifies the SDN provider used for cluster - networking. - enum: - - OpenShiftSDN - - Calico - - OVNKubernetes - - Other - type: string - serviceNetwork: - default: - - cidr: 172.31.0.0/16 - description: |- - ServiceNetwork is the list of IP address pools for services. - NOTE: currently only one entry is supported. - items: - description: ServiceNetworkEntry is a single IP address block - for the service network. - properties: - cidr: - description: CIDR is the IP block address pool for services - within the cluster. - type: string - required: - - cidr - type: object - type: array - required: - - clusterNetwork - - networkType - type: object - nodeSelector: - additionalProperties: - type: string - description: NodeSelector when specified, must be true for the pods - managed by the HostedCluster to be scheduled. - type: object - olmCatalogPlacement: - default: management - description: |- - OLMCatalogPlacement specifies the placement of OLM catalog components. By default, - this is set to management and OLM catalog components are deployed onto the management - cluster. If set to guest, the OLM catalog components will be deployed onto the guest - cluster. - enum: - - management - - guest - type: string - pausedUntil: - description: |- - PausedUntil is a field that can be used to pause reconciliation on a resource. - Either a date can be provided in RFC3339 format or a boolean. If a date is - provided: reconciliation is paused on the resource until that date. If the boolean true is - provided: reconciliation is paused on the resource until the field is removed. - type: string - platform: - description: |- - PlatformSpec specifies the underlying infrastructure provider for the cluster - and is used to configure platform specific behavior. - properties: - agent: - description: Agent specifies configuration for agent-based installations. - properties: - agentNamespace: - description: AgentNamespace is the namespace where to search - for Agents for this cluster - type: string - required: - - agentNamespace - type: object - aws: - description: AWS specifies configuration for clusters running - on Amazon Web Services. - properties: - additionalAllowedPrincipals: - description: |- - AdditionalAllowedPrincipals specifies a list of additional allowed principal ARNs - to be added to the hosted control plane's VPC Endpoint Service to enable additional - VPC Endpoint connection requests to be automatically accepted. - See https://docs.aws.amazon.com/vpc/latest/privatelink/configure-endpoint-service.html - for more details around VPC Endpoint Service allowed principals. - items: - type: string - type: array - cloudProviderConfig: - description: |- - CloudProviderConfig specifies AWS networking configuration for the control - plane. - This is mainly used for cloud provider controller config: - https://github.com/kubernetes/kubernetes/blob/f5be5052e3d0808abb904aebd3218fe4a5c2dd82/staging/src/k8s.io/legacy-cloud-providers/aws/aws.go#L1347-L1364 - TODO(dan): should this be named AWSNetworkConfig? - properties: - subnet: - description: Subnet is the subnet to use for control plane - cloud resources. - properties: - filters: - description: |- - Filters is a set of key/value pairs used to identify a resource - They are applied according to the rules defined by the AWS API: - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html - items: - description: Filter is a filter used to identify - an AWS resource - properties: - name: - description: Name of the filter. Filter names - are case-sensitive. - type: string - values: - description: Values includes one or more filter - values. Filter values are case-sensitive. - items: - type: string - type: array - required: - - name - - values - type: object - type: array - id: - description: ID of resource - type: string - type: object - vpc: - description: VPC is the VPC to use for control plane cloud - resources. - type: string - zone: - description: |- - Zone is the availability zone where control plane cloud resources are - created. - type: string - required: - - vpc - type: object - endpointAccess: - default: Public - description: |- - EndpointAccess specifies the publishing scope of cluster endpoints. The - default is Public. - enum: - - Public - - PublicAndPrivate - - Private - type: string - multiArch: - default: false - description: |- - MultiArch specifies whether the Hosted Cluster will be expected to support NodePools with different - CPU architectures, i.e., supporting arm64 NodePools and supporting amd64 NodePools on the same Hosted Cluster. - type: boolean - region: - description: |- - Region is the AWS region in which the cluster resides. This configures the - OCP control plane cloud integrations, and is used by NodePool to resolve - the correct boot AMI for a given release. - type: string - resourceTags: - description: |- - ResourceTags is a list of additional tags to apply to AWS resources created - for the cluster. See - https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for - information on tagging AWS resources. AWS supports a maximum of 50 tags per - resource. OpenShift reserves 25 tags for its use, leaving 25 tags available - for the user. - items: - description: AWSResourceTag is a tag to apply to AWS resources - created for the cluster. - properties: - key: - description: Key is the key of the tag. - maxLength: 128 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - value: - description: |- - Value is the value of the tag. - - - Some AWS service do not support empty values. Since tags are added to - resources in many services, the length of the tag value must meet the - requirements of all services. - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - required: - - key - - value - type: object - maxItems: 25 - type: array - rolesRef: - description: |- - RolesRef contains references to various AWS IAM roles required to enable - integrations such as OIDC. - properties: - controlPlaneOperatorARN: - description: "ControlPlaneOperatorARN is an ARN value - referencing a role appropriate for the Control Plane - Operator.\n\n\nThe following is an example of a valid - policy document:\n\n\n{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": - [\n\t\t{\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Action\": - [\n\t\t\t\t\"ec2:CreateVpcEndpoint\",\n\t\t\t\t\"ec2:DescribeVpcEndpoints\",\n\t\t\t\t\"ec2:ModifyVpcEndpoint\",\n\t\t\t\t\"ec2:DeleteVpcEndpoints\",\n\t\t\t\t\"ec2:CreateTags\",\n\t\t\t\t\"route53:ListHostedZones\",\n\t\t\t\t\"ec2:CreateSecurityGroup\",\n\t\t\t\t\"ec2:AuthorizeSecurityGroupIngress\",\n\t\t\t\t\"ec2:AuthorizeSecurityGroupEgress\",\n\t\t\t\t\"ec2:DeleteSecurityGroup\",\n\t\t\t\t\"ec2:RevokeSecurityGroupIngress\",\n\t\t\t\t\"ec2:RevokeSecurityGroupEgress\",\n\t\t\t\t\"ec2:DescribeSecurityGroups\",\n\t\t\t\t\"ec2:DescribeVpcs\",\n\t\t\t],\n\t\t\t\"Resource\": - \"*\"\n\t\t},\n\t\t{\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Action\": - [\n\t\t\t\t\"route53:ChangeResourceRecordSets\",\n\t\t\t\t\"route53:ListResourceRecordSets\"\n\t\t\t],\n\t\t\t\"Resource\": - \"arn:aws:route53:::%s\"\n\t\t}\n\t]\n}" - type: string - imageRegistryARN: - description: "ImageRegistryARN is an ARN value referencing - a role appropriate for the Image Registry Operator.\n\n\nThe - following is an example of a valid policy document:\n\n\n{\n\t\"Version\": - \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Effect\": - \"Allow\",\n\t\t\t\"Action\": [\n\t\t\t\t\"s3:CreateBucket\",\n\t\t\t\t\"s3:DeleteBucket\",\n\t\t\t\t\"s3:PutBucketTagging\",\n\t\t\t\t\"s3:GetBucketTagging\",\n\t\t\t\t\"s3:PutBucketPublicAccessBlock\",\n\t\t\t\t\"s3:GetBucketPublicAccessBlock\",\n\t\t\t\t\"s3:PutEncryptionConfiguration\",\n\t\t\t\t\"s3:GetEncryptionConfiguration\",\n\t\t\t\t\"s3:PutLifecycleConfiguration\",\n\t\t\t\t\"s3:GetLifecycleConfiguration\",\n\t\t\t\t\"s3:GetBucketLocation\",\n\t\t\t\t\"s3:ListBucket\",\n\t\t\t\t\"s3:GetObject\",\n\t\t\t\t\"s3:PutObject\",\n\t\t\t\t\"s3:DeleteObject\",\n\t\t\t\t\"s3:ListBucketMultipartUploads\",\n\t\t\t\t\"s3:AbortMultipartUpload\",\n\t\t\t\t\"s3:ListMultipartUploadParts\"\n\t\t\t],\n\t\t\t\"Resource\": - \"*\"\n\t\t}\n\t]\n}" - type: string - ingressARN: - description: "The referenced role must have a trust relationship - that allows it to be assumed via web identity.\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html.\nExample:\n{\n\t\t\"Version\": - \"2012-10-17\",\n\t\t\"Statement\": [\n\t\t\t{\n\t\t\t\t\"Effect\": - \"Allow\",\n\t\t\t\t\"Principal\": {\n\t\t\t\t\t\"Federated\": - \"{{ .ProviderARN }}\"\n\t\t\t\t},\n\t\t\t\t\t\"Action\": - \"sts:AssumeRoleWithWebIdentity\",\n\t\t\t\t\"Condition\": - {\n\t\t\t\t\t\"StringEquals\": {\n\t\t\t\t\t\t\"{{ .ProviderName - }}:sub\": {{ .ServiceAccounts }}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t]\n\t}\n\n\nIngressARN - is an ARN value referencing a role appropriate for the - Ingress Operator.\n\n\nThe following is an example of - a valid policy document:\n\n\n{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": - [\n\t\t{\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Action\": - [\n\t\t\t\t\"elasticloadbalancing:DescribeLoadBalancers\",\n\t\t\t\t\"tag:GetResources\",\n\t\t\t\t\"route53:ListHostedZones\"\n\t\t\t],\n\t\t\t\"Resource\": - \"*\"\n\t\t},\n\t\t{\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Action\": - [\n\t\t\t\t\"route53:ChangeResourceRecordSets\"\n\t\t\t],\n\t\t\t\"Resource\": - [\n\t\t\t\t\"arn:aws:route53:::PUBLIC_ZONE_ID\",\n\t\t\t\t\"arn:aws:route53:::PRIVATE_ZONE_ID\"\n\t\t\t]\n\t\t}\n\t]\n}" - type: string - kubeCloudControllerARN: - description: |- - KubeCloudControllerARN is an ARN value referencing a role appropriate for the KCM/KCC. - Source: https://cloud-provider-aws.sigs.k8s.io/prerequisites/#iam-policies - - - The following is an example of a valid policy document: - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DescribeTags", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInstances", - "ec2:DescribeImages", - "ec2:DescribeRegions", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVolumes", - "ec2:CreateSecurityGroup", - "ec2:CreateTags", - "ec2:CreateVolume", - "ec2:ModifyInstanceAttribute", - "ec2:ModifyVolume", - "ec2:AttachVolume", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateRoute", - "ec2:DeleteRoute", - "ec2:DeleteSecurityGroup", - "ec2:DeleteVolume", - "ec2:DetachVolume", - "ec2:RevokeSecurityGroupIngress", - "ec2:DescribeVpcs", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:AttachLoadBalancerToSubnets", - "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", - "elasticloadbalancing:CreateLoadBalancer", - "elasticloadbalancing:CreateLoadBalancerPolicy", - "elasticloadbalancing:CreateLoadBalancerListeners", - "elasticloadbalancing:ConfigureHealthCheck", - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:DeleteLoadBalancerListeners", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DetachLoadBalancerFromSubnets", - "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", - "elasticloadbalancing:ModifyLoadBalancerAttributes", - "elasticloadbalancing:RegisterInstancesWithLoadBalancer", - "elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:CreateTargetGroup", - "elasticloadbalancing:DeleteListener", - "elasticloadbalancing:DeleteTargetGroup", - "elasticloadbalancing:DeregisterTargets", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "elasticloadbalancing:ModifyListener", - "elasticloadbalancing:ModifyTargetGroup", - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:SetLoadBalancerPoliciesOfListener", - "iam:CreateServiceLinkedRole", - "kms:DescribeKey" - ], - "Resource": [ - "*" - ], - "Effect": "Allow" - } - ] - } - type: string - networkARN: - description: "NetworkARN is an ARN value referencing a - role appropriate for the Network Operator.\n\n\nThe - following is an example of a valid policy document:\n\n\n{\n\t\"Version\": - \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Effect\": - \"Allow\",\n\t\t\t\"Action\": [\n\t\t\t\t\"ec2:DescribeInstances\",\n - \ \"ec2:DescribeInstanceStatus\",\n \"ec2:DescribeInstanceTypes\",\n - \ \"ec2:UnassignPrivateIpAddresses\",\n \"ec2:AssignPrivateIpAddresses\",\n - \ \"ec2:UnassignIpv6Addresses\",\n \"ec2:AssignIpv6Addresses\",\n - \ \"ec2:DescribeSubnets\",\n \"ec2:DescribeNetworkInterfaces\"\n\t\t\t],\n\t\t\t\"Resource\": - \"*\"\n\t\t}\n\t]\n}" - type: string - nodePoolManagementARN: - description: "NodePoolManagementARN is an ARN value referencing - a role appropriate for the CAPI Controller.\n\n\nThe - following is an example of a valid policy document:\n\n\n{\n - \ \"Version\": \"2012-10-17\",\n \"Statement\": [\n - \ {\n \"Action\": [\n \"ec2:AssociateRouteTable\",\n - \ \"ec2:AttachInternetGateway\",\n \"ec2:AuthorizeSecurityGroupIngress\",\n - \ \"ec2:CreateInternetGateway\",\n \"ec2:CreateNatGateway\",\n - \ \"ec2:CreateRoute\",\n \"ec2:CreateRouteTable\",\n - \ \"ec2:CreateSecurityGroup\",\n \"ec2:CreateSubnet\",\n - \ \"ec2:CreateTags\",\n \"ec2:DeleteInternetGateway\",\n - \ \"ec2:DeleteNatGateway\",\n \"ec2:DeleteRouteTable\",\n - \ \"ec2:DeleteSecurityGroup\",\n \"ec2:DeleteSubnet\",\n - \ \"ec2:DeleteTags\",\n \"ec2:DescribeAccountAttributes\",\n - \ \"ec2:DescribeAddresses\",\n \"ec2:DescribeAvailabilityZones\",\n - \ \"ec2:DescribeImages\",\n \"ec2:DescribeInstances\",\n - \ \"ec2:DescribeInternetGateways\",\n \"ec2:DescribeNatGateways\",\n - \ \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DescribeNetworkInterfaceAttribute\",\n - \ \"ec2:DescribeRouteTables\",\n \"ec2:DescribeSecurityGroups\",\n - \ \"ec2:DescribeSubnets\",\n \"ec2:DescribeVpcs\",\n - \ \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeVolumes\",\n - \ \"ec2:DetachInternetGateway\",\n \"ec2:DisassociateRouteTable\",\n - \ \"ec2:DisassociateAddress\",\n \"ec2:ModifyInstanceAttribute\",\n - \ \"ec2:ModifyNetworkInterfaceAttribute\",\n \"ec2:ModifySubnetAttribute\",\n - \ \"ec2:RevokeSecurityGroupIngress\",\n \"ec2:RunInstances\",\n - \ \"ec2:TerminateInstances\",\n \"tag:GetResources\",\n - \ \"ec2:CreateLaunchTemplate\",\n \"ec2:CreateLaunchTemplateVersion\",\n - \ \"ec2:DescribeLaunchTemplates\",\n \"ec2:DescribeLaunchTemplateVersions\",\n - \ \"ec2:DeleteLaunchTemplate\",\n \"ec2:DeleteLaunchTemplateVersions\"\n - \ ],\n \"Resource\": [\n \"*\"\n ],\n - \ \"Effect\": \"Allow\"\n },\n {\n \"Condition\": - {\n \"StringLike\": {\n \"iam:AWSServiceName\": - \"elasticloadbalancing.amazonaws.com\"\n }\n },\n - \ \"Action\": [\n \"iam:CreateServiceLinkedRole\"\n - \ ],\n \"Resource\": [\n \"arn:*:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing\"\n - \ ],\n \"Effect\": \"Allow\"\n },\n {\n \"Action\": - [\n \"iam:PassRole\"\n ],\n \"Resource\": - [\n \"arn:*:iam::*:role/*-worker-role\"\n ],\n - \ \"Effect\": \"Allow\"\n },\n\t {\n\t \t\"Effect\": - \"Allow\",\n\t \t\"Action\": [\n\t \t\t\"kms:Decrypt\",\n\t - \ \t\t\"kms:ReEncrypt\",\n\t \t\t\"kms:GenerateDataKeyWithoutPlainText\",\n\t - \ \t\t\"kms:DescribeKey\"\n\t \t],\n\t \t\"Resource\": - \"*\"\n\t },\n\t {\n\t \t\"Effect\": \"Allow\",\n\t - \ \t\"Action\": [\n\t \t\t\"kms:CreateGrant\"\n\t \t],\n\t - \ \t\"Resource\": \"*\",\n\t \t\"Condition\": {\n\t - \ \t\t\"Bool\": {\n\t \t\t\t\"kms:GrantIsForAWSResource\": - true\n\t \t\t}\n\t \t}\n\t }\n ]\n}" - type: string - storageARN: - description: "StorageARN is an ARN value referencing a - role appropriate for the Storage Operator.\n\n\nThe - following is an example of a valid policy document:\n\n\n{\n\t\"Version\": - \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Effect\": - \"Allow\",\n\t\t\t\"Action\": [\n\t\t\t\t\"ec2:AttachVolume\",\n\t\t\t\t\"ec2:CreateSnapshot\",\n\t\t\t\t\"ec2:CreateTags\",\n\t\t\t\t\"ec2:CreateVolume\",\n\t\t\t\t\"ec2:DeleteSnapshot\",\n\t\t\t\t\"ec2:DeleteTags\",\n\t\t\t\t\"ec2:DeleteVolume\",\n\t\t\t\t\"ec2:DescribeInstances\",\n\t\t\t\t\"ec2:DescribeSnapshots\",\n\t\t\t\t\"ec2:DescribeTags\",\n\t\t\t\t\"ec2:DescribeVolumes\",\n\t\t\t\t\"ec2:DescribeVolumesModifications\",\n\t\t\t\t\"ec2:DetachVolume\",\n\t\t\t\t\"ec2:ModifyVolume\"\n\t\t\t],\n\t\t\t\"Resource\": - \"*\"\n\t\t}\n\t]\n}" - type: string - required: - - controlPlaneOperatorARN - - imageRegistryARN - - ingressARN - - kubeCloudControllerARN - - networkARN - - nodePoolManagementARN - - storageARN - type: object - serviceEndpoints: - description: |- - ServiceEndpoints specifies optional custom endpoints which will override - the default service endpoint of specific AWS Services. - - - There must be only one ServiceEndpoint for a given service name. - items: - description: |- - AWSServiceEndpoint stores the configuration for services to - override existing defaults of AWS Services. - properties: - name: - description: |- - Name is the name of the AWS service. - This must be provided and cannot be empty. - type: string - url: - description: |- - URL is fully qualified URI with scheme https, that overrides the default generated - endpoint for a client. - This must be provided and cannot be empty. - pattern: ^https:// - type: string - required: - - name - - url - type: object - type: array - required: - - region - - rolesRef - type: object - azure: - description: Azure defines azure specific settings - properties: - cloud: - default: AzurePublicCloud - description: 'Cloud is the cloud environment identifier, valid - values could be found here: https://github.com/Azure/go-autorest/blob/4c0e21ca2bbb3251fe7853e6f9df6397f53dd419/autorest/azure/environments.go#L33' - enum: - - AzurePublicCloud - - AzureUSGovernmentCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureStackCloud - type: string - credentials: - description: |- - Credentials is the object containing existing Azure credentials needed for creating and managing cloud - infrastructure resources. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - location: - description: |- - Location is the Azure region in where all the cloud infrastructure resources will be created. - - - Example: eastus - type: string - x-kubernetes-validations: - - message: Location is immutable - rule: self == oldSelf - resourceGroup: - default: default - description: |- - ResourceGroupName is the name of an existing resource group where all cloud resources created by the Hosted - Cluster are to be placed. The resource group is expected to exist under the same subscription as SubscriptionID. - - - In ARO HCP, this will be the managed resource group where customer cloud resources will be created. - - - Resource group naming requirements can be found here: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.ResourceGroup.Name/. - - - Example: if your resource group ID is /subscriptions//resourceGroups/, your - ResourceGroupName is . - pattern: ^[a-zA-Z0-9_()\-\.]{1,89}[a-zA-Z0-9_()\-]$ - type: string - x-kubernetes-validations: - - message: ResourceGroupName is immutable - rule: self == oldSelf - securityGroupID: - description: |- - SecurityGroupID is the ID of an existing security group on the SubnetID. This field is provided as part of the - configuration for the Azure cloud provider, aka Azure cloud controller manager (CCM). This security group is - expected to exist under the same subscription as SubscriptionID. - type: string - x-kubernetes-validations: - - message: SecurityGroupID is immutable - rule: self == oldSelf - subnetID: - description: |- - SubnetID is the subnet ID of an existing subnet where the load balancer for node egress will be created. This - subnet is expected to be a subnet within the VNET specified in VnetID. This subnet is expected to exist under the - same subscription as SubscriptionID. - - - In ARO HCP, managed services will create the aforementioned load balancer in ResourceGroupName. - type: string - x-kubernetes-validations: - - message: SubnetID is immutable - rule: self == oldSelf - subscriptionID: - description: SubscriptionID is a unique identifier for an - Azure subscription used to manage resources. - type: string - x-kubernetes-validations: - - message: SubscriptionID is immutable - rule: self == oldSelf - vnetID: - description: |- - VnetID is the ID of an existing VNET to use in creating VMs. The VNET can exist in a different resource group - other than the one specified in ResourceGroupName, but it must exist under the same subscription as - SubscriptionID. - - - In ARO HCP, this will be the ID of the customer provided VNET. - - - Example: /subscriptions//resourceGroups//providers/Microsoft.Network/virtualNetworks/ - type: string - x-kubernetes-validations: - - message: VnetID is immutable - rule: self == oldSelf - required: - - credentials - - location - - resourceGroup - - subnetID - - subscriptionID - type: object - ibmcloud: - description: IBMCloud defines IBMCloud specific settings for components - properties: - providerType: - description: ProviderType is a specific supported infrastructure - provider within IBM Cloud. - type: string - type: object - kubevirt: - description: KubeVirt defines KubeVirt specific settings for cluster - components. - properties: - baseDomainPassthrough: - description: |- - BaseDomainPassthrough toggles whether or not an automatically - generated base domain for the guest cluster should be used that - is a subdomain of the management cluster's *.apps DNS. - - - For the KubeVirt platform, the basedomain can be autogenerated using - the *.apps domain of the management/infra hosting cluster - This makes the guest cluster's base domain a subdomain of the - hypershift infra/mgmt cluster's base domain. - - - Example: - Infra/Mgmt cluster's DNS - Base: example.com - Cluster: mgmt-cluster.example.com - Apps: *.apps.mgmt-cluster.example.com - KubeVirt Guest cluster's DNS - Base: apps.mgmt-cluster.example.com - Cluster: guest.apps.mgmt-cluster.example.com - Apps: *.apps.guest.apps.mgmt-cluster.example.com - - - This is possible using OCP wildcard routes - type: boolean - x-kubernetes-validations: - - message: baseDomainPassthrough is immutable - rule: self == oldSelf - credentials: - description: |- - Credentials defines the client credentials used when creating KubeVirt virtual machines. - Defining credentials is only necessary when the KubeVirt virtual machines are being placed - on a cluster separate from the one hosting the Hosted Control Plane components. - - - The default behavior when Credentials is not defined is for the KubeVirt VMs to be placed on - the same cluster and namespace as the Hosted Control Plane. - properties: - infraKubeConfigSecret: - description: |- - InfraKubeConfigSecret is a reference to a secret that contains the kubeconfig for the external infra cluster - that will be used to host the KubeVirt virtual machines for this cluster. - properties: - key: - type: string - name: - type: string - required: - - key - - name - type: object - x-kubernetes-validations: - - message: infraKubeConfigSecret is immutable - rule: self == oldSelf - infraNamespace: - description: |- - InfraNamespace defines the namespace on the external infra cluster that is used to host the KubeVirt - virtual machines. This namespace must already exist before creating the HostedCluster and the kubeconfig - referenced in the InfraKubeConfigSecret must have access to manage the required resources within this - namespace. - type: string - x-kubernetes-validations: - - message: infraNamespace is immutable - rule: self == oldSelf - required: - - infraNamespace - type: object - generateID: - description: |- - GenerateID is used to uniquely apply a name suffix to resources associated with - kubevirt infrastructure resources - maxLength: 11 - type: string - x-kubernetes-validations: - - message: Kubevirt GenerateID is immutable once set - rule: self == oldSelf - storageDriver: - description: |- - StorageDriver defines how the KubeVirt CSI driver exposes StorageClasses on - the infra cluster (hosting the VMs) to the guest cluster. - properties: - manual: - description: |- - Manual is used to explicilty define how the infra storageclasses are - mapped to guest storageclasses - properties: - storageClassMapping: - description: |- - StorageClassMapping maps StorageClasses on the infra cluster hosting - the KubeVirt VMs to StorageClasses that are made available within the - Guest Cluster. - - - NOTE: It is possible that not all capablities of an infra cluster's - storageclass will be present for the corresponding guest clusters storageclass. - items: - properties: - group: - description: Group contains which group this - mapping belongs to. - type: string - guestStorageClassName: - description: |- - GuestStorageClassName is the name that the corresponding storageclass will - be called within the guest cluster - type: string - infraStorageClassName: - description: |- - InfraStorageClassName is the name of the infra cluster storage class that - will be exposed to the guest. - type: string - required: - - guestStorageClassName - - infraStorageClassName - type: object - type: array - x-kubernetes-validations: - - message: storageClassMapping is immutable - rule: self == oldSelf - volumeSnapshotClassMapping: - items: - properties: - group: - description: Group contains which group this - mapping belongs to. - type: string - guestVolumeSnapshotClassName: - description: |- - GuestVolumeSnapshotClassName is the name that the corresponding volumeSnapshotClass will - be called within the guest cluster - type: string - infraVolumeSnapshotClassName: - description: |- - InfraStorageClassName is the name of the infra cluster volume snapshot class that - will be exposed to the guest. - type: string - required: - - guestVolumeSnapshotClassName - - infraVolumeSnapshotClassName - type: object - type: array - x-kubernetes-validations: - - message: volumeSnapshotClassMapping is immutable - rule: self == oldSelf - type: object - x-kubernetes-validations: - - message: storageDriver.Manual is immutable - rule: self == oldSelf - type: - default: Default - description: Type represents the type of kubevirt csi - driver configuration to use - enum: - - None - - Default - - Manual - type: string - x-kubernetes-validations: - - message: storageDriver.Type is immutable - rule: self == oldSelf - type: object - x-kubernetes-validations: - - message: storageDriver is immutable - rule: self == oldSelf - type: object - x-kubernetes-validations: - - message: Kubevirt GenerateID is required once set - rule: '!has(oldSelf.generateID) || has(self.generateID)' - openstack: - description: OpenStack specifies configuration for clusters running - on OpenStack. - properties: - disableExternalNetwork: - description: |- - DisableExternalNetwork specifies whether or not to attempt to connect the cluster - to an external network. This allows for the creation of clusters when connecting - to an external network is not possible or desirable, e.g. if using a provider network. - type: boolean - externalNetwork: - description: |- - ExternalNetwork is the OpenStack Network to be used to get public internet to the VMs. - This option is ignored if DisableExternalNetwork is set to true. - - - If ExternalNetwork is defined it must refer to exactly one external network. - - - If ExternalNetwork is not defined or is empty the controller will use any - existing external network as long as there is only one. It is an - error if ExternalNetwork is not defined and there are multiple - external networks unless DisableExternalNetwork is also set. - - - If ExternalNetwork is not defined and there are no external networks - the controller will proceed as though DisableExternalNetwork was set. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an OpenStack - network. If provided, cannot be empty. - minProperties: 1 - properties: - description: - description: Description is the description of the - network to filter by. - type: string - name: - description: Name is the name of the network to filter - by. - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - description: ProjectID is the project ID of the network - to filter by. - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network to use. If ID - is provided, the other filters cannot be provided. Must - be in UUID format. - format: uuid - type: string - type: object - identityRef: - description: |- - IdentityRef is a reference to a secret holding OpenStack credentials - to be used when reconciling the hosted cluster. - properties: - cloudName: - description: CloudName specifies the name of the entry - in the clouds.yaml file to use. - type: string - name: - description: |- - Name is the name of a secret in the same namespace as the resource being provisioned. - The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file. - The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate. - type: string - required: - - cloudName - - name - type: object - ingressFloatingIP: - description: |- - IngressFloatingIP is an available floating IP in your OpenStack cluster that will - be associated with the OpenShift ingress port. - type: string - managedSubnets: - description: |- - ManagedSubnets describe the OpenStack Subnet to be created. Cluster actuator will create a network, - and a subnet with the defined DNSNameservers, AllocationPools and the CIDR defined in the HostedCluster - MachineNetwork, and a router connected to the subnet. Currently only one IPv4 - subnet is supported. - items: - properties: - allocationPools: - description: |- - AllocationPools is an array of AllocationPool objects that will be applied to OpenStack Subnet being created. - If set, OpenStack will only allocate these IPs for Machines. It will still be possible to create ports from - outside of these ranges manually. - items: - properties: - end: - description: End represents the end of the AlloctionPool, - that is the highest IP of the pool. - type: string - start: - description: Start represents the start of the - AllocationPool, that is the lowest IP of the - pool. - type: string - required: - - end - - start - type: object - type: array - dnsNameservers: - description: |- - DNSNameservers holds a list of DNS server addresses that will be provided when creating - the subnet. These addresses need to have the same IP version as CIDR. - items: - type: string - type: array - type: object - maxItems: 1 - type: array - x-kubernetes-list-type: atomic - network: - description: |- - Network specifies an existing network to use if no ManagedSubnets - are specified. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an OpenStack - network. If provided, cannot be empty. - minProperties: 1 - properties: - description: - description: Description is the description of the - network to filter by. - type: string - name: - description: Name is the name of the network to filter - by. - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - description: ProjectID is the project ID of the network - to filter by. - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network to use. If ID - is provided, the other filters cannot be provided. Must - be in UUID format. - format: uuid - type: string - type: object - networkMTU: - description: |- - NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID. - This value will be used only if the Cluster actuator creates the network. - If left empty, the network will have the default MTU defined in Openstack network service. - To use this field, the Openstack installation requires the net-mtu neutron API extension. - type: integer - router: - description: |- - Router specifies an existing router to be used if ManagedSubnets are - specified. If specified, no new router will be created. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an OpenStack - router. If provided, cannot be empty. - minProperties: 1 - properties: - description: - description: Description is the description of the - router to filter by. - type: string - name: - description: Name is the name of the router to filter - by. - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - description: ProjectID is the project ID of the router - to filter by. - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the router to use. If ID - is provided, the other filters cannot be provided. Must - be in UUID format. - format: uuid - type: string - type: object - subnets: - description: |- - Subnets specifies existing subnets to use if not ManagedSubnets are - specified. All subnets must be in the network specified by Network. - There can be zero, one, or two subnets. If no subnets are specified, - all subnets in Network will be used. If 2 subnets are specified, one - must be IPv4 and the other IPv6. - items: - description: SubnetParam specifies an OpenStack subnet to - use. It may be specified by either ID or filter, but not - both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select the - subnet. It must match exactly one subnet. - minProperties: 1 - properties: - cidr: - description: CIDR is the CIDR of the subnet to filter - by. - type: string - description: - description: Description is the description of the - subnet to filter by. - type: string - gatewayIP: - description: GatewayIP is the gateway IP of the - subnet to filter by. - type: string - ipVersion: - description: IPVersion is the IP version of the - subnet to filter by. - type: integer - ipv6AddressMode: - description: IPv6AddressMode is the IPv6 address - mode of the subnet to filter by. - type: string - ipv6RAMode: - description: IPv6RAMode is the IPv6 RA mode of the - subnet to filter by. - type: string - name: - description: Name is the name of the subnet to filter - by. - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - description: ProjectID is the project ID of the - subnet to filter by. - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the subnet. It will not - be validated. - format: uuid - type: string - type: object - maxItems: 2 - type: array - x-kubernetes-list-type: atomic - tags: - description: Tags to set on all resources in cluster which - support tags - items: - type: string - type: array - x-kubernetes-list-type: set - required: - - identityRef - type: object - powervs: - description: |- - PowerVS specifies configuration for clusters running on IBMCloud Power VS Service. - This field is immutable. Once set, It can't be changed. - properties: - accountID: - description: |- - AccountID is the IBMCloud account id. - This field is immutable. Once set, It can't be changed. - type: string - cisInstanceCRN: - description: |- - CISInstanceCRN is the IBMCloud CIS Service Instance's Cloud Resource Name - This field is immutable. Once set, It can't be changed. - pattern: '^crn:' - type: string - imageRegistryOperatorCloudCreds: - description: |- - ImageRegistryOperatorCloudCreds is a reference to a secret containing ibm cloud - credentials for image registry operator to get authenticated with ibm cloud. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - ingressOperatorCloudCreds: - description: |- - IngressOperatorCloudCreds is a reference to a secret containing ibm cloud - credentials for ingress operator to get authenticated with ibm cloud. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - kubeCloudControllerCreds: - description: |- - KubeCloudControllerCreds is a reference to a secret containing cloud - credentials with permissions matching the cloud controller policy. - This field is immutable. Once set, It can't be changed. - - - TODO(dan): document the "cloud controller policy" - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - nodePoolManagementCreds: - description: |- - NodePoolManagementCreds is a reference to a secret containing cloud - credentials with permissions matching the node pool management policy. - This field is immutable. Once set, It can't be changed. - - - TODO(dan): document the "node pool management policy" - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - region: - description: |- - Region is the IBMCloud region in which the cluster resides. This configures the - OCP control plane cloud integrations, and is used by NodePool to resolve - the correct boot image for a given release. - This field is immutable. Once set, It can't be changed. - type: string - resourceGroup: - description: |- - ResourceGroup is the IBMCloud Resource Group in which the cluster resides. - This field is immutable. Once set, It can't be changed. - type: string - serviceInstanceID: - description: |- - ServiceInstance is the reference to the Power VS service on which the server instance(VM) will be created. - Power VS service is a container for all Power VS instances at a specific geographic region. - serviceInstance can be created via IBM Cloud catalog or CLI. - ServiceInstanceID is the unique identifier that can be obtained from IBM Cloud UI or IBM Cloud cli. - - - More detail about Power VS service instance. - https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-creating-power-virtual-server - - - This field is immutable. Once set, It can't be changed. - type: string - storageOperatorCloudCreds: - description: |- - StorageOperatorCloudCreds is a reference to a secret containing ibm cloud - credentials for storage operator to get authenticated with ibm cloud. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - subnet: - description: |- - Subnet is the subnet to use for control plane cloud resources. - This field is immutable. Once set, It can't be changed. - properties: - id: - description: ID of resource - type: string - name: - description: Name of resource - type: string - type: object - vpc: - description: |- - VPC specifies IBM Cloud PowerVS Load Balancing configuration for the control - plane. - This field is immutable. Once set, It can't be changed. - properties: - name: - description: |- - Name for VPC to used for all the service load balancer. - This field is immutable. Once set, It can't be changed. - type: string - region: - description: |- - Region is the IBMCloud region in which VPC gets created, this VPC used for all the ingress traffic - into the OCP cluster. - This field is immutable. Once set, It can't be changed. - type: string - subnet: - description: |- - Subnet is the subnet to use for load balancer. - This field is immutable. Once set, It can't be changed. - type: string - zone: - description: |- - Zone is the availability zone where load balancer cloud resources are - created. - This field is immutable. Once set, It can't be changed. - type: string - required: - - name - - region - type: object - zone: - description: |- - Zone is the availability zone where control plane cloud resources are - created. - This field is immutable. Once set, It can't be changed. - type: string - required: - - accountID - - cisInstanceCRN - - imageRegistryOperatorCloudCreds - - ingressOperatorCloudCreds - - kubeCloudControllerCreds - - nodePoolManagementCreds - - region - - resourceGroup - - serviceInstanceID - - storageOperatorCloudCreds - - subnet - - vpc - - zone - type: object - type: - description: Type is the type of infrastructure provider for the - cluster. - enum: - - AWS - - None - - IBMCloud - - Agent - - KubeVirt - - Azure - - PowerVS - - OpenStack - type: string - required: - - type - type: object - pullSecret: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - releaseImage: - description: ReleaseImage is the release image applied to the hosted - control plane. - type: string - secretEncryption: - description: |- - SecretEncryption contains metadata about the kubernetes secret encryption strategy being used for the - cluster when applicable. - properties: - aescbc: - description: AESCBC defines metadata about the AESCBC secret encryption - strategy - properties: - activeKey: - description: ActiveKey defines the active key used to encrypt - new secrets - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - backupKey: - description: |- - BackupKey defines the old key during the rotation process so previously created - secrets can continue to be decrypted until they are all re-encrypted with the active key. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - required: - - activeKey - type: object - kms: - description: KMS defines metadata about the kms secret encryption - strategy - properties: - aws: - description: AWS defines metadata about the configuration - of the AWS KMS Secret Encryption provider - properties: - activeKey: - description: ActiveKey defines the active key used to - encrypt new secrets - properties: - arn: - description: ARN is the Amazon Resource Name for the - encryption key - pattern: '^arn:' - type: string - required: - - arn - type: object - auth: - description: Auth defines metadata about the management - of credentials used to interact with AWS KMS - properties: - awsKms: - description: "The referenced role must have a trust - relationship that allows it to be assumed via web - identity.\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html.\nExample:\n{\n\t\t\"Version\": - \"2012-10-17\",\n\t\t\"Statement\": [\n\t\t\t{\n\t\t\t\t\"Effect\": - \"Allow\",\n\t\t\t\t\"Principal\": {\n\t\t\t\t\t\"Federated\": - \"{{ .ProviderARN }}\"\n\t\t\t\t},\n\t\t\t\t\t\"Action\": - \"sts:AssumeRoleWithWebIdentity\",\n\t\t\t\t\"Condition\": - {\n\t\t\t\t\t\"StringEquals\": {\n\t\t\t\t\t\t\"{{ - .ProviderName }}:sub\": {{ .ServiceAccounts }}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t]\n\t}\n\n\nAWSKMSARN - is an ARN value referencing a role appropriate for - managing the auth via the AWS KMS key.\n\n\nThe - following is an example of a valid policy document:\n\n\n{\n\t\"Version\": - \"2012-10-17\",\n\t\"Statement\": [\n \t{\n\t\t\t\"Effect\": - \"Allow\",\n\t\t\t\"Action\": [\n\t\t\t\t\"kms:Encrypt\",\n\t\t\t\t\"kms:Decrypt\",\n\t\t\t\t\"kms:ReEncrypt*\",\n\t\t\t\t\"kms:GenerateDataKey*\",\n\t\t\t\t\"kms:DescribeKey\"\n\t\t\t],\n\t\t\t\"Resource\": - %q\n\t\t}\n\t]\n}" - type: string - required: - - awsKms - type: object - backupKey: - description: |- - BackupKey defines the old key during the rotation process so previously created - secrets can continue to be decrypted until they are all re-encrypted with the active key. - properties: - arn: - description: ARN is the Amazon Resource Name for the - encryption key - pattern: '^arn:' - type: string - required: - - arn - type: object - region: - description: Region contains the AWS region - type: string - required: - - activeKey - - auth - - region - type: object - azure: - description: Azure defines metadata about the configuration - of the Azure KMS Secret Encryption provider using Azure - key vault - properties: - activeKey: - description: ActiveKey defines the active key used to - encrypt new secrets - properties: - keyName: - description: KeyName is the name of the keyvault key - used for encrypt/decrypt - type: string - keyVaultName: - description: |- - KeyVaultName is the name of the keyvault. Must match criteria specified at https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name - Your Microsoft Entra application used to create the cluster must be authorized to access this keyvault, e.g using the AzureCLI: - `az keyvault set-policy -n $KEYVAULT_NAME --key-permissions decrypt encrypt --spn ` - type: string - keyVersion: - description: KeyVersion contains the version of the - key to use - type: string - required: - - keyName - - keyVaultName - - keyVersion - type: object - backupKey: - description: |- - BackupKey defines the old key during the rotation process so previously created - secrets can continue to be decrypted until they are all re-encrypted with the active key. - properties: - keyName: - description: KeyName is the name of the keyvault key - used for encrypt/decrypt - type: string - keyVaultName: - description: |- - KeyVaultName is the name of the keyvault. Must match criteria specified at https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name - Your Microsoft Entra application used to create the cluster must be authorized to access this keyvault, e.g using the AzureCLI: - `az keyvault set-policy -n $KEYVAULT_NAME --key-permissions decrypt encrypt --spn ` - type: string - keyVersion: - description: KeyVersion contains the version of the - key to use - type: string - required: - - keyName - - keyVaultName - - keyVersion - type: object - required: - - activeKey - type: object - ibmcloud: - description: IBMCloud defines metadata for the IBM Cloud KMS - encryption strategy - properties: - auth: - description: Auth defines metadata for how authentication - is done with IBM Cloud KMS - properties: - managed: - description: |- - Managed defines metadata around the service to service authentication strategy for the IBM Cloud - KMS system (all provider managed). - type: object - type: - description: Type defines the IBM Cloud KMS authentication - strategy - enum: - - Managed - - Unmanaged - type: string - unmanaged: - description: Unmanaged defines the auth metadata the - customer provides to interact with IBM Cloud KMS - properties: - credentials: - description: |- - Credentials should reference a secret with a key field of IBMCloudIAMAPIKeySecretKey that contains a apikey to - call IBM Cloud KMS APIs - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - required: - - credentials - type: object - required: - - type - type: object - keyList: - description: KeyList defines the list of keys used for - data encryption - items: - description: IBMCloudKMSKeyEntry defines metadata for - an IBM Cloud KMS encryption key - properties: - correlationID: - description: CorrelationID is an identifier used - to track all api call usage from hypershift - type: string - crkID: - description: CRKID is the customer rook key id - type: string - instanceID: - description: InstanceID is the id for the key protect - instance - type: string - keyVersion: - description: |- - KeyVersion is a unique number associated with the key. The number increments whenever a new - key is enabled for data encryption. - type: integer - url: - description: URL is the url to call key protect - apis over - pattern: ^https:// - type: string - required: - - correlationID - - crkID - - instanceID - - keyVersion - - url - type: object - type: array - region: - description: Region is the IBM Cloud region - type: string - required: - - auth - - keyList - - region - type: object - provider: - description: Provider defines the KMS provider - enum: - - IBMCloud - - AWS - - Azure - type: string - required: - - provider - type: object - type: - description: Type defines the type of kube secret encryption being - used - enum: - - kms - - aescbc - type: string - required: - - type - type: object - serviceAccountSigningKey: - description: |- - ServiceAccountSigningKey is a reference to a secret containing the private key - used by the service account token issuer. The secret is expected to contain - a single key named "key". If not specified, a service account signing key will - be generated automatically for the cluster. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - services: - description: |- - Services defines metadata about how control plane services are published - in the management cluster. - items: - description: |- - ServicePublishingStrategyMapping specifies how individual control plane - services are published from the hosting cluster of a control plane. - properties: - service: - description: Service identifies the type of service being published. - enum: - - APIServer - - OAuthServer - - OIDC - - Konnectivity - - Ignition - - OVNSbDb - type: string - servicePublishingStrategy: - description: ServicePublishingStrategy specifies how to publish - Service. - properties: - loadBalancer: - description: LoadBalancer configures exposing a service - using a LoadBalancer. - properties: - hostname: - description: Hostname is the name of the DNS record - that will be created pointing to the LoadBalancer. - type: string - type: object - nodePort: - description: NodePort configures exposing a service using - a NodePort. - properties: - address: - description: Address is the host/ip that the NodePort - service is exposed over. - type: string - port: - description: |- - Port is the port of the NodePort service. If <=0, the port is dynamically - assigned when the service is created. - format: int32 - type: integer - required: - - address - type: object - route: - description: Route configures exposing a service using a - Route. - properties: - hostname: - description: Hostname is the name of the DNS record - that will be created pointing to the Route. - type: string - type: object - type: - description: Type is the publishing strategy used for the - service. - enum: - - LoadBalancer - - NodePort - - Route - - None - - S3 - type: string - required: - - type - type: object - required: - - service - - servicePublishingStrategy - type: object - type: array - sshKey: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - tolerations: - description: Tolerations when specified, define what custome tolerations - are added to the hcp pods. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - updateService: - description: |- - updateService may be used to specify the preferred upstream update service. - By default it will use the appropriate update service for the cluster and region. - type: string - required: - - dns - - etcd - - infraID - - issuerURL - - platform - - pullSecret - - releaseImage - - services - - sshKey - type: object - status: - description: HostedControlPlaneStatus defines the observed state of HostedControlPlane - properties: - conditions: - description: |- - Condition contains details for one aspect of the current state of the HostedControlPlane. - Current condition types are: "Available" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint contains the endpoint information by which - external clients can access the control plane. This is populated - after the infrastructure is ready. - properties: - host: - description: Host is the hostname on which the API server is serving. - type: string - port: - description: Port is the port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - externalManagedControlPlane: - default: true - description: |- - ExternalManagedControlPlane indicates to cluster-api that the control plane - is managed by an external service. - https://github.com/kubernetes-sigs/cluster-api/blob/65e5385bffd71bf4aad3cf34a537f11b217c7fab/controllers/machine_controller.go#L468 - type: boolean - initialized: - default: false - description: |- - Initialized denotes whether or not the control plane has - provided a kubeadm-config. - Once this condition is marked true, its value is never changed. See the Ready condition for an indication of - the current readiness of the cluster's control plane. - This satisfies CAPI contract https://github.com/kubernetes-sigs/cluster-api/blob/cd3a694deac89d5ebeb888307deaa61487207aa0/controllers/cluster_controller_phases.go#L238-L252 - type: boolean - kubeConfig: - description: |- - KubeConfig is a reference to the secret containing the default kubeconfig - for this control plane. - properties: - key: - type: string - name: - type: string - required: - - key - - name - type: object - kubeadminPassword: - description: |- - KubeadminPassword is a reference to the secret containing the initial kubeadmin password - for the guest cluster. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - lastReleaseImageTransitionTime: - description: |- - lastReleaseImageTransitionTime is the time of the last update to the current - releaseImage property. - - - Deprecated: Use versionStatus.history[0].startedTime instead. - format: date-time - type: string - nodeCount: - description: NodeCount tracks the number of nodes in the HostedControlPlane. - type: integer - oauthCallbackURLTemplate: - description: |- - OAuthCallbackURLTemplate contains a template for the URL to use as a callback - for identity providers. The [identity-provider-name] placeholder must be replaced - with the name of an identity provider defined on the HostedCluster. - This is populated after the infrastructure is ready. - type: string - platform: - description: Platform contains platform-specific status of the HostedCluster - properties: - aws: - description: AWSPlatformStatus contains status specific to the - AWS platform - properties: - defaultWorkerSecurityGroupID: - description: |- - DefaultWorkerSecurityGroupID is the ID of a security group created by - the control plane operator. It is always added to worker machines in - addition to any security groups specified in the NodePool. - type: string - type: object - type: object - ready: - default: false - description: |- - Ready denotes that the HostedControlPlane API Server is ready to - receive requests - This satisfies CAPI contract https://github.com/kubernetes-sigs/cluster-api/blob/cd3a694deac89d5ebeb888307deaa61487207aa0/controllers/cluster_controller_phases.go#L226-L230 - type: boolean - releaseImage: - description: |- - ReleaseImage is the release image applied to the hosted control plane. - - - Deprecated: Use versionStatus.desired.image instead. - type: string - version: - description: |- - Version is the semantic version of the release applied by - the hosted control plane operator - - - Deprecated: Use versionStatus.desired.version instead. - type: string - versionStatus: - description: |- - versionStatus is the status of the release version applied by the - hosted control plane operator. - properties: - availableUpdates: - description: |- - availableUpdates contains updates recommended for this - cluster. Updates which appear in conditionalUpdates but not in - availableUpdates may expose this cluster to known issues. This list - may be empty if no updates are recommended, if the update service - is unavailable, or if an invalid channel has been specified. - items: - description: Release represents an OpenShift release image and - associated metadata. - properties: - channels: - description: |- - channels is the set of Cincinnati channels to which the release - currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: |- - image is a container image location that contains the update. When this - field is part of spec, image is optional if version is specified and the - availableUpdates field contains a matching version. - type: string - url: - description: |- - url contains information about this release. This URL is set by - the 'url' metadata property on a release or the metadata returned by - the update API and should be displayed as a link in user - interfaces. The URL field may not be set for test or nightly - releases. - type: string - version: - description: |- - version is a semantic version identifying the update version. When this - field is part of spec, version is optional if image is specified. - type: string - type: object - nullable: true - type: array - conditionalUpdates: - description: |- - conditionalUpdates contains the list of updates that may be - recommended for this cluster if it meets specific required - conditions. Consumers interested in the set of updates that are - actually recommended for this cluster should use - availableUpdates. This list may be empty if no updates are - recommended, if the update service is unavailable, or if an empty - or invalid channel has been specified. - items: - description: |- - ConditionalUpdate represents an update which is recommended to some - clusters on the version the current cluster is reconciling, but which - may not be recommended for the current cluster. - properties: - conditions: - description: |- - conditions represents the observations of the conditional update's - current status. Known types are: - * Recommended, for whether the update is recommended for the current cluster. - items: - description: "Condition contains details for one aspect - of the current state of this API Resource.\n---\nThis - struct is intended for direct use as an array at the - field path .status.conditions. For example,\n\n\n\ttype - FooStatus struct{\n\t // Represents the observations - of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t - \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t - \ // +listType=map\n\t // +listMapKey=type\n\t - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, - False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - release: - description: release is the target of the update. - properties: - channels: - description: |- - channels is the set of Cincinnati channels to which the release - currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: |- - image is a container image location that contains the update. When this - field is part of spec, image is optional if version is specified and the - availableUpdates field contains a matching version. - type: string - url: - description: |- - url contains information about this release. This URL is set by - the 'url' metadata property on a release or the metadata returned by - the update API and should be displayed as a link in user - interfaces. The URL field may not be set for test or nightly - releases. - type: string - version: - description: |- - version is a semantic version identifying the update version. When this - field is part of spec, version is optional if image is specified. - type: string - type: object - risks: - description: |- - risks represents the range of issues associated with - updating to the target release. The cluster-version - operator will evaluate all entries, and only recommend the - update if there is at least one entry and all entries - recommend the update. - items: - description: |- - ConditionalUpdateRisk represents a reason and cluster-state - for not recommending a conditional update. - properties: - matchingRules: - description: |- - matchingRules is a slice of conditions for deciding which - clusters match the risk and which do not. The slice is - ordered by decreasing precedence. The cluster-version - operator will walk the slice in order, and stop after the - first it can successfully evaluate. If no condition can be - successfully evaluated, the update will not be recommended. - items: - description: |- - ClusterCondition is a union of typed cluster conditions. The 'type' - property determines which of the type-specific properties are relevant. - When evaluated on a cluster, the condition may match, not match, or - fail to evaluate. - properties: - promql: - description: promQL represents a cluster condition - based on PromQL. - properties: - promql: - description: |- - PromQL is a PromQL query classifying clusters. This query - query should return a 1 in the match case and a 0 in the - does-not-match case. Queries which return no time - series, or which return values besides 0 or 1, are - evaluation failures. - type: string - required: - - promql - type: object - type: - description: |- - type represents the cluster-condition type. This defines - the members and semantics of any additional properties. - enum: - - Always - - PromQL - type: string - required: - - type - type: object - minItems: 1 - type: array - x-kubernetes-list-type: atomic - message: - description: |- - message provides additional information about the risk of - updating, in the event that matchingRules match the cluster - state. This is only to be consumed by humans. It may - contain Line Feed characters (U+000A), which should be - rendered as new lines. - minLength: 1 - type: string - name: - description: |- - name is the CamelCase reason for not recommending a - conditional update, in the event that matchingRules match the - cluster state. - minLength: 1 - type: string - url: - description: url contains information about this risk. - format: uri - minLength: 1 - type: string - required: - - matchingRules - - message - - name - - url - type: object - minItems: 1 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - release - - risks - type: object - type: array - x-kubernetes-list-type: atomic - desired: - description: |- - desired is the version that the cluster is reconciling towards. - If the cluster is not yet fully initialized desired will be set - with the information available, which may be an image or a tag. - properties: - channels: - description: |- - channels is the set of Cincinnati channels to which the release - currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: |- - image is a container image location that contains the update. When this - field is part of spec, image is optional if version is specified and the - availableUpdates field contains a matching version. - type: string - url: - description: |- - url contains information about this release. This URL is set by - the 'url' metadata property on a release or the metadata returned by - the update API and should be displayed as a link in user - interfaces. The URL field may not be set for test or nightly - releases. - type: string - version: - description: |- - version is a semantic version identifying the update version. When this - field is part of spec, version is optional if image is specified. - type: string - type: object - history: - description: |- - history contains a list of the most recent versions applied to the cluster. - This value may be empty during cluster startup, and then will be updated - when a new update is being applied. The newest update is first in the - list and it is ordered by recency. Updates in the history have state - Completed if the rollout completed - if an update was failing or halfway - applied the state will be Partial. Only a limited amount of update history - is preserved. - items: - description: UpdateHistory is a single attempted update to the - cluster. - properties: - acceptedRisks: - description: |- - acceptedRisks records risks which were accepted to initiate the update. - For example, it may menition an Upgradeable=False or missing signature - that was overriden via desiredUpdate.force, or an update that was - initiated despite not being in the availableUpdates set of recommended - update targets. - type: string - completionTime: - description: |- - completionTime, if set, is when the update was fully applied. The update - that is currently being applied will have a null completion time. - Completion time will always be set for entries that are not the current - update (usually to the started time of the next update). - format: date-time - nullable: true - type: string - image: - description: |- - image is a container image location that contains the update. This value - is always populated. - type: string - startedTime: - description: startedTime is the time at which the update - was started. - format: date-time - type: string - state: - description: |- - state reflects whether the update was fully applied. The Partial state - indicates the update is not fully applied, while the Completed state - indicates the update was successfully rolled out at least once (all - parts of the update successfully applied). - type: string - verified: - description: |- - verified indicates whether the provided update was properly verified - before it was installed. If this is false the cluster may not be trusted. - Verified does not cover upgradeable checks that depend on the cluster - state at the time when the update target was accepted. - type: boolean - version: - description: |- - version is a semantic version identifying the update version. If the - requested image does not define a version, or if a failure occurs - retrieving the image, this value may be empty. - type: string - required: - - completionTime - - image - - startedTime - - state - - verified - type: object - type: array - observedGeneration: - description: |- - observedGeneration reports which version of the spec is being synced. - If this value is not equal to metadata.generation, then the desired - and conditions fields may represent a previous version. - format: int64 - type: integer - required: - - availableUpdates - - desired - - observedGeneration - type: object - required: - - initialized - - ready - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-ibmpowervsclusters.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-ibmpowervsclusters.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index 19bdf9a03..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-ibmpowervsclusters.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,238 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - labels: - cluster.x-k8s.io/v1beta1: v1beta2 - name: ibmpowervsclusters.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - kind: IBMPowerVSCluster - listKind: IBMPowerVSClusterList - plural: ibmpowervsclusters - singular: ibmpowervscluster - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster to which this IBMPowerVSCluster belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - description: Time duration since creation of IBMPowerVSCluster - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.serviceInstanceID - name: PowerVS Cloud Instance ID - priority: 1 - type: string - - description: Control Plane Endpoint - jsonPath: .spec.controlPlaneEndpoint.host - name: Endpoint - priority: 1 - type: string - - description: Control Plane Port - jsonPath: .spec.controlPlaneEndpoint.port - name: Port - priority: 1 - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: IBMPowerVSCluster is the Schema for the ibmpowervsclusters API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IBMPowerVSClusterSpec defines the desired state of IBMPowerVSCluster. - properties: - controlPlaneEndpoint: - description: ControlPlaneEndpoint represents the endpoint used to - communicate with the control plane. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - network: - description: Network is the reference to the Network to use for this - cluster. - properties: - id: - description: ID of resource - minLength: 1 - type: string - name: - description: Name of resource - minLength: 1 - type: string - regex: - description: |- - Regular expression to match resource, - In case of multiple resources matches the provided regular expression the first matched resource will be selected - minLength: 1 - type: string - type: object - serviceInstanceID: - description: ServiceInstanceID is the id of the power cloud instance - where the vsi instance will get deployed. - minLength: 1 - type: string - required: - - network - - serviceInstanceID - type: object - status: - description: IBMPowerVSClusterStatus defines the observed state of IBMPowerVSCluster. - properties: - ready: - description: |- - INSERT ADDITIONAL STATUS FIELD - define observed state of cluster - Important: Run "make" to regenerate code after modifying this file - type: boolean - required: - - ready - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Cluster to which this IBMPowerVSCluster belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - description: Time duration since creation of IBMPowerVSCluster - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.serviceInstanceID - name: PowerVS Cloud Instance ID - priority: 1 - type: string - - description: Control Plane Endpoint - jsonPath: .spec.controlPlaneEndpoint.host - name: Endpoint - priority: 1 - type: string - - description: Control Plane Port - jsonPath: .spec.controlPlaneEndpoint.port - name: Port - priority: 1 - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: IBMPowerVSCluster is the Schema for the ibmpowervsclusters API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IBMPowerVSClusterSpec defines the desired state of IBMPowerVSCluster. - properties: - controlPlaneEndpoint: - description: ControlPlaneEndpoint represents the endpoint used to - communicate with the control plane. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - network: - description: Network is the reference to the Network to use for this - cluster. - properties: - id: - description: ID of resource - minLength: 1 - type: string - name: - description: Name of resource - minLength: 1 - type: string - regex: - description: |- - Regular expression to match resource, - In case of multiple resources matches the provided regular expression the first matched resource will be selected - minLength: 1 - type: string - type: object - serviceInstanceID: - description: ServiceInstanceID is the id of the power cloud instance - where the vsi instance will get deployed. - minLength: 1 - type: string - required: - - network - - serviceInstanceID - type: object - status: - description: IBMPowerVSClusterStatus defines the observed state of IBMPowerVSCluster. - properties: - ready: - description: |- - INSERT ADDITIONAL STATUS FIELD - define observed state of cluster - Important: Run "make" to regenerate code after modifying this file - type: boolean - required: - - ready - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-ibmpowervsclustertemplates.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-ibmpowervsclustertemplates.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index 430ee87ea..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-ibmpowervsclustertemplates.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,260 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: ibmpowervsclustertemplates.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: IBMPowerVSClusterTemplate - listKind: IBMPowerVSClusterTemplateList - plural: ibmpowervsclustertemplates - shortNames: - - ibmpowervsct - singular: ibmpowervsclustertemplate - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Time duration since creation of IBMPowerVSClusterTemplate - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: IBMPowerVSClusterTemplate is the schema for IBM Power VS Kubernetes - Cluster Templates. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IBMPowerVSClusterTemplateSpec defines the desired state of - IBMPowerVSClusterTemplate. - properties: - template: - description: IBMPowerVSClusterTemplateResource describes the data - needed to create an IBMPowerVSCluster from a template. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: IBMPowerVSClusterSpec defines the desired state of - IBMPowerVSCluster. - properties: - controlPlaneEndpoint: - description: ControlPlaneEndpoint represents the endpoint - used to communicate with the control plane. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - network: - description: Network is the reference to the Network to use - for this cluster. - properties: - id: - description: ID of resource - minLength: 1 - type: string - name: - description: Name of resource - minLength: 1 - type: string - regex: - description: |- - Regular expression to match resource, - In case of multiple resources matches the provided regular expression the first matched resource will be selected - minLength: 1 - type: string - type: object - serviceInstanceID: - description: ServiceInstanceID is the id of the power cloud - instance where the vsi instance will get deployed. - minLength: 1 - type: string - required: - - network - - serviceInstanceID - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: true - storage: false - subresources: {} - - additionalPrinterColumns: - - description: Time duration since creation of IBMPowerVSClusterTemplate - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta2 - schema: - openAPIV3Schema: - description: IBMPowerVSClusterTemplate is the schema for IBM Power VS Kubernetes - Cluster Templates. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IBMPowerVSClusterTemplateSpec defines the desired state of - IBMPowerVSClusterTemplate. - properties: - template: - description: IBMPowerVSClusterTemplateResource describes the data - needed to create an IBMPowerVSCluster from a template. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: IBMPowerVSClusterSpec defines the desired state of - IBMPowerVSCluster. - properties: - controlPlaneEndpoint: - description: ControlPlaneEndpoint represents the endpoint - used to communicate with the control plane. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - network: - description: Network is the reference to the Network to use - for this cluster. - properties: - id: - description: ID of resource - minLength: 1 - type: string - name: - description: Name of resource - minLength: 1 - type: string - regex: - description: |- - Regular expression to match resource, - In case of multiple resources matches the provided regular expression the first matched resource will be selected - minLength: 1 - type: string - type: object - serviceInstanceID: - description: ServiceInstanceID is the id of the power cloud - instance where the vsi instance will get deployed. - minLength: 1 - type: string - required: - - network - - serviceInstanceID - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-ibmpowervsimages.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-ibmpowervsimages.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index 5c7e16fe3..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-ibmpowervsimages.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,306 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - labels: - cluster.x-k8s.io/v1beta1: v1beta2 - name: ibmpowervsimages.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - kind: IBMPowerVSImage - listKind: IBMPowerVSImageList - plural: ibmpowervsimages - singular: ibmpowervsimage - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: PowerVS image state - jsonPath: .status.imageState - name: State - type: string - - description: Image is ready for IBM PowerVS instances - jsonPath: .status.ready - name: Ready - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: IBMPowerVSImage is the Schema for the ibmpowervsimages API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IBMPowerVSImageSpec defines the desired state of IBMPowerVSImage. - properties: - bucket: - description: Cloud Object Storage bucket name; bucket-name[/optional/folder] - type: string - clusterName: - description: ClusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - deletePolicy: - default: delete - description: DeletePolicy defines the policy used to identify images - to be preserved beyond the lifecycle of associated cluster. - enum: - - delete - - retain - type: string - object: - description: Cloud Object Storage image filename. - type: string - region: - description: Cloud Object Storage region. - type: string - serviceInstanceID: - description: ServiceInstanceID is the id of the power cloud instance - where the image will get imported. - type: string - storageType: - default: tier1 - description: Type of storage, storage pool with the most available - space will be selected. - enum: - - tier1 - - tier3 - type: string - required: - - bucket - - clusterName - - object - - region - - serviceInstanceID - type: object - status: - description: IBMPowerVSImageStatus defines the observed state of IBMPowerVSImage. - properties: - conditions: - description: Conditions defines current service state of the IBMPowerVSImage. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - imageID: - description: ImageID is the id of the imported image. - type: string - imageState: - description: ImageState is the status of the imported image. - type: string - jobID: - description: JobID is the job ID of an import operation. - type: string - ready: - description: Ready is true when the provider resource is ready. - type: boolean - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: PowerVS image state - jsonPath: .status.imageState - name: State - type: string - - description: Image is ready for IBM PowerVS instances - jsonPath: .status.ready - name: Ready - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: IBMPowerVSImage is the Schema for the ibmpowervsimages API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IBMPowerVSImageSpec defines the desired state of IBMPowerVSImage. - properties: - bucket: - description: Cloud Object Storage bucket name; bucket-name[/optional/folder] - type: string - clusterName: - description: ClusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - deletePolicy: - default: delete - description: DeletePolicy defines the policy used to identify images - to be preserved beyond the lifecycle of associated cluster. - enum: - - delete - - retain - type: string - object: - description: Cloud Object Storage image filename. - type: string - region: - description: Cloud Object Storage region. - type: string - serviceInstanceID: - description: ServiceInstanceID is the id of the power cloud instance - where the image will get imported. - type: string - storageType: - default: tier1 - description: Type of storage, storage pool with the most available - space will be selected. - enum: - - tier1 - - tier3 - type: string - required: - - bucket - - clusterName - - object - - region - - serviceInstanceID - type: object - status: - description: IBMPowerVSImageStatus defines the observed state of IBMPowerVSImage. - properties: - conditions: - description: Conditions defines current service state of the IBMPowerVSImage. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - imageID: - description: ImageID is the id of the imported image. - type: string - imageState: - description: ImageState is the status of the imported image. - type: string - jobID: - description: JobID is the job ID of an import operation. - type: string - ready: - description: Ready is true when the provider resource is ready. - type: boolean - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-ibmpowervsmachines.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-ibmpowervsmachines.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index 514f33b95..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-ibmpowervsmachines.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,635 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - labels: - cluster.x-k8s.io/v1beta1: v1beta2 - name: ibmpowervsmachines.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - kind: IBMPowerVSMachine - listKind: IBMPowerVSMachineList - plural: ibmpowervsmachines - singular: ibmpowervsmachine - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster to which this IBMPowerVSMachine belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - description: Machine object to which this IBMPowerVSMachine belongs - jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name - name: Machine - priority: 1 - type: string - - description: Time duration since creation of IBMPowerVSMachine - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Cluster infrastructure is ready for IBM PowerVS instances - jsonPath: .status.ready - name: Ready - type: string - - description: Instance Internal Addresses - jsonPath: .status.addresses[?(@.type=="InternalIP")].address - name: Internal-IP - priority: 1 - type: string - - description: Instance External Addresses - jsonPath: .status.addresses[?(@.type=="ExternalIP")].address - name: External-IP - priority: 1 - type: string - - description: PowerVS instance state - jsonPath: .status.instanceState - name: State - type: string - - description: PowerVS instance health - jsonPath: .status.health - name: Health - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: IBMPowerVSMachine is the Schema for the ibmpowervsmachines API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IBMPowerVSMachineSpec defines the desired state of IBMPowerVSMachine. - properties: - image: - description: Image is the reference to the Image from which to create - the machine instance. - properties: - id: - description: ID of resource - minLength: 1 - type: string - name: - description: Name of resource - minLength: 1 - type: string - regex: - description: |- - Regular expression to match resource, - In case of multiple resources matches the provided regular expression the first matched resource will be selected - minLength: 1 - type: string - type: object - imageRef: - description: |- - ImageRef is an optional reference to a provider-specific resource that holds - the details for provisioning the Image for a Cluster. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - memory: - description: Memory is Amount of memory allocated (in GB) - type: string - network: - description: Network is the reference to the Network to use for this - instance. - properties: - id: - description: ID of resource - minLength: 1 - type: string - name: - description: Name of resource - minLength: 1 - type: string - regex: - description: |- - Regular expression to match resource, - In case of multiple resources matches the provided regular expression the first matched resource will be selected - minLength: 1 - type: string - type: object - procType: - description: 'ProcType is the processor type, e.g: dedicated, shared, - capped' - type: string - processors: - description: Processors is Number of processors allocated. - pattern: ^\d+(\.)?(\d)?(\d)?$ - type: string - providerID: - description: ProviderID is the unique identifier as specified by the - cloud provider. - type: string - serviceInstanceID: - description: ServiceInstanceID is the id of the power cloud instance - where the vsi instance will get deployed. - minLength: 1 - type: string - sshKey: - description: SSHKey is the name of the SSH key pair provided to the - vsi for authenticating users. - type: string - sysType: - description: SysType is the System type used to host the vsi. - type: string - required: - - network - - serviceInstanceID - type: object - status: - description: IBMPowerVSMachineStatus defines the observed state of IBMPowerVSMachine. - properties: - addresses: - description: Addresses contains the vsi associated addresses. - items: - description: NodeAddress contains information for the node's address. - properties: - address: - description: The node address. - type: string - type: - description: Node address type, one of Hostname, ExternalIP - or InternalIP. - type: string - required: - - address - - type - type: object - type: array - conditions: - description: Conditions defines current service state of the IBMPowerVSMachine. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - description: |- - FailureMessage will be set in the event that there is a terminal problem - reconciling the Machine and will contain a more verbose string suitable - for logging and human consumption. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - failureReason: - description: |- - FailureReason will be set in the event that there is a terminal problem - reconciling the Machine and will contain a succinct value suitable - for machine interpretation. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - fault: - description: Fault will report if any fault messages for the vsi. - type: string - health: - description: Health is the health of the vsi. - type: string - instanceID: - type: string - instanceState: - description: InstanceState is the status of the vsi. - type: string - ready: - description: Ready is true when the provider resource is ready. - type: boolean - region: - description: Region specifies the Power VS Service instance region. - type: string - zone: - description: Zone specifies the Power VS Service instance zone. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Cluster to which this IBMPowerVSMachine belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - description: Machine object to which this IBMPowerVSMachine belongs - jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name - name: Machine - priority: 1 - type: string - - description: Time duration since creation of IBMPowerVSMachine - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Cluster infrastructure is ready for IBM PowerVS instances - jsonPath: .status.ready - name: Ready - type: string - - description: Instance Internal Addresses - jsonPath: .status.addresses[?(@.type=="InternalIP")].address - name: Internal-IP - priority: 1 - type: string - - description: Instance External Addresses - jsonPath: .status.addresses[?(@.type=="ExternalIP")].address - name: External-IP - priority: 1 - type: string - - description: PowerVS instance state - jsonPath: .status.instanceState - name: State - type: string - - description: PowerVS instance health - jsonPath: .status.health - name: Health - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: IBMPowerVSMachine is the Schema for the ibmpowervsmachines API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IBMPowerVSMachineSpec defines the desired state of IBMPowerVSMachine. - properties: - image: - description: |- - Image the reference to the image which is used to create the instance. - supported image identifier in IBMPowerVSResourceReference are Name and ID and that can be obtained from IBM Cloud UI or IBM Cloud cli. - properties: - id: - description: ID of resource - minLength: 1 - type: string - name: - description: Name of resource - minLength: 1 - type: string - regex: - description: |- - Regular expression to match resource, - In case of multiple resources matches the provided regular expression the first matched resource will be selected - minLength: 1 - type: string - type: object - imageRef: - description: |- - ImageRef is an optional reference to a provider-specific resource that holds - the details for provisioning the Image for a Cluster. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - memoryGiB: - description: |- - memoryGiB is the size of a virtual machine's memory, in GiB. - maximum value for the MemoryGiB depends on the selected SystemType. - when SystemType is set to e880 maximum MemoryGiB value is 7463 GiB. - when SystemType is set to e980 maximum MemoryGiB value is 15307 GiB. - when SystemType is set to s922 maximum MemoryGiB value is 942 GiB. - The minimum memory is 2 GiB. - When omitted, this means the user has no opinion and the platform is left to choose a reasonable - default, which is subject to change over time. The current default is 2. - format: int32 - type: integer - network: - description: |- - Network is the reference to the Network to use for this instance. - supported network identifier in IBMPowerVSResourceReference are Name, ID and RegEx and that can be obtained from IBM Cloud UI or IBM Cloud cli. - properties: - id: - description: ID of resource - minLength: 1 - type: string - name: - description: Name of resource - minLength: 1 - type: string - regex: - description: |- - Regular expression to match resource, - In case of multiple resources matches the provided regular expression the first matched resource will be selected - minLength: 1 - type: string - type: object - processorType: - description: |- - processorType is the VM instance processor type. - It must be set to one of the following values: Dedicated, Capped or Shared. - Dedicated: resources are allocated for a specific client, The hypervisor makes a 1:1 binding of a partition’s processor to a physical processor core. - Shared: Shared among other clients. - Capped: Shared, but resources do not expand beyond those that are requested, the amount of CPU time is Capped to the value specified for the entitlement. - if the processorType is selected as Dedicated, then processors value cannot be fractional. - When omitted, this means that the user has no opinion and the platform is left to choose a - reasonable default, which is subject to change over time. The current default is Shared. - enum: - - Dedicated - - Shared - - Capped - - "" - type: string - processors: - anyOf: - - type: integer - - type: string - description: |- - processors is the number of virtual processors in a virtual machine. - when the processorType is selected as Dedicated the processors value cannot be fractional. - maximum value for the Processors depends on the selected SystemType. - when SystemType is set to e880 or e980 maximum Processors value is 143. - when SystemType is set to s922 maximum Processors value is 15. - minimum value for Processors depends on the selected ProcessorType. - when ProcessorType is set as Shared or Capped, The minimum processors is 0.25. - when ProcessorType is set as Dedicated, The minimum processors is 1. - When omitted, this means that the user has no opinion and the platform is left to choose a - reasonable default, which is subject to change over time. The default is set based on the selected ProcessorType. - when ProcessorType selected as Dedicated, the default is set to 1. - when ProcessorType selected as Shared or Capped, the default is set to 0.25. - x-kubernetes-int-or-string: true - providerID: - description: ProviderID is the unique identifier as specified by the - cloud provider. - type: string - serviceInstanceID: - description: ServiceInstanceID is the id of the power cloud instance - where the vsi instance will get deployed. - minLength: 1 - type: string - sshKey: - description: SSHKey is the name of the SSH key pair provided to the - vsi for authenticating users. - type: string - systemType: - description: |- - systemType is the System type used to host the instance. - systemType determines the number of cores and memory that is available. - Few of the supported SystemTypes are s922,e880,e980. - e880 systemType available only in Dallas Datacenters. - e980 systemType available in Datacenters except Dallas and Washington. - When omitted, this means that the user has no opinion and the platform is left to choose a - reasonable default, which is subject to change over time. The current default is s922 which is generally available. - enum: - - s922 - - e880 - - e980 - - "" - type: string - required: - - network - - serviceInstanceID - type: object - status: - description: IBMPowerVSMachineStatus defines the observed state of IBMPowerVSMachine. - properties: - addresses: - description: Addresses contains the vsi associated addresses. - items: - description: NodeAddress contains information for the node's address. - properties: - address: - description: The node address. - type: string - type: - description: Node address type, one of Hostname, ExternalIP - or InternalIP. - type: string - required: - - address - - type - type: object - type: array - conditions: - description: Conditions defines current service state of the IBMPowerVSMachine. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - description: |- - FailureMessage will be set in the event that there is a terminal problem - reconciling the Machine and will contain a more verbose string suitable - for logging and human consumption. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - failureReason: - description: |- - FailureReason will be set in the event that there is a terminal problem - reconciling the Machine and will contain a succinct value suitable - for machine interpretation. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - fault: - description: Fault will report if any fault messages for the vsi. - type: string - health: - description: Health is the health of the vsi. - type: string - instanceID: - type: string - instanceState: - description: InstanceState is the status of the vsi. - type: string - ready: - description: Ready is true when the provider resource is ready. - type: boolean - region: - description: Region specifies the Power VS Service instance region. - type: string - zone: - description: Zone specifies the Power VS Service instance zone. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-ibmpowervsmachinetemplates.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-ibmpowervsmachinetemplates.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index 38104ed47..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-ibmpowervsmachinetemplates.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,373 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - labels: - cluster.x-k8s.io/v1beta1: v1beta2 - name: ibmpowervsmachinetemplates.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - kind: IBMPowerVSMachineTemplate - listKind: IBMPowerVSMachineTemplateList - plural: ibmpowervsmachinetemplates - singular: ibmpowervsmachinetemplate - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: IBMPowerVSMachineTemplate is the Schema for the ibmpowervsmachinetemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IBMPowerVSMachineTemplateSpec defines the desired state of - IBMPowerVSMachineTemplate. - properties: - template: - description: IBMPowerVSMachineTemplateResource holds the IBMPowerVSMachine - spec. - properties: - spec: - description: IBMPowerVSMachineSpec defines the desired state of - IBMPowerVSMachine. - properties: - image: - description: Image is the reference to the Image from which - to create the machine instance. - properties: - id: - description: ID of resource - minLength: 1 - type: string - name: - description: Name of resource - minLength: 1 - type: string - regex: - description: |- - Regular expression to match resource, - In case of multiple resources matches the provided regular expression the first matched resource will be selected - minLength: 1 - type: string - type: object - imageRef: - description: |- - ImageRef is an optional reference to a provider-specific resource that holds - the details for provisioning the Image for a Cluster. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - memory: - description: Memory is Amount of memory allocated (in GB) - type: string - network: - description: Network is the reference to the Network to use - for this instance. - properties: - id: - description: ID of resource - minLength: 1 - type: string - name: - description: Name of resource - minLength: 1 - type: string - regex: - description: |- - Regular expression to match resource, - In case of multiple resources matches the provided regular expression the first matched resource will be selected - minLength: 1 - type: string - type: object - procType: - description: 'ProcType is the processor type, e.g: dedicated, - shared, capped' - type: string - processors: - description: Processors is Number of processors allocated. - pattern: ^\d+(\.)?(\d)?(\d)?$ - type: string - providerID: - description: ProviderID is the unique identifier as specified - by the cloud provider. - type: string - serviceInstanceID: - description: ServiceInstanceID is the id of the power cloud - instance where the vsi instance will get deployed. - minLength: 1 - type: string - sshKey: - description: SSHKey is the name of the SSH key pair provided - to the vsi for authenticating users. - type: string - sysType: - description: SysType is the System type used to host the vsi. - type: string - required: - - network - - serviceInstanceID - type: object - required: - - spec - type: object - required: - - template - type: object - status: - description: IBMPowerVSMachineTemplateStatus defines the observed state - of IBMPowerVSMachineTemplate. - properties: - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Capacity defines the resource capacity for this machine. - This value is used for autoscaling from zero operations as defined in: - https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20210310-opt-in-autoscaling-from-zero.md - type: object - type: object - type: object - served: true - storage: false - subresources: - status: {} - - name: v1beta2 - schema: - openAPIV3Schema: - description: IBMPowerVSMachineTemplate is the Schema for the ibmpowervsmachinetemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IBMPowerVSMachineTemplateSpec defines the desired state of - IBMPowerVSMachineTemplate. - properties: - template: - description: IBMPowerVSMachineTemplateResource holds the IBMPowerVSMachine - spec. - properties: - spec: - description: IBMPowerVSMachineSpec defines the desired state of - IBMPowerVSMachine. - properties: - image: - description: |- - Image the reference to the image which is used to create the instance. - supported image identifier in IBMPowerVSResourceReference are Name and ID and that can be obtained from IBM Cloud UI or IBM Cloud cli. - properties: - id: - description: ID of resource - minLength: 1 - type: string - name: - description: Name of resource - minLength: 1 - type: string - regex: - description: |- - Regular expression to match resource, - In case of multiple resources matches the provided regular expression the first matched resource will be selected - minLength: 1 - type: string - type: object - imageRef: - description: |- - ImageRef is an optional reference to a provider-specific resource that holds - the details for provisioning the Image for a Cluster. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - memoryGiB: - description: |- - memoryGiB is the size of a virtual machine's memory, in GiB. - maximum value for the MemoryGiB depends on the selected SystemType. - when SystemType is set to e880 maximum MemoryGiB value is 7463 GiB. - when SystemType is set to e980 maximum MemoryGiB value is 15307 GiB. - when SystemType is set to s922 maximum MemoryGiB value is 942 GiB. - The minimum memory is 2 GiB. - When omitted, this means the user has no opinion and the platform is left to choose a reasonable - default, which is subject to change over time. The current default is 2. - format: int32 - type: integer - network: - description: |- - Network is the reference to the Network to use for this instance. - supported network identifier in IBMPowerVSResourceReference are Name, ID and RegEx and that can be obtained from IBM Cloud UI or IBM Cloud cli. - properties: - id: - description: ID of resource - minLength: 1 - type: string - name: - description: Name of resource - minLength: 1 - type: string - regex: - description: |- - Regular expression to match resource, - In case of multiple resources matches the provided regular expression the first matched resource will be selected - minLength: 1 - type: string - type: object - processorType: - description: |- - processorType is the VM instance processor type. - It must be set to one of the following values: Dedicated, Capped or Shared. - Dedicated: resources are allocated for a specific client, The hypervisor makes a 1:1 binding of a partition’s processor to a physical processor core. - Shared: Shared among other clients. - Capped: Shared, but resources do not expand beyond those that are requested, the amount of CPU time is Capped to the value specified for the entitlement. - if the processorType is selected as Dedicated, then processors value cannot be fractional. - When omitted, this means that the user has no opinion and the platform is left to choose a - reasonable default, which is subject to change over time. The current default is Shared. - enum: - - Dedicated - - Shared - - Capped - - "" - type: string - processors: - anyOf: - - type: integer - - type: string - description: |- - processors is the number of virtual processors in a virtual machine. - when the processorType is selected as Dedicated the processors value cannot be fractional. - maximum value for the Processors depends on the selected SystemType. - when SystemType is set to e880 or e980 maximum Processors value is 143. - when SystemType is set to s922 maximum Processors value is 15. - minimum value for Processors depends on the selected ProcessorType. - when ProcessorType is set as Shared or Capped, The minimum processors is 0.25. - when ProcessorType is set as Dedicated, The minimum processors is 1. - When omitted, this means that the user has no opinion and the platform is left to choose a - reasonable default, which is subject to change over time. The default is set based on the selected ProcessorType. - when ProcessorType selected as Dedicated, the default is set to 1. - when ProcessorType selected as Shared or Capped, the default is set to 0.25. - x-kubernetes-int-or-string: true - providerID: - description: ProviderID is the unique identifier as specified - by the cloud provider. - type: string - serviceInstanceID: - description: ServiceInstanceID is the id of the power cloud - instance where the vsi instance will get deployed. - minLength: 1 - type: string - sshKey: - description: SSHKey is the name of the SSH key pair provided - to the vsi for authenticating users. - type: string - systemType: - description: |- - systemType is the System type used to host the instance. - systemType determines the number of cores and memory that is available. - Few of the supported SystemTypes are s922,e880,e980. - e880 systemType available only in Dallas Datacenters. - e980 systemType available in Datacenters except Dallas and Washington. - When omitted, this means that the user has no opinion and the platform is left to choose a - reasonable default, which is subject to change over time. The current default is s922 which is generally available. - enum: - - s922 - - e880 - - e980 - - "" - type: string - required: - - network - - serviceInstanceID - type: object - required: - - spec - type: object - required: - - template - type: object - status: - description: IBMPowerVSMachineTemplateStatus defines the observed state - of IBMPowerVSMachineTemplate. - properties: - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Capacity defines the resource capacity for this machine. - This value is used for autoscaling from zero operations as defined in: - https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20210310-opt-in-autoscaling-from-zero.md - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-ibmvpcclusters.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-ibmvpcclusters.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index 7f99dd7e8..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-ibmvpcclusters.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,390 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - labels: - cluster.x-k8s.io/v1beta1: v1beta2 - name: ibmvpcclusters.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: IBMVPCCluster - listKind: IBMVPCClusterList - plural: ibmvpcclusters - singular: ibmvpccluster - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster to which this IBMVPCCluster belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - description: Cluster infrastructure is ready for IBM VPC instances - jsonPath: .status.ready - name: Ready - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: IBMVPCCluster is the Schema for the ibmvpcclusters API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IBMVPCClusterSpec defines the desired state of IBMVPCCluster. - properties: - controlPlaneEndpoint: - description: ControlPlaneEndpoint represents the endpoint used to - communicate with the control plane. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - controlPlaneLoadBalancer: - description: ControlPlaneLoadBalancer is optional configuration for - customizing control plane behavior. - properties: - name: - description: Name sets the name of the VPC load balancer. - maxLength: 63 - pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$ - type: string - type: object - region: - description: The IBM Cloud Region the cluster lives in. - type: string - resourceGroup: - description: The VPC resources should be created under the resource - group. - type: string - vpc: - description: The Name of VPC. - type: string - zone: - description: The Name of availability zone. - type: string - required: - - region - - resourceGroup - type: object - status: - description: IBMVPCClusterStatus defines the observed state of IBMVPCCluster. - properties: - conditions: - description: Conditions defines current service state of the load - balancer. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - controlPlaneLoadBalancerState: - description: ControlPlaneLoadBalancerState is the status of the load - balancer. - type: string - ready: - description: Ready is true when the provider resource is ready. - type: boolean - subnet: - description: Subnet describes a subnet. - properties: - cidr: - type: string - id: - type: string - name: - type: string - zone: - type: string - required: - - cidr - - id - - name - - zone - type: object - vpc: - description: |- - INSERT ADDITIONAL STATUS FIELD - define observed state of cluster - Important: Run "make" to regenerate code after modifying this file - properties: - id: - type: string - name: - type: string - required: - - id - - name - type: object - vpcEndpoint: - description: VPCEndpoint describes a VPCEndpoint. - properties: - address: - type: string - floatingIPID: - description: 'Deprecated: This field has no function and is going - to be removed in the next release.' - type: string - loadBalancerIPID: - type: string - required: - - address - type: object - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Cluster to which this IBMVPCCluster belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - description: Cluster infrastructure is ready for IBM VPC instances - jsonPath: .status.ready - name: Ready - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: IBMVPCCluster is the Schema for the ibmvpcclusters API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IBMVPCClusterSpec defines the desired state of IBMVPCCluster. - properties: - controlPlaneEndpoint: - description: ControlPlaneEndpoint represents the endpoint used to - communicate with the control plane. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - controlPlaneLoadBalancer: - description: ControlPlaneLoadBalancer is optional configuration for - customizing control plane behavior. - properties: - name: - description: Name sets the name of the VPC load balancer. - maxLength: 63 - pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$ - type: string - type: object - region: - description: The IBM Cloud Region the cluster lives in. - type: string - resourceGroup: - description: The VPC resources should be created under the resource - group. - type: string - vpc: - description: The Name of VPC. - type: string - zone: - description: The Name of availability zone. - type: string - required: - - region - - resourceGroup - type: object - status: - description: IBMVPCClusterStatus defines the observed state of IBMVPCCluster. - properties: - conditions: - description: Conditions defines current service state of the load - balancer. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - controlPlaneLoadBalancerState: - description: ControlPlaneLoadBalancerState is the status of the load - balancer. - type: string - ready: - description: Ready is true when the provider resource is ready. - type: boolean - subnet: - description: Subnet describes a subnet. - properties: - cidr: - type: string - id: - type: string - name: - type: string - zone: - type: string - required: - - cidr - - id - - name - - zone - type: object - vpc: - description: |- - INSERT ADDITIONAL STATUS FIELD - define observed state of cluster - Important: Run "make" to regenerate code after modifying this file - properties: - id: - type: string - name: - type: string - required: - - id - - name - type: object - vpcEndpoint: - description: VPCEndpoint describes a VPCEndpoint. - properties: - address: - type: string - floatingIPID: - description: 'Deprecated: This field has no function and is going - to be removed in the next release.' - type: string - loadBalancerIPID: - type: string - required: - - address - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-ibmvpcclustertemplates.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-ibmvpcclustertemplates.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index 52983a408..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-ibmvpcclustertemplates.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,138 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: ibmvpcclustertemplates.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: IBMVPCClusterTemplate - listKind: IBMVPCClusterTemplateList - plural: ibmvpcclustertemplates - shortNames: - - ibmvpcct - singular: ibmvpcclustertemplate - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Time duration since creation of IBMVPCClusterTemplate - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta2 - schema: - openAPIV3Schema: - description: IBMVPCClusterTemplate is the Schema for the ibmvpcclustertemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IBMVPCClusterTemplateSpec defines the desired state of IBMVPCClusterTemplate. - properties: - template: - description: IBMVPCClusterTemplateResource describes the data needed - to create an IBMVPCCluster from a template. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: IBMVPCClusterSpec defines the desired state of IBMVPCCluster. - properties: - controlPlaneEndpoint: - description: ControlPlaneEndpoint represents the endpoint - used to communicate with the control plane. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - controlPlaneLoadBalancer: - description: ControlPlaneLoadBalancer is optional configuration - for customizing control plane behavior. - properties: - name: - description: Name sets the name of the VPC load balancer. - maxLength: 63 - pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$ - type: string - type: object - region: - description: The IBM Cloud Region the cluster lives in. - type: string - resourceGroup: - description: The VPC resources should be created under the - resource group. - type: string - vpc: - description: The Name of VPC. - type: string - zone: - description: The Name of availability zone. - type: string - required: - - region - - resourceGroup - type: object - required: - - spec - type: object - type: object - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-ibmvpcmachines.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-ibmvpcmachines.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index 00736bf49..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-ibmvpcmachines.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,360 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: ibmvpcmachines.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: IBMVPCMachine - listKind: IBMVPCMachineList - plural: ibmvpcmachines - singular: ibmvpcmachine - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster infrastructure is ready for IBM VPC instances - jsonPath: .status.ready - name: Ready - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: IBMVPCMachine is the Schema for the ibmvpcmachines API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IBMVPCMachineSpec defines the desired state of IBMVPCMachine. - properties: - bootVolume: - description: BootVolume contains machines's boot volume configurations - like size, iops etc.. - properties: - deleteVolumeOnInstanceDelete: - default: true - description: |- - DeleteVolumeOnInstanceDelete If set to true, when deleting the instance the volume will also be deleted. - Default is set as true - type: boolean - encryptionKeyCRN: - description: |- - EncryptionKey is the root key to use to wrap the data encryption key for the volume and this points to the CRN - and possible values are as follows. - The CRN of the [Key Protect Root - Key](https://cloud.ibm.com/docs/key-protect?topic=key-protect-getting-started-tutorial) or [Hyper Protect Crypto - Service Root Key](https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-get-started) for this resource. - If unspecified, the `encryption` type for the volume will be `provider_managed`. - type: string - iops: - description: |- - Iops is the maximum I/O operations per second (IOPS) to use for the volume. Applicable only to volumes using a profile - family of `custom`. - format: int64 - type: integer - name: - description: |- - Name is the unique user-defined name for this volume. - Default will be autogenerated - type: string - profile: - default: general-purpose - description: |- - Profile is the volume profile for the bootdisk, refer https://cloud.ibm.com/docs/vpc?topic=vpc-block-storage-profiles - for more information. - Default to general-purpose - enum: - - general-purpose - - 5iops-tier - - 10iops-tier - - custom - type: string - sizeGiB: - description: |- - SizeGiB is the size of the virtual server's boot disk in GiB. - Default to the size of the image's `minimum_provisioned_size`. - format: int64 - type: integer - type: object - image: - description: |- - Image is the id of OS image which would be install on the instance. - Example: r134-ed3f775f-ad7e-4e37-ae62-7199b4988b00 - type: string - imageName: - description: ImageName is the name of OS image which would be install - on the instance. - type: string - name: - description: Name of the instance. - type: string - primaryNetworkInterface: - description: PrimaryNetworkInterface is required to specify subnet. - properties: - subnet: - description: Subnet ID of the network interface. - type: string - type: object - profile: - description: "Profile indicates the flavor of instance. Example: bx2-8x32\tmeans - 8 vCPUs\t32 GB RAM\t16 Gbps\nTODO: add a reference link of profile" - type: string - providerID: - description: ProviderID is the unique identifier as specified by the - cloud provider. - type: string - sshKeyNames: - description: SSHKeysNames is the SSH pub key names that will be used - to access VM. - items: - type: string - type: array - sshKeys: - description: SSHKeys is the SSH pub keys that will be used to access - VM. - items: - type: string - type: array - zone: - description: |- - Zone is the place where the instance should be created. Example: us-south-3 - TODO: Actually zone is transparent to user. The field user can access is location. Example: Dallas 2 - type: string - required: - - zone - type: object - status: - description: IBMVPCMachineStatus defines the observed state of IBMVPCMachine. - properties: - addresses: - description: Addresses contains the GCP instance associated addresses. - items: - description: NodeAddress contains information for the node's address. - properties: - address: - description: The node address. - type: string - type: - description: Node address type, one of Hostname, ExternalIP - or InternalIP. - type: string - required: - - address - - type - type: object - type: array - instanceID: - type: string - instanceState: - description: InstanceStatus is the status of the GCP instance for - this machine. - type: string - ready: - description: Ready is true when the provider resource is ready. - type: boolean - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Cluster infrastructure is ready for IBM VPC instances - jsonPath: .status.ready - name: Ready - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: IBMVPCMachine is the Schema for the ibmvpcmachines API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IBMVPCMachineSpec defines the desired state of IBMVPCMachine. - properties: - bootVolume: - description: BootVolume contains machines's boot volume configurations - like size, iops etc.. - properties: - deleteVolumeOnInstanceDelete: - default: true - description: |- - DeleteVolumeOnInstanceDelete If set to true, when deleting the instance the volume will also be deleted. - Default is set as true - type: boolean - encryptionKeyCRN: - description: |- - EncryptionKey is the root key to use to wrap the data encryption key for the volume and this points to the CRN - and possible values are as follows. - The CRN of the [Key Protect Root - Key](https://cloud.ibm.com/docs/key-protect?topic=key-protect-getting-started-tutorial) or [Hyper Protect Crypto - Service Root Key](https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-get-started) for this resource. - If unspecified, the `encryption` type for the volume will be `provider_managed`. - type: string - iops: - description: |- - Iops is the maximum I/O operations per second (IOPS) to use for the volume. Applicable only to volumes using a profile - family of `custom`. - format: int64 - type: integer - name: - description: |- - Name is the unique user-defined name for this volume. - Default will be autogenerated - type: string - profile: - default: general-purpose - description: |- - Profile is the volume profile for the bootdisk, refer https://cloud.ibm.com/docs/vpc?topic=vpc-block-storage-profiles - for more information. - Default to general-purpose - enum: - - general-purpose - - 5iops-tier - - 10iops-tier - - custom - type: string - sizeGiB: - description: |- - SizeGiB is the size of the virtual server's boot disk in GiB. - Default to the size of the image's `minimum_provisioned_size`. - format: int64 - type: integer - type: object - image: - description: |- - Image is the OS image which would be install on the instance. - ID will take higher precedence over Name if both specified. - properties: - id: - description: ID of resource - minLength: 1 - type: string - name: - description: Name of resource - minLength: 1 - type: string - type: object - name: - description: Name of the instance. - type: string - primaryNetworkInterface: - description: PrimaryNetworkInterface is required to specify subnet. - properties: - subnet: - description: Subnet ID of the network interface. - type: string - type: object - profile: - description: "Profile indicates the flavor of instance. Example: bx2-8x32\tmeans - 8 vCPUs\t32 GB RAM\t16 Gbps\nTODO: add a reference link of profile" - type: string - providerID: - description: ProviderID is the unique identifier as specified by the - cloud provider. - type: string - sshKeys: - description: |- - SSHKeys is the SSH pub keys that will be used to access VM. - ID will take higher precedence over Name if both specified. - items: - description: |- - IBMVPCResourceReference is a reference to a specific VPC resource by ID or Name - Only one of ID or Name may be specified. Specifying more than one will result in - a validation error. - properties: - id: - description: ID of resource - minLength: 1 - type: string - name: - description: Name of resource - minLength: 1 - type: string - type: object - type: array - zone: - description: |- - Zone is the place where the instance should be created. Example: us-south-3 - TODO: Actually zone is transparent to user. The field user can access is location. Example: Dallas 2 - type: string - required: - - image - - zone - type: object - status: - description: IBMVPCMachineStatus defines the observed state of IBMVPCMachine. - properties: - addresses: - description: Addresses contains the GCP instance associated addresses. - items: - description: NodeAddress contains information for the node's address. - properties: - address: - description: The node address. - type: string - type: - description: Node address type, one of Hostname, ExternalIP - or InternalIP. - type: string - required: - - address - - type - type: object - type: array - instanceID: - type: string - instanceState: - description: InstanceStatus is the status of the GCP instance for - this machine. - type: string - ready: - description: Ready is true when the provider resource is ready. - type: boolean - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-ibmvpcmachinetemplates.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-ibmvpcmachinetemplates.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index bc451bc25..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-ibmvpcmachinetemplates.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,320 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: ibmvpcmachinetemplates.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: IBMVPCMachineTemplate - listKind: IBMVPCMachineTemplateList - plural: ibmvpcmachinetemplates - singular: ibmvpcmachinetemplate - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: IBMVPCMachineTemplate is the Schema for the ibmvpcmachinetemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IBMVPCMachineTemplateSpec defines the desired state of IBMVPCMachineTemplate. - properties: - template: - description: IBMVPCMachineTemplateResource describes the data needed - to create am IBMVPCMachine from a template. - properties: - spec: - description: Spec is the specification of the desired behavior - of the machine. - properties: - bootVolume: - description: BootVolume contains machines's boot volume configurations - like size, iops etc.. - properties: - deleteVolumeOnInstanceDelete: - default: true - description: |- - DeleteVolumeOnInstanceDelete If set to true, when deleting the instance the volume will also be deleted. - Default is set as true - type: boolean - encryptionKeyCRN: - description: |- - EncryptionKey is the root key to use to wrap the data encryption key for the volume and this points to the CRN - and possible values are as follows. - The CRN of the [Key Protect Root - Key](https://cloud.ibm.com/docs/key-protect?topic=key-protect-getting-started-tutorial) or [Hyper Protect Crypto - Service Root Key](https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-get-started) for this resource. - If unspecified, the `encryption` type for the volume will be `provider_managed`. - type: string - iops: - description: |- - Iops is the maximum I/O operations per second (IOPS) to use for the volume. Applicable only to volumes using a profile - family of `custom`. - format: int64 - type: integer - name: - description: |- - Name is the unique user-defined name for this volume. - Default will be autogenerated - type: string - profile: - default: general-purpose - description: |- - Profile is the volume profile for the bootdisk, refer https://cloud.ibm.com/docs/vpc?topic=vpc-block-storage-profiles - for more information. - Default to general-purpose - enum: - - general-purpose - - 5iops-tier - - 10iops-tier - - custom - type: string - sizeGiB: - description: |- - SizeGiB is the size of the virtual server's boot disk in GiB. - Default to the size of the image's `minimum_provisioned_size`. - format: int64 - type: integer - type: object - image: - description: |- - Image is the id of OS image which would be install on the instance. - Example: r134-ed3f775f-ad7e-4e37-ae62-7199b4988b00 - type: string - imageName: - description: ImageName is the name of OS image which would - be install on the instance. - type: string - name: - description: Name of the instance. - type: string - primaryNetworkInterface: - description: PrimaryNetworkInterface is required to specify - subnet. - properties: - subnet: - description: Subnet ID of the network interface. - type: string - type: object - profile: - description: "Profile indicates the flavor of instance. Example: - bx2-8x32\tmeans 8 vCPUs\t32 GB RAM\t16 Gbps\nTODO: add a - reference link of profile" - type: string - providerID: - description: ProviderID is the unique identifier as specified - by the cloud provider. - type: string - sshKeyNames: - description: SSHKeysNames is the SSH pub key names that will - be used to access VM. - items: - type: string - type: array - sshKeys: - description: SSHKeys is the SSH pub keys that will be used - to access VM. - items: - type: string - type: array - zone: - description: |- - Zone is the place where the instance should be created. Example: us-south-3 - TODO: Actually zone is transparent to user. The field user can access is location. Example: Dallas 2 - type: string - required: - - zone - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: true - storage: false - - name: v1beta2 - schema: - openAPIV3Schema: - description: IBMVPCMachineTemplate is the Schema for the ibmvpcmachinetemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IBMVPCMachineTemplateSpec defines the desired state of IBMVPCMachineTemplate. - properties: - template: - description: IBMVPCMachineTemplateResource describes the data needed - to create am IBMVPCMachine from a template. - properties: - spec: - description: Spec is the specification of the desired behavior - of the machine. - properties: - bootVolume: - description: BootVolume contains machines's boot volume configurations - like size, iops etc.. - properties: - deleteVolumeOnInstanceDelete: - default: true - description: |- - DeleteVolumeOnInstanceDelete If set to true, when deleting the instance the volume will also be deleted. - Default is set as true - type: boolean - encryptionKeyCRN: - description: |- - EncryptionKey is the root key to use to wrap the data encryption key for the volume and this points to the CRN - and possible values are as follows. - The CRN of the [Key Protect Root - Key](https://cloud.ibm.com/docs/key-protect?topic=key-protect-getting-started-tutorial) or [Hyper Protect Crypto - Service Root Key](https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-get-started) for this resource. - If unspecified, the `encryption` type for the volume will be `provider_managed`. - type: string - iops: - description: |- - Iops is the maximum I/O operations per second (IOPS) to use for the volume. Applicable only to volumes using a profile - family of `custom`. - format: int64 - type: integer - name: - description: |- - Name is the unique user-defined name for this volume. - Default will be autogenerated - type: string - profile: - default: general-purpose - description: |- - Profile is the volume profile for the bootdisk, refer https://cloud.ibm.com/docs/vpc?topic=vpc-block-storage-profiles - for more information. - Default to general-purpose - enum: - - general-purpose - - 5iops-tier - - 10iops-tier - - custom - type: string - sizeGiB: - description: |- - SizeGiB is the size of the virtual server's boot disk in GiB. - Default to the size of the image's `minimum_provisioned_size`. - format: int64 - type: integer - type: object - image: - description: |- - Image is the OS image which would be install on the instance. - ID will take higher precedence over Name if both specified. - properties: - id: - description: ID of resource - minLength: 1 - type: string - name: - description: Name of resource - minLength: 1 - type: string - type: object - name: - description: Name of the instance. - type: string - primaryNetworkInterface: - description: PrimaryNetworkInterface is required to specify - subnet. - properties: - subnet: - description: Subnet ID of the network interface. - type: string - type: object - profile: - description: "Profile indicates the flavor of instance. Example: - bx2-8x32\tmeans 8 vCPUs\t32 GB RAM\t16 Gbps\nTODO: add a - reference link of profile" - type: string - providerID: - description: ProviderID is the unique identifier as specified - by the cloud provider. - type: string - sshKeys: - description: |- - SSHKeys is the SSH pub keys that will be used to access VM. - ID will take higher precedence over Name if both specified. - items: - description: |- - IBMVPCResourceReference is a reference to a specific VPC resource by ID or Name - Only one of ID or Name may be specified. Specifying more than one will result in - a validation error. - properties: - id: - description: ID of resource - minLength: 1 - type: string - name: - description: Name of resource - minLength: 1 - type: string - type: object - type: array - zone: - description: |- - Zone is the place where the instance should be created. Example: us-south-3 - TODO: Actually zone is transparent to user. The field user can access is location. Example: Dallas 2 - type: string - required: - - image - - zone - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-ipaddressclaims.ipam.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-ipaddressclaims.ipam.cluster.x-k8s.io.yaml deleted file mode 100644 index e7750f0f2..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-ipaddressclaims.ipam.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,157 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: ipaddressclaims.ipam.cluster.x-k8s.io -spec: - group: ipam.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: IPAddressClaim - listKind: IPAddressClaimList - plural: ipaddressclaims - singular: ipaddressclaim - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Name of the pool to allocate an address from - jsonPath: .spec.poolRef.name - name: Pool Name - type: string - - description: Kind of the pool to allocate an address from - jsonPath: .spec.poolRef.kind - name: Pool Kind - type: string - - description: Time duration since creation of IPAdressClaim - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: IPAddressClaim is the Schema for the ipaddressclaim API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IPAddressClaimSpec is the desired state of an IPAddressClaim. - properties: - poolRef: - description: PoolRef is a reference to the pool from which an IP address - should be created. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - required: - - poolRef - type: object - status: - description: IPAddressClaimStatus is the observed status of a IPAddressClaim. - properties: - addressRef: - description: AddressRef is a reference to the address that was created - for this claim. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - conditions: - description: Conditions summarises the current state of the IPAddressClaim - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-ipaddresses.ipam.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-ipaddresses.ipam.cluster.x-k8s.io.yaml deleted file mode 100644 index bd8814452..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-ipaddresses.ipam.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,124 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: ipaddresses.ipam.cluster.x-k8s.io -spec: - group: ipam.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: IPAddress - listKind: IPAddressList - plural: ipaddresses - singular: ipaddress - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Address - jsonPath: .spec.address - name: Address - type: string - - description: Name of the pool the address is from - jsonPath: .spec.poolRef.name - name: Pool Name - type: string - - description: Kind of the pool the address is from - jsonPath: .spec.poolRef.kind - name: Pool Kind - type: string - - description: Time duration since creation of IPAdress - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: IPAddress is the Schema for the ipaddress API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IPAddressSpec is the desired state of an IPAddress. - properties: - address: - description: Address is the IP address. - type: string - claimRef: - description: ClaimRef is a reference to the claim this IPAddress was - created for. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - gateway: - description: Gateway is the network gateway of the network the address - is from. - type: string - poolRef: - description: PoolRef is a reference to the pool that this IPAddress - was created from. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - prefix: - description: Prefix is the prefix of the address. - type: integer - required: - - address - - claimRef - - poolRef - - prefix - type: object - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-kubevirtclusters.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-kubevirtclusters.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index 3f990fef6..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-kubevirtclusters.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,277 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - labels: - cluster.x-k8s.io/v1beta1: v1alpha1 - name: kubevirtclusters.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: KubevirtCluster - listKind: KubevirtClusterList - plural: kubevirtclusters - singular: kubevirtcluster - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: KubevirtCluster is the Schema for the kubevirtclusters API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: KubevirtClusterSpec defines the desired state of KubevirtCluster. - properties: - controlPlaneEndpoint: - description: ControlPlaneEndpoint represents the endpoint used to - communicate with the control plane. - properties: - host: - description: Host is the hostname on which the API server is serving. - type: string - port: - description: Port is the port on which the API server is serving. - type: integer - required: - - host - - port - type: object - controlPlaneServiceTemplate: - description: |- - ControlPlaneServiceTemplate can be used to modify service that fronts the control plane nodes to handle the - api-server traffic (port 6443). This field is optional, by default control plane nodes will use a service - of type ClusterIP, which will make workload cluster only accessible within the same cluster. Note, this does - not aim to expose the entire Service spec to users, but only provides capability to modify the service metadata - and the service type. - properties: - metadata: - description: |- - Service metadata allows to set labels, annotations and namespace for the service. - When infraClusterSecretRef is used, ControlPlaneService take the kubeconfig namespace by default if metadata.namespace is not specified. - This field is optional. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - spec: - description: |- - Service specification allows to override some fields in the service spec. - Note, it does not aim cover all fields of the service spec. - properties: - type: - description: |- - Type determines how the Service is exposed. Defaults to ClusterIP. Valid - options are ExternalName, ClusterIP, NodePort, and LoadBalancer. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - type: string - type: object - type: object - infraClusterSecretRef: - description: InfraClusterSecretRef is a reference to a secret with - a kubeconfig for external cluster used for infra. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - sshKeys: - description: SSHKeys is a reference to a local struct for SSH keys - persistence. - properties: - configRef: - description: |- - ConfigRef is a reference to a resource containing the keys. - The reference is optional to allow users/operators to specify - Bootstrap.DataSecretName without the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - dataSecretName: - description: DataSecretName is the name of the secret that stores - ssh keys. - type: string - type: object - type: object - status: - description: KubevirtClusterStatus defines the observed state of KubevirtCluster. - properties: - conditions: - description: Conditions defines current service state of the KubevirtCluster. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureDomains: - additionalProperties: - description: |- - FailureDomainSpec is the Schema for Cluster API failure domains. - It allows controllers to understand how many failure domains a cluster can optionally span across. - properties: - attributes: - additionalProperties: - type: string - description: Attributes is a free form map of attributes an - infrastructure provider might use or require. - type: object - controlPlane: - description: ControlPlane determines if this failure domain - is suitable for use by control plane machines. - type: boolean - type: object - description: |- - FailureDomains don't mean much in CAPD since it's all local, but we can see how the rest of cluster API - will use this if we populate it. - type: object - ready: - default: false - description: Ready denotes that the infrastructure is ready. - type: boolean - required: - - ready - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-kubevirtclustertemplates.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-kubevirtclustertemplates.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index 03ad77841..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-kubevirtclustertemplates.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,267 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: kubevirtclustertemplates.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: KubevirtClusterTemplate - listKind: KubevirtClusterTemplateList - plural: kubevirtclustertemplates - shortNames: - - kct - singular: kubevirtclustertemplate - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: KubevirtClusterTemplate is the Schema for the kubevirtclustertemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: KubevirtClusterTemplateSpec defines the desired state of - KubevirtClusterTemplate. - properties: - template: - description: KubevirtClusterTemplateResource describes the data needed - to create a KubevirtCluster from a template. - properties: - metadata: - description: |- - ObjectMeta is metadata that all persisted resources must have, which includes all objects - users must create. This is a copy of customizable fields from metav1.ObjectMeta. - - - ObjectMeta is embedded in `Machine.Spec`, `MachineDeployment.Template` and `MachineSet.Template`, - which are not top-level Kubernetes objects. Given that metav1.ObjectMeta has lots of special cases - and read-only fields which end up in the generated CRD validation, having it as a subset simplifies - the API and some issues that can impact user experience. - - - During the [upgrade to controller-tools@v2](https://github.com/kubernetes-sigs/cluster-api/pull/1054) - for v1alpha2, we noticed a failure would occur running Cluster API test suite against the new CRDs, - specifically `spec.metadata.creationTimestamp in body must be of type string: "null"`. - The investigation showed that `controller-tools@v2` behaves differently than its previous version - when handling types from [metav1](k8s.io/apimachinery/pkg/apis/meta/v1) package. - - - In more details, we found that embedded (non-top level) types that embedded `metav1.ObjectMeta` - had validation properties, including for `creationTimestamp` (metav1.Time). - The `metav1.Time` type specifies a custom json marshaller that, when IsZero() is true, returns `null` - which breaks validation because the field isn't marked as nullable. - - - In future versions, controller-tools@v2 might allow overriding the type and validation for embedded - types. When that happens, this hack should be revisited. - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: KubevirtClusterSpec defines the desired state of - KubevirtCluster. - properties: - controlPlaneEndpoint: - description: ControlPlaneEndpoint represents the endpoint - used to communicate with the control plane. - properties: - host: - description: Host is the hostname on which the API server - is serving. - type: string - port: - description: Port is the port on which the API server - is serving. - type: integer - required: - - host - - port - type: object - controlPlaneServiceTemplate: - description: |- - ControlPlaneServiceTemplate can be used to modify service that fronts the control plane nodes to handle the - api-server traffic (port 6443). This field is optional, by default control plane nodes will use a service - of type ClusterIP, which will make workload cluster only accessible within the same cluster. Note, this does - not aim to expose the entire Service spec to users, but only provides capability to modify the service metadata - and the service type. - properties: - metadata: - description: |- - Service metadata allows to set labels, annotations and namespace for the service. - When infraClusterSecretRef is used, ControlPlaneService take the kubeconfig namespace by default if metadata.namespace is not specified. - This field is optional. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - spec: - description: |- - Service specification allows to override some fields in the service spec. - Note, it does not aim cover all fields of the service spec. - properties: - type: - description: |- - Type determines how the Service is exposed. Defaults to ClusterIP. Valid - options are ExternalName, ClusterIP, NodePort, and LoadBalancer. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - type: string - type: object - type: object - infraClusterSecretRef: - description: InfraClusterSecretRef is a reference to a secret - with a kubeconfig for external cluster used for infra. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - sshKeys: - description: SSHKeys is a reference to a local struct for - SSH keys persistence. - properties: - configRef: - description: |- - ConfigRef is a reference to a resource containing the keys. - The reference is optional to allow users/operators to specify - Bootstrap.DataSecretName without the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - dataSecretName: - description: DataSecretName is the name of the secret - that stores ssh keys. - type: string - type: object - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - x-kubernetes-validations: - - message: KubevirtClusterTemplate is immutable - rule: self == oldSelf - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-kubevirtmachines.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-kubevirtmachines.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index fcfdb8984..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-kubevirtmachines.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,4485 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - labels: - cluster.x-k8s.io/v1beta1: v1alpha1 - name: kubevirtmachines.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: KubevirtMachine - listKind: KubevirtMachineList - plural: kubevirtmachines - singular: kubevirtmachine - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Is machine ready - jsonPath: .status.ready - name: Ready - type: boolean - name: v1alpha1 - schema: - openAPIV3Schema: - description: KubevirtMachine is the Schema for the kubevirtmachines API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: KubevirtMachineSpec defines the desired state of KubevirtMachine. - properties: - infraClusterSecretRef: - description: |- - InfraClusterSecretRef is a reference to a secret with a kubeconfig for external cluster used for infra. - When nil, this defaults to the value present in the KubevirtCluster object's spec associated with this machine. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - providerID: - description: ProviderID TBD what to use for Kubevirt - type: string - virtualMachineBootstrapCheck: - description: BootstrapCheckSpec defines how the CAPK controller is - checking CAPI Sentinel file inside the VM. - properties: - checkStrategy: - default: ssh - description: |- - CheckStrategy describes how CAPK controller will validate a successful CAPI bootstrap. - Following specified method, CAPK will try to retrieve the state of the CAPI Sentinel file from the VM. - Possible values are: "none" or "ssh" (default is "ssh") and this value is validated by apiserver. - enum: - - none - - ssh - type: string - type: object - virtualMachineTemplate: - description: VirtualMachineTemplateSpec defines the desired state - of the kubevirt VM. - properties: - metadata: - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - spec: - description: VirtualMachineSpec contains the VirtualMachine specification. - properties: - dataVolumeTemplates: - description: |- - dataVolumeTemplates is a list of dataVolumes that the VirtualMachineInstance template can reference. - DataVolumes in this list are dynamically created for the VirtualMachine and are tied to the VirtualMachine's life-cycle. - items: - nullable: true - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - spec: - description: DataVolumeSpec contains the DataVolume - specification. - properties: - checkpoints: - description: Checkpoints is a list of DataVolumeCheckpoints, - representing stages in a multistage import. - items: - description: DataVolumeCheckpoint defines a stage - in a warm migration. - properties: - current: - description: Current is the identifier of - the snapshot created for this checkpoint. - type: string - previous: - description: Previous is the identifier of - the snapshot from the previous checkpoint. - type: string - required: - - current - - previous - type: object - type: array - contentType: - description: 'DataVolumeContentType options: "kubevirt", - "archive"' - enum: - - kubevirt - - archive - type: string - finalCheckpoint: - description: FinalCheckpoint indicates whether the - current DataVolumeCheckpoint is the final checkpoint. - type: boolean - preallocation: - description: Preallocation controls whether storage - for DataVolumes should be allocated in advance. - type: boolean - priorityClassName: - description: PriorityClassName for Importer, Cloner - and Uploader pod - type: string - pvc: - description: PVC is the PVC specification - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over - volumes to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeAttributesClassName: - description: |- - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. - If specified, the CSI driver will create or update the volume with the attributes defined - in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, - it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass - will be applied to the claim but it's not allowed to reset this field to empty string once it is set. - If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller if it exists. - If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be - set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource - exists. - More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - source: - description: Source is the src of the data for the - requested DataVolume - properties: - blank: - description: DataVolumeBlankImage provides the - parameters to create a new raw blank image - for the PVC - type: object - gcs: - description: DataVolumeSourceGCS provides the - parameters to create a Data Volume from an - GCS source - properties: - secretRef: - description: SecretRef provides the secret - reference needed to access the GCS source - type: string - url: - description: URL is the url of the GCS source - type: string - required: - - url - type: object - http: - description: DataVolumeSourceHTTP can be either - an http or https endpoint, with an optional - basic auth user name and password, and an - optional configmap containing additional CAs - properties: - certConfigMap: - description: CertConfigMap is a configmap - reference, containing a Certificate Authority(CA) - public key, and a base64 encoded pem certificate - type: string - extraHeaders: - description: ExtraHeaders is a list of strings - containing extra headers to include with - HTTP transfer requests - items: - type: string - type: array - secretExtraHeaders: - description: SecretExtraHeaders is a list - of Secret references, each containing - an extra HTTP header that may include - sensitive information - items: - type: string - type: array - secretRef: - description: SecretRef A Secret reference, - the secret should contain accessKeyId - (user name) base64 encoded, and secretKey - (password) also base64 encoded - type: string - url: - description: URL is the URL of the http(s) - endpoint - type: string - required: - - url - type: object - imageio: - description: DataVolumeSourceImageIO provides - the parameters to create a Data Volume from - an imageio source - properties: - certConfigMap: - description: CertConfigMap provides a reference - to the CA cert - type: string - diskId: - description: DiskID provides id of a disk - to be imported - type: string - secretRef: - description: SecretRef provides the secret - reference needed to access the ovirt-engine - type: string - url: - description: URL is the URL of the ovirt-engine - type: string - required: - - diskId - - url - type: object - pvc: - description: DataVolumeSourcePVC provides the - parameters to create a Data Volume from an - existing PVC - properties: - name: - description: The name of the source PVC - type: string - namespace: - description: The namespace of the source - PVC - type: string - required: - - name - - namespace - type: object - registry: - description: DataVolumeSourceRegistry provides - the parameters to create a Data Volume from - an registry source - properties: - certConfigMap: - description: CertConfigMap provides a reference - to the Registry certs - type: string - imageStream: - description: ImageStream is the name of - image stream for import - type: string - pullMethod: - description: PullMethod can be either "pod" - (default import), or "node" (node docker - cache based import) - type: string - secretRef: - description: SecretRef provides the secret - reference needed to access the Registry - source - type: string - url: - description: 'URL is the url of the registry - source (starting with the scheme: docker, - oci-archive)' - type: string - type: object - s3: - description: DataVolumeSourceS3 provides the - parameters to create a Data Volume from an - S3 source - properties: - certConfigMap: - description: CertConfigMap is a configmap - reference, containing a Certificate Authority(CA) - public key, and a base64 encoded pem certificate - type: string - secretRef: - description: SecretRef provides the secret - reference needed to access the S3 source - type: string - url: - description: URL is the url of the S3 source - type: string - required: - - url - type: object - snapshot: - description: DataVolumeSourceSnapshot provides - the parameters to create a Data Volume from - an existing VolumeSnapshot - properties: - name: - description: The name of the source VolumeSnapshot - type: string - namespace: - description: The namespace of the source - VolumeSnapshot - type: string - required: - - name - - namespace - type: object - upload: - description: DataVolumeSourceUpload provides - the parameters to create a Data Volume by - uploading the source - type: object - vddk: - description: DataVolumeSourceVDDK provides the - parameters to create a Data Volume from a - Vmware source - properties: - backingFile: - description: BackingFile is the path to - the virtual hard disk to migrate from - vCenter/ESXi - type: string - initImageURL: - description: InitImageURL is an optional - URL to an image containing an extracted - VDDK library, overrides v2v-vmware config - map - type: string - secretRef: - description: SecretRef provides a reference - to a secret containing the username and - password needed to access the vCenter - or ESXi host - type: string - thumbprint: - description: Thumbprint is the certificate - thumbprint of the vCenter or ESXi host - type: string - url: - description: URL is the URL of the vCenter - or ESXi host with the VM to migrate - type: string - uuid: - description: UUID is the UUID of the virtual - machine that the backing file is attached - to in vCenter/ESXi - type: string - type: object - type: object - sourceRef: - description: SourceRef is an indirect reference - to the source of data for the requested DataVolume - properties: - kind: - description: The kind of the source reference, - currently only "DataSource" is supported - type: string - name: - description: The name of the source reference - type: string - namespace: - description: The namespace of the source reference, - defaults to the DataVolume namespace - type: string - required: - - kind - - name - type: object - storage: - description: Storage is the requested storage specification - properties: - accessModes: - description: |- - AccessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - dataSource: - description: |- - This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. - This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. - There are two important differences between DataSource and DataSourceRef: - * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. - * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - Resources represents the minimum resources the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: A label query over volumes to consider - for binding. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - Name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: VolumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - type: object - status: - description: |- - DataVolumeTemplateDummyStatus is here simply for backwards compatibility with - a previous API. - nullable: true - type: object - required: - - spec - type: object - type: array - instancetype: - description: InstancetypeMatcher references a instancetype - that is used to fill fields in Template - properties: - inferFromVolume: - description: |- - InferFromVolume lists the name of a volume that should be used to infer or discover the instancetype - to be used through known annotations on the underlying resource. Once applied to the InstancetypeMatcher - this field is removed. - type: string - inferFromVolumeFailurePolicy: - description: |- - InferFromVolumeFailurePolicy controls what should happen on failure when inferring the instancetype. - Allowed values are: "RejectInferFromVolumeFailure" and "IgnoreInferFromVolumeFailure". - If not specified, "RejectInferFromVolumeFailure" is used by default. - type: string - kind: - description: |- - Kind specifies which instancetype resource is referenced. - Allowed values are: "VirtualMachineInstancetype" and "VirtualMachineClusterInstancetype". - If not specified, "VirtualMachineClusterInstancetype" is used by default. - type: string - name: - description: Name is the name of the VirtualMachineInstancetype - or VirtualMachineClusterInstancetype - type: string - revisionName: - description: |- - RevisionName specifies a ControllerRevision containing a specific copy of the - VirtualMachineInstancetype or VirtualMachineClusterInstancetype to be used. This is initially - captured the first time the instancetype is applied to the VirtualMachineInstance. - type: string - type: object - preference: - description: PreferenceMatcher references a set of preference - that is used to fill fields in Template - properties: - inferFromVolume: - description: |- - InferFromVolume lists the name of a volume that should be used to infer or discover the preference - to be used through known annotations on the underlying resource. Once applied to the PreferenceMatcher - this field is removed. - type: string - inferFromVolumeFailurePolicy: - description: |- - InferFromVolumeFailurePolicy controls what should happen on failure when preference the instancetype. - Allowed values are: "RejectInferFromVolumeFailure" and "IgnoreInferFromVolumeFailure". - If not specified, "RejectInferFromVolumeFailure" is used by default. - type: string - kind: - description: |- - Kind specifies which preference resource is referenced. - Allowed values are: "VirtualMachinePreference" and "VirtualMachineClusterPreference". - If not specified, "VirtualMachineClusterPreference" is used by default. - type: string - name: - description: Name is the name of the VirtualMachinePreference - or VirtualMachineClusterPreference - type: string - revisionName: - description: |- - RevisionName specifies a ControllerRevision containing a specific copy of the - VirtualMachinePreference or VirtualMachineClusterPreference to be used. This is - initially captured the first time the instancetype is applied to the VirtualMachineInstance. - type: string - type: object - runStrategy: - description: |- - Running state indicates the requested running state of the VirtualMachineInstance - mutually exclusive with Running - type: string - running: - description: |- - Running controls whether the associatied VirtualMachineInstance is created or not - Mutually exclusive with RunStrategy - type: boolean - template: - description: Template is the direct specification of VirtualMachineInstance - properties: - metadata: - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - spec: - description: VirtualMachineInstance Spec contains the - VirtualMachineInstance specification. - properties: - accessCredentials: - description: Specifies a set of public keys to inject - into the vm guest - items: - description: |- - AccessCredential represents a credential source that can be used to - authorize remote access to the vm guest - Only one of its members may be specified. - properties: - sshPublicKey: - description: |- - SSHPublicKey represents the source and method of applying a ssh public - key into a guest virtual machine. - properties: - propagationMethod: - description: PropagationMethod represents - how the public key is injected into the - vm guest. - properties: - configDrive: - description: |- - ConfigDrivePropagation means that the ssh public keys are injected - into the VM using metadata using the configDrive cloud-init provider - type: object - noCloud: - description: |- - NoCloudPropagation means that the ssh public keys are injected - into the VM using metadata using the noCloud cloud-init provider - type: object - qemuGuestAgent: - description: |- - QemuGuestAgentAccessCredentailPropagation means ssh public keys are - dynamically injected into the vm at runtime via the qemu guest agent. - This feature requires the qemu guest agent to be running within the guest. - properties: - users: - description: |- - Users represents a list of guest users that should have the ssh public keys - added to their authorized_keys file. - items: - type: string - type: array - x-kubernetes-list-type: set - required: - - users - type: object - type: object - source: - description: Source represents where the - public keys are pulled from - properties: - secret: - description: Secret means that the access - credential is pulled from a kubernetes - secret - properties: - secretName: - description: SecretName represents - the name of the secret in the - VMI's namespace - type: string - required: - - secretName - type: object - type: object - required: - - propagationMethod - - source - type: object - userPassword: - description: |- - UserPassword represents the source and method for applying a guest user's - password - properties: - propagationMethod: - description: propagationMethod represents - how the user passwords are injected into - the vm guest. - properties: - qemuGuestAgent: - description: |- - QemuGuestAgentAccessCredentailPropagation means passwords are - dynamically injected into the vm at runtime via the qemu guest agent. - This feature requires the qemu guest agent to be running within the guest. - type: object - type: object - source: - description: Source represents where the - user passwords are pulled from - properties: - secret: - description: Secret means that the access - credential is pulled from a kubernetes - secret - properties: - secretName: - description: SecretName represents - the name of the secret in the - VMI's namespace - type: string - required: - - secretName - type: object - type: object - required: - - propagationMethod - - source - type: object - type: object - type: array - x-kubernetes-list-type: atomic - affinity: - description: If affinity is specifies, obey all the - affinity rules - properties: - nodeAffinity: - description: Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with - matching the corresponding nodeSelectorTerm, - in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node - selector terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector - requirements by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector - requirements by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key - that the selector applies - to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling - rules (e.g. co-locate this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same - node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added - per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity - term, associated with the corresponding - weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - architecture: - description: Specifies the architecture of the vm - guest you are attempting to run. Defaults to the - compiled architecture of the KubeVirt components - type: string - dnsConfig: - description: |- - Specifies the DNS parameters of a pod. - Parameters specified here will be merged to the generated DNS - configuration based on DNSPolicy. - properties: - nameservers: - description: |- - A list of DNS name server IP addresses. - This will be appended to the base nameservers generated from DNSPolicy. - Duplicated nameservers will be removed. - items: - type: string - type: array - x-kubernetes-list-type: atomic - options: - description: |- - A list of DNS resolver options. - This will be merged with the base options generated from DNSPolicy. - Duplicated entries will be removed. Resolution options given in Options - will override those that appear in the base DNSPolicy. - items: - description: PodDNSConfigOption defines DNS - resolver options of a pod. - properties: - name: - description: Required. - type: string - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - searches: - description: |- - A list of DNS search domains for host-name lookup. - This will be appended to the base search paths generated from DNSPolicy. - Duplicated search paths will be removed. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - dnsPolicy: - description: |- - Set DNS policy for the pod. - Defaults to "ClusterFirst". - Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. - DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. - To have DNS options set along with hostNetwork, you have to specify DNS policy - explicitly to 'ClusterFirstWithHostNet'. - type: string - domain: - description: Specification of the desired behavior - of the VirtualMachineInstance on the host. - properties: - chassis: - description: Chassis specifies the chassis info - passed to the domain. - properties: - asset: - type: string - manufacturer: - type: string - serial: - type: string - sku: - type: string - version: - type: string - type: object - clock: - description: Clock sets the clock and timers of - the vmi. - properties: - timer: - description: Timer specifies whih timers are - attached to the vmi. - properties: - hpet: - description: HPET (High Precision Event - Timer) - multiple timers with periodic - interrupts. - properties: - present: - description: |- - Enabled set to false makes sure that the machine type or a preset can't add the timer. - Defaults to true. - type: boolean - tickPolicy: - description: |- - TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest. - One of "delay", "catchup", "merge", "discard". - type: string - type: object - hyperv: - description: Hyperv (Hypervclock) - lets - guests read the host’s wall clock time - (paravirtualized). For windows guests. - properties: - present: - description: |- - Enabled set to false makes sure that the machine type or a preset can't add the timer. - Defaults to true. - type: boolean - type: object - kvm: - description: "KVM \t(KVM clock) - lets - guests read the host’s wall clock time - (paravirtualized). For linux guests." - properties: - present: - description: |- - Enabled set to false makes sure that the machine type or a preset can't add the timer. - Defaults to true. - type: boolean - type: object - pit: - description: PIT (Programmable Interval - Timer) - a timer with periodic interrupts. - properties: - present: - description: |- - Enabled set to false makes sure that the machine type or a preset can't add the timer. - Defaults to true. - type: boolean - tickPolicy: - description: |- - TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest. - One of "delay", "catchup", "discard". - type: string - type: object - rtc: - description: RTC (Real Time Clock) - a - continuously running timer with periodic - interrupts. - properties: - present: - description: |- - Enabled set to false makes sure that the machine type or a preset can't add the timer. - Defaults to true. - type: boolean - tickPolicy: - description: |- - TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest. - One of "delay", "catchup". - type: string - track: - description: Track the guest or the - wall clock. - type: string - type: object - type: object - timezone: - description: |- - Timezone sets the guest clock to the specified timezone. - Zone name follows the TZ environment variable format (e.g. 'America/New_York'). - type: string - utc: - description: |- - UTC sets the guest clock to UTC on each boot. If an offset is specified, - guest changes to the clock will be kept during reboots and are not reset. - properties: - offsetSeconds: - description: |- - OffsetSeconds specifies an offset in seconds, relative to UTC. If set, - guest changes to the clock will be kept during reboots and not reset. - type: integer - type: object - type: object - x-kubernetes-preserve-unknown-fields: true - cpu: - description: CPU allow specified the detailed - CPU topology inside the vmi. - properties: - cores: - description: |- - Cores specifies the number of cores inside the vmi. - Must be a value greater or equal 1. - format: int32 - type: integer - dedicatedCpuPlacement: - description: |- - DedicatedCPUPlacement requests the scheduler to place the VirtualMachineInstance on a node - with enough dedicated pCPUs and pin the vCPUs to it. - type: boolean - features: - description: Features specifies the CPU features - list inside the VMI. - items: - description: CPUFeature allows specifying - a CPU feature. - properties: - name: - description: Name of the CPU feature - type: string - policy: - description: |- - Policy is the CPU feature attribute which can have the following attributes: - force - The virtual CPU will claim the feature is supported regardless of it being supported by host CPU. - require - Guest creation will fail unless the feature is supported by the host CPU or the hypervisor is able to emulate it. - optional - The feature will be supported by virtual CPU if and only if it is supported by host CPU. - disable - The feature will not be supported by virtual CPU. - forbid - Guest creation will fail if the feature is supported by host CPU. - Defaults to require - type: string - required: - - name - type: object - type: array - isolateEmulatorThread: - description: |- - IsolateEmulatorThread requests one more dedicated pCPU to be allocated for the VMI to place - the emulator thread on it. - type: boolean - maxSockets: - description: |- - MaxSockets specifies the maximum amount of sockets that can - be hotplugged - format: int32 - type: integer - model: - description: |- - Model specifies the CPU model inside the VMI. - List of available models https://github.com/libvirt/libvirt/tree/master/src/cpu_map. - It is possible to specify special cases like "host-passthrough" to get the same CPU as the node - and "host-model" to get CPU closest to the node one. - Defaults to host-model. - type: string - numa: - description: NUMA allows specifying settings - for the guest NUMA topology - properties: - guestMappingPassthrough: - description: |- - GuestMappingPassthrough will create an efficient guest topology based on host CPUs exclusively assigned to a pod. - The created topology ensures that memory and CPUs on the virtual numa nodes never cross boundaries of host numa nodes. - type: object - type: object - realtime: - description: Realtime instructs the virt-launcher - to tune the VMI for lower latency, optional - for real time workloads - properties: - mask: - description: |- - Mask defines the vcpu mask expression that defines which vcpus are used for realtime. Format matches libvirt's expressions. - Example: "0-3,^1","0,2,3","2-3" - type: string - type: object - sockets: - description: |- - Sockets specifies the number of sockets inside the vmi. - Must be a value greater or equal 1. - format: int32 - type: integer - threads: - description: |- - Threads specifies the number of threads inside the vmi. - Must be a value greater or equal 1. - format: int32 - type: integer - type: object - devices: - description: Devices allows adding disks, network - interfaces, and others - properties: - autoattachGraphicsDevice: - description: |- - Whether to attach the default graphics device or not. - VNC will not be available if set to false. Defaults to true. - type: boolean - autoattachInputDevice: - description: |- - Whether to attach an Input Device. - Defaults to false. - type: boolean - autoattachMemBalloon: - description: |- - Whether to attach the Memory balloon device with default period. - Period can be adjusted in virt-config. - Defaults to true. - type: boolean - autoattachPodInterface: - description: Whether to attach a pod network - interface. Defaults to true. - type: boolean - autoattachSerialConsole: - description: |- - Whether to attach the default virtio-serial console or not. - Serial console access will not be available if set to false. Defaults to true. - type: boolean - autoattachVSOCK: - description: |- - Whether to attach the VSOCK CID to the VM or not. - VSOCK access will be available if set to true. Defaults to false. - type: boolean - blockMultiQueue: - description: |- - Whether or not to enable virtio multi-queue for block devices. - Defaults to false. - type: boolean - clientPassthrough: - description: To configure and access client - devices such as redirecting USB - type: object - disableHotplug: - description: DisableHotplug disabled the ability - to hotplug disks. - type: boolean - disks: - description: Disks describes disks, cdroms - and luns which are connected to the vmi. - items: - properties: - blockSize: - description: If specified, the virtual - disk will be presented with the given - block sizes. - properties: - custom: - description: CustomBlockSize represents - the desired logical and physical - block size for a VM disk. - properties: - logical: - type: integer - physical: - type: integer - required: - - logical - - physical - type: object - matchVolume: - description: Represents if a feature - is enabled or disabled. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - type: object - bootOrder: - description: |- - BootOrder is an integer value > 0, used to determine ordering of boot devices. - Lower values take precedence. - Each disk or interface that has a boot order must have a unique value. - Disks without a boot order are not tried if a disk with a boot order exists. - type: integer - cache: - description: |- - Cache specifies which kvm disk cache mode should be used. - Supported values are: CacheNone, CacheWriteThrough. - type: string - cdrom: - description: Attach a volume as a cdrom - to the vmi. - properties: - bus: - description: |- - Bus indicates the type of disk device to emulate. - supported values: virtio, sata, scsi. - type: string - readonly: - description: |- - ReadOnly. - Defaults to true. - type: boolean - tray: - description: |- - Tray indicates if the tray of the device is open or closed. - Allowed values are "open" and "closed". - Defaults to closed. - type: string - type: object - dedicatedIOThread: - description: |- - dedicatedIOThread indicates this disk should have an exclusive IO Thread. - Enabling this implies useIOThreads = true. - Defaults to false. - type: boolean - disk: - description: Attach a volume as a disk - to the vmi. - properties: - bus: - description: |- - Bus indicates the type of disk device to emulate. - supported values: virtio, sata, scsi, usb. - type: string - pciAddress: - description: 'If specified, the - virtual disk will be placed on - the guests pci address with the - specified PCI address. For example: - 0000:81:01.10' - type: string - readonly: - description: |- - ReadOnly. - Defaults to false. - type: boolean - type: object - errorPolicy: - description: If specified, it can change - the default error policy (stop) for - the disk - type: string - io: - description: |- - IO specifies which QEMU disk IO mode should be used. - Supported values are: native, default, threads. - type: string - lun: - description: Attach a volume as a LUN - to the vmi. - properties: - bus: - description: |- - Bus indicates the type of disk device to emulate. - supported values: virtio, sata, scsi. - type: string - readonly: - description: |- - ReadOnly. - Defaults to false. - type: boolean - reservation: - description: Reservation indicates - if the disk needs to support the - persistent reservation for the - SCSI disk - type: boolean - type: object - name: - description: Name is the device name - type: string - serial: - description: Serial provides the ability - to specify a serial number for the - disk device. - type: string - shareable: - description: If specified the disk is - made sharable and multiple write from - different VMs are permitted - type: boolean - tag: - description: If specified, disk address - and its tag will be provided to the - guest via config drive metadata - type: string - required: - - name - type: object - type: array - downwardMetrics: - description: DownwardMetrics creates a virtio - serials for exposing the downward metrics - to the vmi. - type: object - filesystems: - description: Filesystems describes filesystem - which is connected to the vmi. - items: - properties: - name: - description: Name is the device name - type: string - virtiofs: - description: Virtiofs is supported - type: object - required: - - name - - virtiofs - type: object - type: array - x-kubernetes-list-type: atomic - gpus: - description: Whether to attach a GPU device - to the vmi. - items: - properties: - deviceName: - type: string - name: - description: Name of the GPU device - as exposed by a device plugin - type: string - tag: - description: If specified, the virtual - network interface address and its - tag will be provided to the guest - via config drive - type: string - virtualGPUOptions: - properties: - display: - properties: - enabled: - description: |- - Enabled determines if a display addapter backed by a vGPU should be enabled or disabled on the guest. - Defaults to true. - type: boolean - ramFB: - description: |- - Enables a boot framebuffer, until the guest OS loads a real GPU driver - Defaults to true. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - type: object - type: object - required: - - deviceName - - name - type: object - type: array - x-kubernetes-list-type: atomic - hostDevices: - description: Whether to attach a host device - to the vmi. - items: - properties: - deviceName: - description: DeviceName is the resource - name of the host device exposed by - a device plugin - type: string - name: - type: string - tag: - description: If specified, the virtual - network interface address and its - tag will be provided to the guest - via config drive - type: string - required: - - deviceName - - name - type: object - type: array - x-kubernetes-list-type: atomic - inputs: - description: Inputs describe input devices - items: - properties: - bus: - description: |- - Bus indicates the bus of input device to emulate. - Supported values: virtio, usb. - type: string - name: - description: Name is the device name - type: string - type: - description: |- - Type indicated the type of input device. - Supported values: tablet. - type: string - required: - - name - - type - type: object - type: array - interfaces: - description: Interfaces describe network interfaces - which are added to the vmi. - items: - properties: - acpiIndex: - description: |- - If specified, the ACPI index is used to provide network interface device naming, that is stable across changes - in PCI addresses assigned to the device. - This value is required to be unique across all devices and be between 1 and (16*1024-1). - type: integer - binding: - description: |- - Binding specifies the binding plugin that will be used to connect the interface to the guest. - It provides an alternative to InterfaceBindingMethod. - version: 1alphav1 - properties: - name: - description: |- - Name references to the binding name as denined in the kubevirt CR. - version: 1alphav1 - type: string - required: - - name - type: object - bootOrder: - description: |- - BootOrder is an integer value > 0, used to determine ordering of boot devices. - Lower values take precedence. - Each interface or disk that has a boot order must have a unique value. - Interfaces without a boot order are not tried. - type: integer - bridge: - description: InterfaceBridge connects - to a given network via a linux bridge. - type: object - dhcpOptions: - description: If specified the network - interface will pass additional DHCP - options to the VMI - properties: - bootFileName: - description: If specified will pass - option 67 to interface's DHCP - server - type: string - ntpServers: - description: If specified will pass - the configured NTP server to the - VM via DHCP option 042. - items: - type: string - type: array - privateOptions: - description: 'If specified will - pass extra DHCP options for private - use, range: 224-254' - items: - description: DHCPExtraOptions - defines Extra DHCP options for - a VM. - properties: - option: - description: |- - Option is an Integer value from 224-254 - Required. - type: integer - value: - description: |- - Value is a String value for the Option provided - Required. - type: string - required: - - option - - value - type: object - type: array - tftpServerName: - description: If specified will pass - option 66 to interface's DHCP - server - type: string - type: object - macAddress: - description: 'Interface MAC address. - For example: de:ad:00:00:be:af or - DE-AD-00-00-BE-AF.' - type: string - macvtap: - description: Deprecated, please refer - to Kubevirt user guide for alternatives. - type: object - masquerade: - description: InterfaceMasquerade connects - to a given network using netfilter - rules to nat the traffic. - type: object - model: - description: |- - Interface model. - One of: e1000, e1000e, ne2k_pci, pcnet, rtl8139, virtio. - Defaults to virtio. - TODO:(ihar) switch to enums once opengen-api supports them. See: https://github.com/kubernetes/kube-openapi/issues/51 - type: string - name: - description: |- - Logical name of the interface as well as a reference to the associated networks. - Must match the Name of a Network. - type: string - passt: - description: Deprecated, please refer - to Kubevirt user guide for alternatives. - type: object - pciAddress: - description: 'If specified, the virtual - network interface will be placed on - the guests pci address with the specified - PCI address. For example: 0000:81:01.10' - type: string - ports: - description: List of ports to be forwarded - to the virtual machine. - items: - description: |- - Port represents a port to expose from the virtual machine. - Default protocol TCP. - The port field is mandatory - properties: - name: - description: |- - If specified, this must be an IANA_SVC_NAME and unique within the pod. Each - named port in a pod must have a unique name. Name for the port that can be - referred to by services. - type: string - port: - description: |- - Number of port to expose for the virtual machine. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - protocol: - description: |- - Protocol for port. Must be UDP or TCP. - Defaults to "TCP". - type: string - required: - - port - type: object - type: array - slirp: - description: InterfaceSlirp connects - to a given network using QEMU user - networking mode. - type: object - sriov: - description: InterfaceSRIOV connects - to a given network by passing-through - an SR-IOV PCI device via vfio. - type: object - state: - description: |- - State represents the requested operational state of the interface. - The (only) value supported is `absent`, expressing a request to remove the interface. - type: string - tag: - description: If specified, the virtual - network interface address and its - tag will be provided to the guest - via config drive - type: string - required: - - name - type: object - type: array - logSerialConsole: - description: |- - Whether to log the auto-attached default serial console or not. - Serial console logs will be collect to a file and then streamed from a named `guest-console-log`. - Not relevant if autoattachSerialConsole is disabled. - Defaults to cluster wide setting on VirtualMachineOptions. - type: boolean - networkInterfaceMultiqueue: - description: If specified, virtual network - interfaces configured with a virtio bus - will also enable the vhost multiqueue feature - for network devices. The number of queues - created depends on additional factors of - the VirtualMachineInstance, like the number - of guest CPUs. - type: boolean - rng: - description: Whether to have random number - generator from host - type: object - sound: - description: Whether to emulate a sound device. - properties: - model: - description: |- - We only support ich9 or ac97. - If SoundDevice is not set: No sound card is emulated. - If SoundDevice is set but Model is not: ich9 - type: string - name: - description: User's defined name for this - sound device - type: string - required: - - name - type: object - tpm: - description: Whether to emulate a TPM device. - properties: - persistent: - description: |- - Persistent indicates the state of the TPM device should be kept accross reboots - Defaults to false - type: boolean - type: object - useVirtioTransitional: - description: |- - Fall back to legacy virtio 0.9 support if virtio bus is selected on devices. - This is helpful for old machines like CentOS6 or RHEL6 which - do not understand virtio_non_transitional (virtio 1.0). - type: boolean - watchdog: - description: Watchdog describes a watchdog - device which can be added to the vmi. - properties: - i6300esb: - description: i6300esb watchdog device. - properties: - action: - description: |- - The action to take. Valid values are poweroff, reset, shutdown. - Defaults to reset. - type: string - type: object - name: - description: Name of the watchdog. - type: string - required: - - name - type: object - type: object - features: - description: Features like acpi, apic, hyperv, - smm. - properties: - acpi: - description: |- - ACPI enables/disables ACPI inside the guest. - Defaults to enabled. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - apic: - description: Defaults to the machine type - setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - endOfInterrupt: - description: |- - EndOfInterrupt enables the end of interrupt notification in the guest. - Defaults to false. - type: boolean - type: object - hyperv: - description: Defaults to the machine type - setting. - properties: - evmcs: - description: |- - EVMCS Speeds up L2 vmexits, but disables other virtualization features. Requires vapic. - Defaults to the machine type setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - frequencies: - description: |- - Frequencies improves the TSC clock source handling for Hyper-V on KVM. - Defaults to the machine type setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - ipi: - description: |- - IPI improves performances in overcommited environments. Requires vpindex. - Defaults to the machine type setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - reenlightenment: - description: |- - Reenlightenment enables the notifications on TSC frequency changes. - Defaults to the machine type setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - relaxed: - description: |- - Relaxed instructs the guest OS to disable watchdog timeouts. - Defaults to the machine type setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - reset: - description: |- - Reset enables Hyperv reboot/reset for the vmi. Requires synic. - Defaults to the machine type setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - runtime: - description: |- - Runtime improves the time accounting to improve scheduling in the guest. - Defaults to the machine type setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - spinlocks: - description: Spinlocks allows to configure - the spinlock retry attempts. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - spinlocks: - description: |- - Retries indicates the number of retries. - Must be a value greater or equal 4096. - Defaults to 4096. - format: int32 - type: integer - type: object - synic: - description: |- - SyNIC enables the Synthetic Interrupt Controller. - Defaults to the machine type setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - synictimer: - description: |- - SyNICTimer enables Synthetic Interrupt Controller Timers, reducing CPU load. - Defaults to the machine type setting. - properties: - direct: - description: Represents if a feature - is enabled or disabled. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - enabled: - type: boolean - type: object - tlbflush: - description: |- - TLBFlush improves performances in overcommited environments. Requires vpindex. - Defaults to the machine type setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - vapic: - description: |- - VAPIC improves the paravirtualized handling of interrupts. - Defaults to the machine type setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - vendorid: - description: |- - VendorID allows setting the hypervisor vendor id. - Defaults to the machine type setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - vendorid: - description: |- - VendorID sets the hypervisor vendor id, visible to the vmi. - String up to twelve characters. - type: string - type: object - vpindex: - description: |- - VPIndex enables the Virtual Processor Index to help windows identifying virtual processors. - Defaults to the machine type setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - type: object - kvm: - description: Configure how KVM presence is - exposed to the guest. - properties: - hidden: - description: |- - Hide the KVM hypervisor from standard MSR based discovery. - Defaults to false - type: boolean - type: object - pvspinlock: - description: |- - Notify the guest that the host supports paravirtual spinlocks. - For older kernels this feature should be explicitly disabled. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - smm: - description: |- - SMM enables/disables System Management Mode. - TSEG not yet implemented. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - type: object - firmware: - description: Firmware. - properties: - acpi: - description: Information that can be set in - the ACPI table - properties: - slicNameRef: - description: |- - SlicNameRef should match the volume name of a secret object. The data in the secret should - be a binary blob that follows the ACPI SLIC standard, see: - https://learn.microsoft.com/en-us/previous-versions/windows/hardware/design/dn653305(v=vs.85) - type: string - type: object - bootloader: - description: Settings to control the bootloader - that is used. - properties: - bios: - description: If set (default), BIOS will - be used. - properties: - useSerial: - description: If set, the BIOS output - will be transmitted over serial - type: boolean - type: object - efi: - description: If set, EFI will be used - instead of BIOS. - properties: - persistent: - description: |- - If set to true, Persistent will persist the EFI NVRAM across reboots. - Defaults to false - type: boolean - secureBoot: - description: |- - If set, SecureBoot will be enabled and the OVMF roms will be swapped for - SecureBoot-enabled ones. - Requires SMM to be enabled. - Defaults to true - type: boolean - type: object - type: object - kernelBoot: - description: Settings to set the kernel for - booting. - properties: - container: - description: Container defines the container - that containes kernel artifacts - properties: - image: - description: Image that contains initrd - / kernel files. - type: string - imagePullPolicy: - description: |- - Image pull policy. - One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - type: string - imagePullSecret: - description: ImagePullSecret is the - name of the Docker registry secret - required to pull the image. The - secret must already exist. - type: string - initrdPath: - description: the fully-qualified path - to the ramdisk image in the host - OS - type: string - kernelPath: - description: The fully-qualified path - to the kernel image in the host - OS - type: string - required: - - image - type: object - kernelArgs: - description: Arguments to be passed to - the kernel at boot time - type: string - type: object - serial: - description: The system-serial-number in SMBIOS - type: string - uuid: - description: |- - UUID reported by the vmi bios. - Defaults to a random generated uid. - type: string - type: object - ioThreadsPolicy: - description: |- - Controls whether or not disks will share IOThreads. - Omitting IOThreadsPolicy disables use of IOThreads. - One of: shared, auto - type: string - launchSecurity: - description: Launch Security setting of the vmi. - properties: - sev: - description: AMD Secure Encrypted Virtualization - (SEV). - properties: - attestation: - description: If specified, run the attestation - process for a vmi. - type: object - dhCert: - description: Base64 encoded guest owner's - Diffie-Hellman key. - type: string - policy: - description: |- - Guest policy flags as defined in AMD SEV API specification. - Note: due to security reasons it is not allowed to enable guest debugging. Therefore NoDebug flag is not exposed to users and is always true. - properties: - encryptedState: - description: |- - SEV-ES is required. - Defaults to false. - type: boolean - type: object - session: - description: Base64 encoded session blob. - type: string - type: object - type: object - machine: - description: Machine type. - properties: - type: - description: QEMU machine type is the actual - chipset of the VirtualMachineInstance. - type: string - type: object - memory: - description: Memory allow specifying the VMI memory - features. - properties: - guest: - anyOf: - - type: integer - - type: string - description: |- - Guest allows to specifying the amount of memory which is visible inside the Guest OS. - The Guest must lie between Requests and Limits from the resources section. - Defaults to the requested memory in the resources section if not specified. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - hugepages: - description: Hugepages allow to use hugepages - for the VirtualMachineInstance instead of - regular memory. - properties: - pageSize: - description: PageSize specifies the hugepage - size, for x86_64 architecture valid - values are 1Gi and 2Mi. - type: string - type: object - maxGuest: - anyOf: - - type: integer - - type: string - description: |- - MaxGuest allows to specify the maximum amount of memory which is visible inside the Guest OS. - The delta between MaxGuest and Guest is the amount of memory that can be hot(un)plugged. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - resources: - description: Resources describes the Compute Resources - required by this vmi. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - Valid resource keys are "memory" and "cpu". - type: object - overcommitGuestOverhead: - description: |- - Don't ask the scheduler to take the guest-management overhead into account. Instead - put the overhead only into the container's memory limit. This can lead to crashes if - all memory is in use on a node. Defaults to false. - type: boolean - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests is a description of the initial vmi resources. - Valid resource keys are "memory" and "cpu". - type: object - type: object - required: - - devices - type: object - evictionStrategy: - description: |- - EvictionStrategy describes the strategy to follow when a node drain occurs. - The possible options are: - - "None": No action will be taken, according to the specified 'RunStrategy' the VirtualMachine will be restarted or shutdown. - - "LiveMigrate": the VirtualMachineInstance will be migrated instead of being shutdown. - - "LiveMigrateIfPossible": the same as "LiveMigrate" but only if the VirtualMachine is Live-Migratable, otherwise it will behave as "None". - - "External": the VirtualMachineInstance will be protected by a PDB and `vmi.Status.EvacuationNodeName` will be set on eviction. This is mainly useful for cluster-api-provider-kubevirt (capk) which needs a way for VMI's to be blocked from eviction, yet signal capk that eviction has been called on the VMI so the capk controller can handle tearing the VMI down. Details can be found in the commit description https://github.com/kubevirt/kubevirt/commit/c1d77face705c8b126696bac9a3ee3825f27f1fa. - type: string - hostname: - description: |- - Specifies the hostname of the vmi - If not specified, the hostname will be set to the name of the vmi, if dhcp or cloud-init is configured properly. - type: string - livenessProbe: - description: |- - Periodic probe of VirtualMachineInstance liveness. - VirtualmachineInstances will be stopped if the probe fails. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - exec: - description: |- - One and only one of the following should be specified. - Exec specifies the action to take, it will be executed on the guest through the qemu-guest-agent. - If the guest agent is not available, this probe will fail. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - guestAgentPing: - description: GuestAgentPing contacts the qemu-guest-agent - for availability checks. - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the VirtualMachineInstance has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: |- - TCPSocket specifies an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle hook - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - For exec probes the timeout fails the probe but does not terminate the command running on the guest. - This means a blocking command can result in an increasing load on the guest. - A small buffer will be added to the resulting workload exec probe to compensate for delays - caused by the qemu guest exec mechanism. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - networks: - description: List of networks that can be attached - to a vm's virtual interface. - items: - description: Network represents a network type and - a resource that should be connected to the vm. - properties: - multus: - description: Represents the multus cni network. - properties: - default: - description: |- - Select the default network and add it to the - multus-cni.io/default-network annotation. - type: boolean - networkName: - description: |- - References to a NetworkAttachmentDefinition CRD object. Format: - , /. If namespace is not - specified, VMI namespace is assumed. - type: string - required: - - networkName - type: object - name: - description: |- - Network name. - Must be a DNS_LABEL and unique within the vm. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - pod: - description: Represents the stock pod network - interface. - properties: - vmIPv6NetworkCIDR: - description: |- - IPv6 CIDR for the vm network. - Defaults to fd10:0:2::/120 if not specified. - type: string - vmNetworkCIDR: - description: |- - CIDR for vm network. - Default 10.0.2.0/24 if not specified. - type: string - type: object - required: - - name - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the vmi to fit on a node. - Selector which must match a node's labels for the vmi to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - priorityClassName: - description: |- - If specified, indicates the pod's priority. - If not specified, the pod priority will be default or zero if there is no - default. - type: string - readinessProbe: - description: |- - Periodic probe of VirtualMachineInstance service readiness. - VirtualmachineInstances will be removed from service endpoints if the probe fails. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - exec: - description: |- - One and only one of the following should be specified. - Exec specifies the action to take, it will be executed on the guest through the qemu-guest-agent. - If the guest agent is not available, this probe will fail. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - guestAgentPing: - description: GuestAgentPing contacts the qemu-guest-agent - for availability checks. - type: object - httpGet: - description: HTTPGet specifies the http request - to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the - request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom - header to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the VirtualMachineInstance has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: |- - TCPSocket specifies an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle hook - properties: - host: - description: 'Optional: Host name to connect - to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - For exec probes the timeout fails the probe but does not terminate the command running on the guest. - This means a blocking command can result in an increasing load on the guest. - A small buffer will be added to the resulting workload exec probe to compensate for delays - caused by the qemu guest exec mechanism. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - schedulerName: - description: |- - If specified, the VMI will be dispatched by specified scheduler. - If not specified, the VMI will be dispatched by default scheduler. - type: string - startStrategy: - description: StartStrategy can be set to "Paused" - if Virtual Machine should be started in paused state. - type: string - subdomain: - description: |- - If specified, the fully qualified vmi hostname will be "...svc.". - If not specified, the vmi will not have a domainname at all. The DNS entry will resolve to the vmi, - no matter if the vmi itself can pick up a hostname. - type: string - terminationGracePeriodSeconds: - description: Grace period observed after signalling - a VirtualMachineInstance to stop after which the - VirtualMachineInstance is force terminated. - format: int64 - type: integer - tolerations: - description: If toleration is specified, obey all - the toleration rules. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: |- - TopologySpreadConstraints describes how a group of VMIs will be spread across a given topology - domains. K8s scheduler will schedule VMI pods in a way which abides by the constraints. - items: - description: TopologySpreadConstraint specifies - how to spread matching pods among the given topology. - properties: - labelSelector: - description: |- - LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine the number of pods - in their corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select the pods over which - spreading will be calculated. The keys are used to lookup values from the - incoming pod labels, those key-value labels are ANDed with labelSelector - to select the group of existing pods over which spreading will be calculated - for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - MatchLabelKeys cannot be set when LabelSelector isn't set. - Keys that don't exist in the incoming pod labels will - be ignored. A null or empty list means only match against labelSelector. - - - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: |- - MaxSkew describes the degree to which pods may be unevenly distributed. - When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - between the number of matching pods in the target topology and the global minimum. - The global minimum is the minimum number of matching pods in an eligible domain - or zero if the number of eligible domains is less than MinDomains. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 2/2/1: - In this case, the global minimum is 1. - | zone1 | zone2 | zone3 | - | P P | P P | P | - - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - to topologies that satisfy it. - It's a required field. Default value is 1 and 0 is not allowed. - format: int32 - type: integer - minDomains: - description: |- - MinDomains indicates a minimum number of eligible domains. - When the number of eligible domains with matching topology keys is less than minDomains, - Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - And when the number of eligible domains with matching topology keys equals or greater than minDomains, - this value has no effect on scheduling. - As a result, when the number of eligible domains is less than minDomains, - scheduler won't schedule more than maxSkew Pods to those domains. - If value is nil, the constraint behaves as if MinDomains is equal to 1. - Valid values are integers greater than 0. - When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - - - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - labelSelector spread as 2/2/2: - | zone1 | zone2 | zone3 | - | P P | P P | P P | - The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - In this situation, new pod with the same labelSelector cannot be scheduled, - because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - it will violate MaxSkew. - format: int32 - type: integer - nodeAffinityPolicy: - description: |- - NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread skew. Options are: - - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - - - If this value is nil, the behavior is equivalent to the Honor policy. - This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - type: string - nodeTaintsPolicy: - description: |- - NodeTaintsPolicy indicates how we will treat node taints when calculating - pod topology spread skew. Options are: - - Honor: nodes without taints, along with tainted nodes for which the incoming pod - has a toleration, are included. - - Ignore: node taints are ignored. All nodes are included. - - - If this value is nil, the behavior is equivalent to the Ignore policy. - This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - type: string - topologyKey: - description: |- - TopologyKey is the key of node labels. Nodes that have a label with this key - and identical values are considered to be in the same topology. - We consider each as a "bucket", and try to put balanced number - of pods into each bucket. - We define a domain as a particular instance of a topology. - Also, we define an eligible domain as a domain whose nodes meet the requirements of - nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - It's a required field. - type: string - whenUnsatisfiable: - description: |- - WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - the spread constraint. - - DoNotSchedule (default) tells the scheduler not to schedule it. - - ScheduleAnyway tells the scheduler to schedule the pod in any location, - but giving higher precedence to topologies that would help reduce the - skew. - A constraint is considered "Unsatisfiable" for an incoming pod - if and only if every possible node assignment for that pod would violate - "MaxSkew" on some topology. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 3/1/1: - | zone1 | zone2 | zone3 | - | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - won't make it *more* imbalanced. - It's a required field. - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - description: List of volumes that can be mounted by - disks belonging to the vmi. - items: - description: Volume represents a named volume in - a vmi. - properties: - cloudInitConfigDrive: - description: |- - CloudInitConfigDrive represents a cloud-init Config Drive user-data source. - The Config Drive data will be added as a disk to the vmi. A proper cloud-init installation is required inside the guest. - More info: https://cloudinit.readthedocs.io/en/latest/topics/datasources/configdrive.html - properties: - networkData: - description: NetworkData contains config - drive inline cloud-init networkdata. - type: string - networkDataBase64: - description: NetworkDataBase64 contains - config drive cloud-init networkdata as - a base64 encoded string. - type: string - networkDataSecretRef: - description: NetworkDataSecretRef references - a k8s secret that contains config drive - networkdata. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - secretRef: - description: UserDataSecretRef references - a k8s secret that contains config drive - userdata. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - userData: - description: UserData contains config drive - inline cloud-init userdata. - type: string - userDataBase64: - description: UserDataBase64 contains config - drive cloud-init userdata as a base64 - encoded string. - type: string - type: object - cloudInitNoCloud: - description: |- - CloudInitNoCloud represents a cloud-init NoCloud user-data source. - The NoCloud data will be added as a disk to the vmi. A proper cloud-init installation is required inside the guest. - More info: http://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html - properties: - networkData: - description: NetworkData contains NoCloud - inline cloud-init networkdata. - type: string - networkDataBase64: - description: NetworkDataBase64 contains - NoCloud cloud-init networkdata as a base64 - encoded string. - type: string - networkDataSecretRef: - description: NetworkDataSecretRef references - a k8s secret that contains NoCloud networkdata. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - secretRef: - description: UserDataSecretRef references - a k8s secret that contains NoCloud userdata. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - userData: - description: UserData contains NoCloud inline - cloud-init userdata. - type: string - userDataBase64: - description: UserDataBase64 contains NoCloud - cloud-init userdata as a base64 encoded - string. - type: string - type: object - configMap: - description: |- - ConfigMapSource represents a reference to a ConfigMap in the same namespace. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/ - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the ConfigMap - or it's keys must be defined - type: boolean - volumeLabel: - description: |- - The volume label of the resulting disk inside the VMI. - Different bootstrapping mechanisms require different values. - Typical values are "cidata" (cloud-init), "config-2" (cloud-init) or "OEMDRV" (kickstart). - type: string - type: object - x-kubernetes-map-type: atomic - containerDisk: - description: |- - ContainerDisk references a docker image, embedding a qcow or raw disk. - More info: https://kubevirt.gitbooks.io/user-guide/registry-disk.html - properties: - image: - description: Image is the name of the image - with the embedded disk. - type: string - imagePullPolicy: - description: |- - Image pull policy. - One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - type: string - imagePullSecret: - description: ImagePullSecret is the name - of the Docker registry secret required - to pull the image. The secret must already - exist. - type: string - path: - description: Path defines the path to disk - file in the container - type: string - required: - - image - type: object - dataVolume: - description: |- - DataVolume represents the dynamic creation a PVC for this volume as well as - the process of populating that PVC with a disk image. - properties: - hotpluggable: - description: Hotpluggable indicates whether - the volume can be hotplugged and hotunplugged. - type: boolean - name: - description: |- - Name of both the DataVolume and the PVC in the same namespace. - After PVC population the DataVolume is garbage collected by default. - type: string - required: - - name - type: object - downwardAPI: - description: DownwardAPI represents downward - API about the pod that should populate this - volume - properties: - fields: - description: Fields is a list of downward - API volume file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: Selects a - field of the pod: only annotations, - labels, name, namespace and uid - are supported.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field - to select in the specified API - version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: |- - Optional: mode bits used to set permissions on this file, must be an octal value - between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: 'Required: Path is the - relative path name of the file to - be created. Must not be absolute - or contain the ''..'' path. Must - be utf-8 encoded. The first item - of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - properties: - containerName: - description: 'Container name: - required for volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - volumeLabel: - description: |- - The volume label of the resulting disk inside the VMI. - Different bootstrapping mechanisms require different values. - Typical values are "cidata" (cloud-init), "config-2" (cloud-init) or "OEMDRV" (kickstart). - type: string - type: object - downwardMetrics: - description: |- - DownwardMetrics adds a very small disk to VMIs which contains a limited view of host and guest - metrics. The disk content is compatible with vhostmd (https://github.com/vhostmd/vhostmd) and vm-dump-metrics. - type: object - emptyDisk: - description: |- - EmptyDisk represents a temporary disk which shares the vmis lifecycle. - More info: https://kubevirt.gitbooks.io/user-guide/disks-and-volumes.html - properties: - capacity: - anyOf: - - type: integer - - type: string - description: Capacity of the sparse disk. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - required: - - capacity - type: object - ephemeral: - description: Ephemeral is a special volume source - that "wraps" specified source and provides - copy-on-write image on top of it. - properties: - persistentVolumeClaim: - description: |- - PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. - Directly attached to the vmi via qemu. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - claimName: - description: |- - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - type: string - readOnly: - description: |- - readOnly Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - type: object - hostDisk: - description: HostDisk represents a disk created - on the cluster level - properties: - capacity: - anyOf: - - type: integer - - type: string - description: Capacity of the sparse disk - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - path: - description: The path to HostDisk image - located on the cluster - type: string - shared: - description: Shared indicate whether the - path is shared between nodes - type: boolean - type: - description: |- - Contains information if disk.img exists or should be created - allowed options are 'Disk' and 'DiskOrCreate' - type: string - required: - - path - - type - type: object - memoryDump: - description: MemoryDump is attached to the virt - launcher and is populated with a memory dump - of the vmi - properties: - claimName: - description: |- - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - type: string - hotpluggable: - description: Hotpluggable indicates whether - the volume can be hotplugged and hotunplugged. - type: boolean - readOnly: - description: |- - readOnly Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - name: - description: |- - Volume's name. - Must be a DNS_LABEL and unique within the vmi. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - persistentVolumeClaim: - description: |- - PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. - Directly attached to the vmi via qemu. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - claimName: - description: |- - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - type: string - hotpluggable: - description: Hotpluggable indicates whether - the volume can be hotplugged and hotunplugged. - type: boolean - readOnly: - description: |- - readOnly Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - secret: - description: |- - SecretVolumeSource represents a reference to a secret data in the same namespace. - More info: https://kubernetes.io/docs/concepts/configuration/secret/ - properties: - optional: - description: Specify whether the Secret - or it's keys must be defined - type: boolean - secretName: - description: |- - Name of the secret in the pod's namespace to use. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - type: string - volumeLabel: - description: |- - The volume label of the resulting disk inside the VMI. - Different bootstrapping mechanisms require different values. - Typical values are "cidata" (cloud-init), "config-2" (cloud-init) or "OEMDRV" (kickstart). - type: string - type: object - serviceAccount: - description: |- - ServiceAccountVolumeSource represents a reference to a service account. - There can only be one volume of this type! - More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - properties: - serviceAccountName: - description: |- - Name of the service account in the pod's namespace to use. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - type: string - type: object - sysprep: - description: Represents a Sysprep volume source. - properties: - configMap: - description: ConfigMap references a ConfigMap - that contains Sysprep answer file named - autounattend.xml that should be attached - as disk of CDROM type. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret references a k8s Secret - that contains Sysprep answer file named - autounattend.xml that should be attached - as disk of CDROM type. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - required: - - domain - type: object - type: object - required: - - template - type: object - type: object - type: object - status: - description: KubevirtMachineStatus defines the observed state of KubevirtMachine. - properties: - addresses: - description: Addresses contains the associated addresses for the machine. - items: - description: MachineAddress contains information for the node's - address. - properties: - address: - description: The machine address. - type: string - type: - description: Machine address type, one of Hostname, ExternalIP, - InternalIP, ExternalDNS or InternalDNS. - type: string - required: - - address - - type - type: object - type: array - conditions: - description: Conditions defines current service state of the KubevirtMachine. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - description: |- - FailureMessage will be set in the event that there is a terminal problem - reconciling the Machine and will contain a more verbose string suitable - for logging and human consumption. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - failureReason: - description: |- - FailureReason will be set in the event that there is a terminal problem - reconciling the Machine and will contain a succinct value suitable - for machine interpretation. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - loadBalancerConfigured: - description: |- - LoadBalancerConfigured denotes that the machine has been - added to the load balancer - type: boolean - nodeupdated: - description: NodeUpdated denotes that the ProviderID is updated on - Node of this KubevirtMachine - type: boolean - ready: - default: false - description: Ready denotes that the machine is ready - type: boolean - required: - - ready - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-kubevirtmachinetemplates.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-kubevirtmachinetemplates.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index dca23bc1a..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-kubevirtmachinetemplates.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,4521 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - labels: - cluster.x-k8s.io/v1beta1: v1alpha1 - name: kubevirtmachinetemplates.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: KubevirtMachineTemplate - listKind: KubevirtMachineTemplateList - plural: kubevirtmachinetemplates - singular: kubevirtmachinetemplate - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: KubevirtMachineTemplate is the Schema for the kubevirtmachinetemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: KubevirtMachineTemplateSpec defines the desired state of - KubevirtMachineTemplate. - properties: - template: - description: KubevirtMachineTemplateResource describes the data needed - to create a KubevirtMachine from a template. - properties: - spec: - description: Spec is the specification of the desired behavior - of the machine. - properties: - infraClusterSecretRef: - description: |- - InfraClusterSecretRef is a reference to a secret with a kubeconfig for external cluster used for infra. - When nil, this defaults to the value present in the KubevirtCluster object's spec associated with this machine. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - providerID: - description: ProviderID TBD what to use for Kubevirt - type: string - virtualMachineBootstrapCheck: - description: BootstrapCheckSpec defines how the CAPK controller - is checking CAPI Sentinel file inside the VM. - properties: - checkStrategy: - default: ssh - description: |- - CheckStrategy describes how CAPK controller will validate a successful CAPI bootstrap. - Following specified method, CAPK will try to retrieve the state of the CAPI Sentinel file from the VM. - Possible values are: "none" or "ssh" (default is "ssh") and this value is validated by apiserver. - enum: - - none - - ssh - type: string - type: object - virtualMachineTemplate: - description: VirtualMachineTemplateSpec defines the desired - state of the kubevirt VM. - properties: - metadata: - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - spec: - description: VirtualMachineSpec contains the VirtualMachine - specification. - properties: - dataVolumeTemplates: - description: |- - dataVolumeTemplates is a list of dataVolumes that the VirtualMachineInstance template can reference. - DataVolumes in this list are dynamically created for the VirtualMachine and are tied to the VirtualMachine's life-cycle. - items: - nullable: true - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - spec: - description: DataVolumeSpec contains the DataVolume - specification. - properties: - checkpoints: - description: Checkpoints is a list of DataVolumeCheckpoints, - representing stages in a multistage import. - items: - description: DataVolumeCheckpoint defines - a stage in a warm migration. - properties: - current: - description: Current is the identifier - of the snapshot created for this - checkpoint. - type: string - previous: - description: Previous is the identifier - of the snapshot from the previous - checkpoint. - type: string - required: - - current - - previous - type: object - type: array - contentType: - description: 'DataVolumeContentType options: - "kubevirt", "archive"' - enum: - - kubevirt - - archive - type: string - finalCheckpoint: - description: FinalCheckpoint indicates whether - the current DataVolumeCheckpoint is the - final checkpoint. - type: boolean - preallocation: - description: Preallocation controls whether - storage for DataVolumes should be allocated - in advance. - type: boolean - priorityClassName: - description: PriorityClassName for Importer, - Cloner and Uploader pod - type: string - pvc: - description: PVC is the PVC specification - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - x-kubernetes-list-type: atomic - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query - over volumes to consider for binding. - properties: - matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeAttributesClassName: - description: |- - volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. - If specified, the CSI driver will create or update the volume with the attributes defined - in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, - it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass - will be applied to the claim but it's not allowed to reset this field to empty string once it is set. - If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass - will be set by the persistentvolume controller if it exists. - If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be - set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource - exists. - More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding - reference to the PersistentVolume - backing this claim. - type: string - type: object - source: - description: Source is the src of the data - for the requested DataVolume - properties: - blank: - description: DataVolumeBlankImage provides - the parameters to create a new raw - blank image for the PVC - type: object - gcs: - description: DataVolumeSourceGCS provides - the parameters to create a Data Volume - from an GCS source - properties: - secretRef: - description: SecretRef provides - the secret reference needed to - access the GCS source - type: string - url: - description: URL is the url of the - GCS source - type: string - required: - - url - type: object - http: - description: DataVolumeSourceHTTP can - be either an http or https endpoint, - with an optional basic auth user name - and password, and an optional configmap - containing additional CAs - properties: - certConfigMap: - description: CertConfigMap is a - configmap reference, containing - a Certificate Authority(CA) public - key, and a base64 encoded pem - certificate - type: string - extraHeaders: - description: ExtraHeaders is a list - of strings containing extra headers - to include with HTTP transfer - requests - items: - type: string - type: array - secretExtraHeaders: - description: SecretExtraHeaders - is a list of Secret references, - each containing an extra HTTP - header that may include sensitive - information - items: - type: string - type: array - secretRef: - description: SecretRef A Secret - reference, the secret should contain - accessKeyId (user name) base64 - encoded, and secretKey (password) - also base64 encoded - type: string - url: - description: URL is the URL of the - http(s) endpoint - type: string - required: - - url - type: object - imageio: - description: DataVolumeSourceImageIO - provides the parameters to create - a Data Volume from an imageio source - properties: - certConfigMap: - description: CertConfigMap provides - a reference to the CA cert - type: string - diskId: - description: DiskID provides id - of a disk to be imported - type: string - secretRef: - description: SecretRef provides - the secret reference needed to - access the ovirt-engine - type: string - url: - description: URL is the URL of the - ovirt-engine - type: string - required: - - diskId - - url - type: object - pvc: - description: DataVolumeSourcePVC provides - the parameters to create a Data Volume - from an existing PVC - properties: - name: - description: The name of the source - PVC - type: string - namespace: - description: The namespace of the - source PVC - type: string - required: - - name - - namespace - type: object - registry: - description: DataVolumeSourceRegistry - provides the parameters to create - a Data Volume from an registry source - properties: - certConfigMap: - description: CertConfigMap provides - a reference to the Registry certs - type: string - imageStream: - description: ImageStream is the - name of image stream for import - type: string - pullMethod: - description: PullMethod can be either - "pod" (default import), or "node" - (node docker cache based import) - type: string - secretRef: - description: SecretRef provides - the secret reference needed to - access the Registry source - type: string - url: - description: 'URL is the url of - the registry source (starting - with the scheme: docker, oci-archive)' - type: string - type: object - s3: - description: DataVolumeSourceS3 provides - the parameters to create a Data Volume - from an S3 source - properties: - certConfigMap: - description: CertConfigMap is a - configmap reference, containing - a Certificate Authority(CA) public - key, and a base64 encoded pem - certificate - type: string - secretRef: - description: SecretRef provides - the secret reference needed to - access the S3 source - type: string - url: - description: URL is the url of the - S3 source - type: string - required: - - url - type: object - snapshot: - description: DataVolumeSourceSnapshot - provides the parameters to create - a Data Volume from an existing VolumeSnapshot - properties: - name: - description: The name of the source - VolumeSnapshot - type: string - namespace: - description: The namespace of the - source VolumeSnapshot - type: string - required: - - name - - namespace - type: object - upload: - description: DataVolumeSourceUpload - provides the parameters to create - a Data Volume by uploading the source - type: object - vddk: - description: DataVolumeSourceVDDK provides - the parameters to create a Data Volume - from a Vmware source - properties: - backingFile: - description: BackingFile is the - path to the virtual hard disk - to migrate from vCenter/ESXi - type: string - initImageURL: - description: InitImageURL is an - optional URL to an image containing - an extracted VDDK library, overrides - v2v-vmware config map - type: string - secretRef: - description: SecretRef provides - a reference to a secret containing - the username and password needed - to access the vCenter or ESXi - host - type: string - thumbprint: - description: Thumbprint is the certificate - thumbprint of the vCenter or ESXi - host - type: string - url: - description: URL is the URL of the - vCenter or ESXi host with the - VM to migrate - type: string - uuid: - description: UUID is the UUID of - the virtual machine that the backing - file is attached to in vCenter/ESXi - type: string - type: object - type: object - sourceRef: - description: SourceRef is an indirect reference - to the source of data for the requested - DataVolume - properties: - kind: - description: The kind of the source - reference, currently only "DataSource" - is supported - type: string - name: - description: The name of the source - reference - type: string - namespace: - description: The namespace of the source - reference, defaults to the DataVolume - namespace - type: string - required: - - kind - - name - type: object - storage: - description: Storage is the requested storage - specification - properties: - accessModes: - description: |- - AccessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - dataSource: - description: |- - This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. - If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. - This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. - There are two important differences between DataSource and DataSourceRef: - * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. - * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - Resources represents the minimum resources the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: A label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - Name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: VolumeName is the binding - reference to the PersistentVolume - backing this claim. - type: string - type: object - type: object - status: - description: |- - DataVolumeTemplateDummyStatus is here simply for backwards compatibility with - a previous API. - nullable: true - type: object - required: - - spec - type: object - type: array - instancetype: - description: InstancetypeMatcher references a instancetype - that is used to fill fields in Template - properties: - inferFromVolume: - description: |- - InferFromVolume lists the name of a volume that should be used to infer or discover the instancetype - to be used through known annotations on the underlying resource. Once applied to the InstancetypeMatcher - this field is removed. - type: string - inferFromVolumeFailurePolicy: - description: |- - InferFromVolumeFailurePolicy controls what should happen on failure when inferring the instancetype. - Allowed values are: "RejectInferFromVolumeFailure" and "IgnoreInferFromVolumeFailure". - If not specified, "RejectInferFromVolumeFailure" is used by default. - type: string - kind: - description: |- - Kind specifies which instancetype resource is referenced. - Allowed values are: "VirtualMachineInstancetype" and "VirtualMachineClusterInstancetype". - If not specified, "VirtualMachineClusterInstancetype" is used by default. - type: string - name: - description: Name is the name of the VirtualMachineInstancetype - or VirtualMachineClusterInstancetype - type: string - revisionName: - description: |- - RevisionName specifies a ControllerRevision containing a specific copy of the - VirtualMachineInstancetype or VirtualMachineClusterInstancetype to be used. This is initially - captured the first time the instancetype is applied to the VirtualMachineInstance. - type: string - type: object - preference: - description: PreferenceMatcher references a set of - preference that is used to fill fields in Template - properties: - inferFromVolume: - description: |- - InferFromVolume lists the name of a volume that should be used to infer or discover the preference - to be used through known annotations on the underlying resource. Once applied to the PreferenceMatcher - this field is removed. - type: string - inferFromVolumeFailurePolicy: - description: |- - InferFromVolumeFailurePolicy controls what should happen on failure when preference the instancetype. - Allowed values are: "RejectInferFromVolumeFailure" and "IgnoreInferFromVolumeFailure". - If not specified, "RejectInferFromVolumeFailure" is used by default. - type: string - kind: - description: |- - Kind specifies which preference resource is referenced. - Allowed values are: "VirtualMachinePreference" and "VirtualMachineClusterPreference". - If not specified, "VirtualMachineClusterPreference" is used by default. - type: string - name: - description: Name is the name of the VirtualMachinePreference - or VirtualMachineClusterPreference - type: string - revisionName: - description: |- - RevisionName specifies a ControllerRevision containing a specific copy of the - VirtualMachinePreference or VirtualMachineClusterPreference to be used. This is - initially captured the first time the instancetype is applied to the VirtualMachineInstance. - type: string - type: object - runStrategy: - description: |- - Running state indicates the requested running state of the VirtualMachineInstance - mutually exclusive with Running - type: string - running: - description: |- - Running controls whether the associatied VirtualMachineInstance is created or not - Mutually exclusive with RunStrategy - type: boolean - template: - description: Template is the direct specification - of VirtualMachineInstance - properties: - metadata: - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - spec: - description: VirtualMachineInstance Spec contains - the VirtualMachineInstance specification. - properties: - accessCredentials: - description: Specifies a set of public keys - to inject into the vm guest - items: - description: |- - AccessCredential represents a credential source that can be used to - authorize remote access to the vm guest - Only one of its members may be specified. - properties: - sshPublicKey: - description: |- - SSHPublicKey represents the source and method of applying a ssh public - key into a guest virtual machine. - properties: - propagationMethod: - description: PropagationMethod represents - how the public key is injected - into the vm guest. - properties: - configDrive: - description: |- - ConfigDrivePropagation means that the ssh public keys are injected - into the VM using metadata using the configDrive cloud-init provider - type: object - noCloud: - description: |- - NoCloudPropagation means that the ssh public keys are injected - into the VM using metadata using the noCloud cloud-init provider - type: object - qemuGuestAgent: - description: |- - QemuGuestAgentAccessCredentailPropagation means ssh public keys are - dynamically injected into the vm at runtime via the qemu guest agent. - This feature requires the qemu guest agent to be running within the guest. - properties: - users: - description: |- - Users represents a list of guest users that should have the ssh public keys - added to their authorized_keys file. - items: - type: string - type: array - x-kubernetes-list-type: set - required: - - users - type: object - type: object - source: - description: Source represents where - the public keys are pulled from - properties: - secret: - description: Secret means that - the access credential is pulled - from a kubernetes secret - properties: - secretName: - description: SecretName - represents the name of - the secret in the VMI's - namespace - type: string - required: - - secretName - type: object - type: object - required: - - propagationMethod - - source - type: object - userPassword: - description: |- - UserPassword represents the source and method for applying a guest user's - password - properties: - propagationMethod: - description: propagationMethod represents - how the user passwords are injected - into the vm guest. - properties: - qemuGuestAgent: - description: |- - QemuGuestAgentAccessCredentailPropagation means passwords are - dynamically injected into the vm at runtime via the qemu guest agent. - This feature requires the qemu guest agent to be running within the guest. - type: object - type: object - source: - description: Source represents where - the user passwords are pulled - from - properties: - secret: - description: Secret means that - the access credential is pulled - from a kubernetes secret - properties: - secretName: - description: SecretName - represents the name of - the secret in the VMI's - namespace - type: string - required: - - secretName - type: object - type: object - required: - - propagationMethod - - source - type: object - type: object - type: array - x-kubernetes-list-type: atomic - affinity: - description: If affinity is specifies, obey - all the affinity rules - properties: - nodeAffinity: - description: Describes node affinity scheduling - rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector - term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of node - selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node - selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the range - 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list - of node selector terms. The - terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node - selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node - selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling - rules (e.g. co-locate this pod in the - same node, zone, etc. as some other - pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - architecture: - description: Specifies the architecture of - the vm guest you are attempting to run. - Defaults to the compiled architecture of - the KubeVirt components - type: string - dnsConfig: - description: |- - Specifies the DNS parameters of a pod. - Parameters specified here will be merged to the generated DNS - configuration based on DNSPolicy. - properties: - nameservers: - description: |- - A list of DNS name server IP addresses. - This will be appended to the base nameservers generated from DNSPolicy. - Duplicated nameservers will be removed. - items: - type: string - type: array - x-kubernetes-list-type: atomic - options: - description: |- - A list of DNS resolver options. - This will be merged with the base options generated from DNSPolicy. - Duplicated entries will be removed. Resolution options given in Options - will override those that appear in the base DNSPolicy. - items: - description: PodDNSConfigOption defines - DNS resolver options of a pod. - properties: - name: - description: Required. - type: string - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - searches: - description: |- - A list of DNS search domains for host-name lookup. - This will be appended to the base search paths generated from DNSPolicy. - Duplicated search paths will be removed. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - dnsPolicy: - description: |- - Set DNS policy for the pod. - Defaults to "ClusterFirst". - Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. - DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. - To have DNS options set along with hostNetwork, you have to specify DNS policy - explicitly to 'ClusterFirstWithHostNet'. - type: string - domain: - description: Specification of the desired - behavior of the VirtualMachineInstance on - the host. - properties: - chassis: - description: Chassis specifies the chassis - info passed to the domain. - properties: - asset: - type: string - manufacturer: - type: string - serial: - type: string - sku: - type: string - version: - type: string - type: object - clock: - description: Clock sets the clock and - timers of the vmi. - properties: - timer: - description: Timer specifies whih - timers are attached to the vmi. - properties: - hpet: - description: HPET (High Precision - Event Timer) - multiple timers - with periodic interrupts. - properties: - present: - description: |- - Enabled set to false makes sure that the machine type or a preset can't add the timer. - Defaults to true. - type: boolean - tickPolicy: - description: |- - TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest. - One of "delay", "catchup", "merge", "discard". - type: string - type: object - hyperv: - description: Hyperv (Hypervclock) - - lets guests read the host’s - wall clock time (paravirtualized). - For windows guests. - properties: - present: - description: |- - Enabled set to false makes sure that the machine type or a preset can't add the timer. - Defaults to true. - type: boolean - type: object - kvm: - description: "KVM \t(KVM clock) - - lets guests read the host’s - wall clock time (paravirtualized). - For linux guests." - properties: - present: - description: |- - Enabled set to false makes sure that the machine type or a preset can't add the timer. - Defaults to true. - type: boolean - type: object - pit: - description: PIT (Programmable - Interval Timer) - a timer with - periodic interrupts. - properties: - present: - description: |- - Enabled set to false makes sure that the machine type or a preset can't add the timer. - Defaults to true. - type: boolean - tickPolicy: - description: |- - TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest. - One of "delay", "catchup", "discard". - type: string - type: object - rtc: - description: RTC (Real Time Clock) - - a continuously running timer - with periodic interrupts. - properties: - present: - description: |- - Enabled set to false makes sure that the machine type or a preset can't add the timer. - Defaults to true. - type: boolean - tickPolicy: - description: |- - TickPolicy determines what happens when QEMU misses a deadline for injecting a tick to the guest. - One of "delay", "catchup". - type: string - track: - description: Track the guest - or the wall clock. - type: string - type: object - type: object - timezone: - description: |- - Timezone sets the guest clock to the specified timezone. - Zone name follows the TZ environment variable format (e.g. 'America/New_York'). - type: string - utc: - description: |- - UTC sets the guest clock to UTC on each boot. If an offset is specified, - guest changes to the clock will be kept during reboots and are not reset. - properties: - offsetSeconds: - description: |- - OffsetSeconds specifies an offset in seconds, relative to UTC. If set, - guest changes to the clock will be kept during reboots and not reset. - type: integer - type: object - type: object - x-kubernetes-preserve-unknown-fields: true - cpu: - description: CPU allow specified the detailed - CPU topology inside the vmi. - properties: - cores: - description: |- - Cores specifies the number of cores inside the vmi. - Must be a value greater or equal 1. - format: int32 - type: integer - dedicatedCpuPlacement: - description: |- - DedicatedCPUPlacement requests the scheduler to place the VirtualMachineInstance on a node - with enough dedicated pCPUs and pin the vCPUs to it. - type: boolean - features: - description: Features specifies the - CPU features list inside the VMI. - items: - description: CPUFeature allows specifying - a CPU feature. - properties: - name: - description: Name of the CPU - feature - type: string - policy: - description: |- - Policy is the CPU feature attribute which can have the following attributes: - force - The virtual CPU will claim the feature is supported regardless of it being supported by host CPU. - require - Guest creation will fail unless the feature is supported by the host CPU or the hypervisor is able to emulate it. - optional - The feature will be supported by virtual CPU if and only if it is supported by host CPU. - disable - The feature will not be supported by virtual CPU. - forbid - Guest creation will fail if the feature is supported by host CPU. - Defaults to require - type: string - required: - - name - type: object - type: array - isolateEmulatorThread: - description: |- - IsolateEmulatorThread requests one more dedicated pCPU to be allocated for the VMI to place - the emulator thread on it. - type: boolean - maxSockets: - description: |- - MaxSockets specifies the maximum amount of sockets that can - be hotplugged - format: int32 - type: integer - model: - description: |- - Model specifies the CPU model inside the VMI. - List of available models https://github.com/libvirt/libvirt/tree/master/src/cpu_map. - It is possible to specify special cases like "host-passthrough" to get the same CPU as the node - and "host-model" to get CPU closest to the node one. - Defaults to host-model. - type: string - numa: - description: NUMA allows specifying - settings for the guest NUMA topology - properties: - guestMappingPassthrough: - description: |- - GuestMappingPassthrough will create an efficient guest topology based on host CPUs exclusively assigned to a pod. - The created topology ensures that memory and CPUs on the virtual numa nodes never cross boundaries of host numa nodes. - type: object - type: object - realtime: - description: Realtime instructs the - virt-launcher to tune the VMI for - lower latency, optional for real - time workloads - properties: - mask: - description: |- - Mask defines the vcpu mask expression that defines which vcpus are used for realtime. Format matches libvirt's expressions. - Example: "0-3,^1","0,2,3","2-3" - type: string - type: object - sockets: - description: |- - Sockets specifies the number of sockets inside the vmi. - Must be a value greater or equal 1. - format: int32 - type: integer - threads: - description: |- - Threads specifies the number of threads inside the vmi. - Must be a value greater or equal 1. - format: int32 - type: integer - type: object - devices: - description: Devices allows adding disks, - network interfaces, and others - properties: - autoattachGraphicsDevice: - description: |- - Whether to attach the default graphics device or not. - VNC will not be available if set to false. Defaults to true. - type: boolean - autoattachInputDevice: - description: |- - Whether to attach an Input Device. - Defaults to false. - type: boolean - autoattachMemBalloon: - description: |- - Whether to attach the Memory balloon device with default period. - Period can be adjusted in virt-config. - Defaults to true. - type: boolean - autoattachPodInterface: - description: Whether to attach a pod - network interface. Defaults to true. - type: boolean - autoattachSerialConsole: - description: |- - Whether to attach the default virtio-serial console or not. - Serial console access will not be available if set to false. Defaults to true. - type: boolean - autoattachVSOCK: - description: |- - Whether to attach the VSOCK CID to the VM or not. - VSOCK access will be available if set to true. Defaults to false. - type: boolean - blockMultiQueue: - description: |- - Whether or not to enable virtio multi-queue for block devices. - Defaults to false. - type: boolean - clientPassthrough: - description: To configure and access - client devices such as redirecting - USB - type: object - disableHotplug: - description: DisableHotplug disabled - the ability to hotplug disks. - type: boolean - disks: - description: Disks describes disks, - cdroms and luns which are connected - to the vmi. - items: - properties: - blockSize: - description: If specified, the - virtual disk will be presented - with the given block sizes. - properties: - custom: - description: CustomBlockSize - represents the desired - logical and physical block - size for a VM disk. - properties: - logical: - type: integer - physical: - type: integer - required: - - logical - - physical - type: object - matchVolume: - description: Represents - if a feature is enabled - or disabled. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - type: object - bootOrder: - description: |- - BootOrder is an integer value > 0, used to determine ordering of boot devices. - Lower values take precedence. - Each disk or interface that has a boot order must have a unique value. - Disks without a boot order are not tried if a disk with a boot order exists. - type: integer - cache: - description: |- - Cache specifies which kvm disk cache mode should be used. - Supported values are: CacheNone, CacheWriteThrough. - type: string - cdrom: - description: Attach a volume - as a cdrom to the vmi. - properties: - bus: - description: |- - Bus indicates the type of disk device to emulate. - supported values: virtio, sata, scsi. - type: string - readonly: - description: |- - ReadOnly. - Defaults to true. - type: boolean - tray: - description: |- - Tray indicates if the tray of the device is open or closed. - Allowed values are "open" and "closed". - Defaults to closed. - type: string - type: object - dedicatedIOThread: - description: |- - dedicatedIOThread indicates this disk should have an exclusive IO Thread. - Enabling this implies useIOThreads = true. - Defaults to false. - type: boolean - disk: - description: Attach a volume - as a disk to the vmi. - properties: - bus: - description: |- - Bus indicates the type of disk device to emulate. - supported values: virtio, sata, scsi, usb. - type: string - pciAddress: - description: 'If specified, - the virtual disk will - be placed on the guests - pci address with the specified - PCI address. For example: - 0000:81:01.10' - type: string - readonly: - description: |- - ReadOnly. - Defaults to false. - type: boolean - type: object - errorPolicy: - description: If specified, it - can change the default error - policy (stop) for the disk - type: string - io: - description: |- - IO specifies which QEMU disk IO mode should be used. - Supported values are: native, default, threads. - type: string - lun: - description: Attach a volume - as a LUN to the vmi. - properties: - bus: - description: |- - Bus indicates the type of disk device to emulate. - supported values: virtio, sata, scsi. - type: string - readonly: - description: |- - ReadOnly. - Defaults to false. - type: boolean - reservation: - description: Reservation - indicates if the disk - needs to support the persistent - reservation for the SCSI - disk - type: boolean - type: object - name: - description: Name is the device - name - type: string - serial: - description: Serial provides - the ability to specify a serial - number for the disk device. - type: string - shareable: - description: If specified the - disk is made sharable and - multiple write from different - VMs are permitted - type: boolean - tag: - description: If specified, disk - address and its tag will be - provided to the guest via - config drive metadata - type: string - required: - - name - type: object - type: array - downwardMetrics: - description: DownwardMetrics creates - a virtio serials for exposing the - downward metrics to the vmi. - type: object - filesystems: - description: Filesystems describes - filesystem which is connected to - the vmi. - items: - properties: - name: - description: Name is the device - name - type: string - virtiofs: - description: Virtiofs is supported - type: object - required: - - name - - virtiofs - type: object - type: array - x-kubernetes-list-type: atomic - gpus: - description: Whether to attach a GPU - device to the vmi. - items: - properties: - deviceName: - type: string - name: - description: Name of the GPU - device as exposed by a device - plugin - type: string - tag: - description: If specified, the - virtual network interface - address and its tag will be - provided to the guest via - config drive - type: string - virtualGPUOptions: - properties: - display: - properties: - enabled: - description: |- - Enabled determines if a display addapter backed by a vGPU should be enabled or disabled on the guest. - Defaults to true. - type: boolean - ramFB: - description: |- - Enables a boot framebuffer, until the guest OS loads a real GPU driver - Defaults to true. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - type: object - type: object - required: - - deviceName - - name - type: object - type: array - x-kubernetes-list-type: atomic - hostDevices: - description: Whether to attach a host - device to the vmi. - items: - properties: - deviceName: - description: DeviceName is the - resource name of the host - device exposed by a device - plugin - type: string - name: - type: string - tag: - description: If specified, the - virtual network interface - address and its tag will be - provided to the guest via - config drive - type: string - required: - - deviceName - - name - type: object - type: array - x-kubernetes-list-type: atomic - inputs: - description: Inputs describe input - devices - items: - properties: - bus: - description: |- - Bus indicates the bus of input device to emulate. - Supported values: virtio, usb. - type: string - name: - description: Name is the device - name - type: string - type: - description: |- - Type indicated the type of input device. - Supported values: tablet. - type: string - required: - - name - - type - type: object - type: array - interfaces: - description: Interfaces describe network - interfaces which are added to the - vmi. - items: - properties: - acpiIndex: - description: |- - If specified, the ACPI index is used to provide network interface device naming, that is stable across changes - in PCI addresses assigned to the device. - This value is required to be unique across all devices and be between 1 and (16*1024-1). - type: integer - binding: - description: |- - Binding specifies the binding plugin that will be used to connect the interface to the guest. - It provides an alternative to InterfaceBindingMethod. - version: 1alphav1 - properties: - name: - description: |- - Name references to the binding name as denined in the kubevirt CR. - version: 1alphav1 - type: string - required: - - name - type: object - bootOrder: - description: |- - BootOrder is an integer value > 0, used to determine ordering of boot devices. - Lower values take precedence. - Each interface or disk that has a boot order must have a unique value. - Interfaces without a boot order are not tried. - type: integer - bridge: - description: InterfaceBridge - connects to a given network - via a linux bridge. - type: object - dhcpOptions: - description: If specified the - network interface will pass - additional DHCP options to - the VMI - properties: - bootFileName: - description: If specified - will pass option 67 to - interface's DHCP server - type: string - ntpServers: - description: If specified - will pass the configured - NTP server to the VM via - DHCP option 042. - items: - type: string - type: array - privateOptions: - description: 'If specified - will pass extra DHCP options - for private use, range: - 224-254' - items: - description: DHCPExtraOptions - defines Extra DHCP options - for a VM. - properties: - option: - description: |- - Option is an Integer value from 224-254 - Required. - type: integer - value: - description: |- - Value is a String value for the Option provided - Required. - type: string - required: - - option - - value - type: object - type: array - tftpServerName: - description: If specified - will pass option 66 to - interface's DHCP server - type: string - type: object - macAddress: - description: 'Interface MAC - address. For example: de:ad:00:00:be:af - or DE-AD-00-00-BE-AF.' - type: string - macvtap: - description: Deprecated, please - refer to Kubevirt user guide - for alternatives. - type: object - masquerade: - description: InterfaceMasquerade - connects to a given network - using netfilter rules to nat - the traffic. - type: object - model: - description: |- - Interface model. - One of: e1000, e1000e, ne2k_pci, pcnet, rtl8139, virtio. - Defaults to virtio. - TODO:(ihar) switch to enums once opengen-api supports them. See: https://github.com/kubernetes/kube-openapi/issues/51 - type: string - name: - description: |- - Logical name of the interface as well as a reference to the associated networks. - Must match the Name of a Network. - type: string - passt: - description: Deprecated, please - refer to Kubevirt user guide - for alternatives. - type: object - pciAddress: - description: 'If specified, - the virtual network interface - will be placed on the guests - pci address with the specified - PCI address. For example: - 0000:81:01.10' - type: string - ports: - description: List of ports to - be forwarded to the virtual - machine. - items: - description: |- - Port represents a port to expose from the virtual machine. - Default protocol TCP. - The port field is mandatory - properties: - name: - description: |- - If specified, this must be an IANA_SVC_NAME and unique within the pod. Each - named port in a pod must have a unique name. Name for the port that can be - referred to by services. - type: string - port: - description: |- - Number of port to expose for the virtual machine. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - protocol: - description: |- - Protocol for port. Must be UDP or TCP. - Defaults to "TCP". - type: string - required: - - port - type: object - type: array - slirp: - description: InterfaceSlirp - connects to a given network - using QEMU user networking - mode. - type: object - sriov: - description: InterfaceSRIOV - connects to a given network - by passing-through an SR-IOV - PCI device via vfio. - type: object - state: - description: |- - State represents the requested operational state of the interface. - The (only) value supported is `absent`, expressing a request to remove the interface. - type: string - tag: - description: If specified, the - virtual network interface - address and its tag will be - provided to the guest via - config drive - type: string - required: - - name - type: object - type: array - logSerialConsole: - description: |- - Whether to log the auto-attached default serial console or not. - Serial console logs will be collect to a file and then streamed from a named `guest-console-log`. - Not relevant if autoattachSerialConsole is disabled. - Defaults to cluster wide setting on VirtualMachineOptions. - type: boolean - networkInterfaceMultiqueue: - description: If specified, virtual - network interfaces configured with - a virtio bus will also enable the - vhost multiqueue feature for network - devices. The number of queues created - depends on additional factors of - the VirtualMachineInstance, like - the number of guest CPUs. - type: boolean - rng: - description: Whether to have random - number generator from host - type: object - sound: - description: Whether to emulate a - sound device. - properties: - model: - description: |- - We only support ich9 or ac97. - If SoundDevice is not set: No sound card is emulated. - If SoundDevice is set but Model is not: ich9 - type: string - name: - description: User's defined name - for this sound device - type: string - required: - - name - type: object - tpm: - description: Whether to emulate a - TPM device. - properties: - persistent: - description: |- - Persistent indicates the state of the TPM device should be kept accross reboots - Defaults to false - type: boolean - type: object - useVirtioTransitional: - description: |- - Fall back to legacy virtio 0.9 support if virtio bus is selected on devices. - This is helpful for old machines like CentOS6 or RHEL6 which - do not understand virtio_non_transitional (virtio 1.0). - type: boolean - watchdog: - description: Watchdog describes a - watchdog device which can be added - to the vmi. - properties: - i6300esb: - description: i6300esb watchdog - device. - properties: - action: - description: |- - The action to take. Valid values are poweroff, reset, shutdown. - Defaults to reset. - type: string - type: object - name: - description: Name of the watchdog. - type: string - required: - - name - type: object - type: object - features: - description: Features like acpi, apic, - hyperv, smm. - properties: - acpi: - description: |- - ACPI enables/disables ACPI inside the guest. - Defaults to enabled. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - apic: - description: Defaults to the machine - type setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - endOfInterrupt: - description: |- - EndOfInterrupt enables the end of interrupt notification in the guest. - Defaults to false. - type: boolean - type: object - hyperv: - description: Defaults to the machine - type setting. - properties: - evmcs: - description: |- - EVMCS Speeds up L2 vmexits, but disables other virtualization features. Requires vapic. - Defaults to the machine type setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - frequencies: - description: |- - Frequencies improves the TSC clock source handling for Hyper-V on KVM. - Defaults to the machine type setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - ipi: - description: |- - IPI improves performances in overcommited environments. Requires vpindex. - Defaults to the machine type setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - reenlightenment: - description: |- - Reenlightenment enables the notifications on TSC frequency changes. - Defaults to the machine type setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - relaxed: - description: |- - Relaxed instructs the guest OS to disable watchdog timeouts. - Defaults to the machine type setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - reset: - description: |- - Reset enables Hyperv reboot/reset for the vmi. Requires synic. - Defaults to the machine type setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - runtime: - description: |- - Runtime improves the time accounting to improve scheduling in the guest. - Defaults to the machine type setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - spinlocks: - description: Spinlocks allows - to configure the spinlock retry - attempts. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - spinlocks: - description: |- - Retries indicates the number of retries. - Must be a value greater or equal 4096. - Defaults to 4096. - format: int32 - type: integer - type: object - synic: - description: |- - SyNIC enables the Synthetic Interrupt Controller. - Defaults to the machine type setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - synictimer: - description: |- - SyNICTimer enables Synthetic Interrupt Controller Timers, reducing CPU load. - Defaults to the machine type setting. - properties: - direct: - description: Represents if - a feature is enabled or - disabled. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - enabled: - type: boolean - type: object - tlbflush: - description: |- - TLBFlush improves performances in overcommited environments. Requires vpindex. - Defaults to the machine type setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - vapic: - description: |- - VAPIC improves the paravirtualized handling of interrupts. - Defaults to the machine type setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - vendorid: - description: |- - VendorID allows setting the hypervisor vendor id. - Defaults to the machine type setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - vendorid: - description: |- - VendorID sets the hypervisor vendor id, visible to the vmi. - String up to twelve characters. - type: string - type: object - vpindex: - description: |- - VPIndex enables the Virtual Processor Index to help windows identifying virtual processors. - Defaults to the machine type setting. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - type: object - kvm: - description: Configure how KVM presence - is exposed to the guest. - properties: - hidden: - description: |- - Hide the KVM hypervisor from standard MSR based discovery. - Defaults to false - type: boolean - type: object - pvspinlock: - description: |- - Notify the guest that the host supports paravirtual spinlocks. - For older kernels this feature should be explicitly disabled. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - smm: - description: |- - SMM enables/disables System Management Mode. - TSEG not yet implemented. - properties: - enabled: - description: |- - Enabled determines if the feature should be enabled or disabled on the guest. - Defaults to true. - type: boolean - type: object - type: object - firmware: - description: Firmware. - properties: - acpi: - description: Information that can - be set in the ACPI table - properties: - slicNameRef: - description: |- - SlicNameRef should match the volume name of a secret object. The data in the secret should - be a binary blob that follows the ACPI SLIC standard, see: - https://learn.microsoft.com/en-us/previous-versions/windows/hardware/design/dn653305(v=vs.85) - type: string - type: object - bootloader: - description: Settings to control the - bootloader that is used. - properties: - bios: - description: If set (default), - BIOS will be used. - properties: - useSerial: - description: If set, the BIOS - output will be transmitted - over serial - type: boolean - type: object - efi: - description: If set, EFI will - be used instead of BIOS. - properties: - persistent: - description: |- - If set to true, Persistent will persist the EFI NVRAM across reboots. - Defaults to false - type: boolean - secureBoot: - description: |- - If set, SecureBoot will be enabled and the OVMF roms will be swapped for - SecureBoot-enabled ones. - Requires SMM to be enabled. - Defaults to true - type: boolean - type: object - type: object - kernelBoot: - description: Settings to set the kernel - for booting. - properties: - container: - description: Container defines - the container that containes - kernel artifacts - properties: - image: - description: Image that contains - initrd / kernel files. - type: string - imagePullPolicy: - description: |- - Image pull policy. - One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - type: string - imagePullSecret: - description: ImagePullSecret - is the name of the Docker - registry secret required - to pull the image. The secret - must already exist. - type: string - initrdPath: - description: the fully-qualified - path to the ramdisk image - in the host OS - type: string - kernelPath: - description: The fully-qualified - path to the kernel image - in the host OS - type: string - required: - - image - type: object - kernelArgs: - description: Arguments to be passed - to the kernel at boot time - type: string - type: object - serial: - description: The system-serial-number - in SMBIOS - type: string - uuid: - description: |- - UUID reported by the vmi bios. - Defaults to a random generated uid. - type: string - type: object - ioThreadsPolicy: - description: |- - Controls whether or not disks will share IOThreads. - Omitting IOThreadsPolicy disables use of IOThreads. - One of: shared, auto - type: string - launchSecurity: - description: Launch Security setting of - the vmi. - properties: - sev: - description: AMD Secure Encrypted - Virtualization (SEV). - properties: - attestation: - description: If specified, run - the attestation process for - a vmi. - type: object - dhCert: - description: Base64 encoded guest - owner's Diffie-Hellman key. - type: string - policy: - description: |- - Guest policy flags as defined in AMD SEV API specification. - Note: due to security reasons it is not allowed to enable guest debugging. Therefore NoDebug flag is not exposed to users and is always true. - properties: - encryptedState: - description: |- - SEV-ES is required. - Defaults to false. - type: boolean - type: object - session: - description: Base64 encoded session - blob. - type: string - type: object - type: object - machine: - description: Machine type. - properties: - type: - description: QEMU machine type is - the actual chipset of the VirtualMachineInstance. - type: string - type: object - memory: - description: Memory allow specifying the - VMI memory features. - properties: - guest: - anyOf: - - type: integer - - type: string - description: |- - Guest allows to specifying the amount of memory which is visible inside the Guest OS. - The Guest must lie between Requests and Limits from the resources section. - Defaults to the requested memory in the resources section if not specified. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - hugepages: - description: Hugepages allow to use - hugepages for the VirtualMachineInstance - instead of regular memory. - properties: - pageSize: - description: PageSize specifies - the hugepage size, for x86_64 - architecture valid values are - 1Gi and 2Mi. - type: string - type: object - maxGuest: - anyOf: - - type: integer - - type: string - description: |- - MaxGuest allows to specify the maximum amount of memory which is visible inside the Guest OS. - The delta between MaxGuest and Guest is the amount of memory that can be hot(un)plugged. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - resources: - description: Resources describes the Compute - Resources required by this vmi. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - Valid resource keys are "memory" and "cpu". - type: object - overcommitGuestOverhead: - description: |- - Don't ask the scheduler to take the guest-management overhead into account. Instead - put the overhead only into the container's memory limit. This can lead to crashes if - all memory is in use on a node. Defaults to false. - type: boolean - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests is a description of the initial vmi resources. - Valid resource keys are "memory" and "cpu". - type: object - type: object - required: - - devices - type: object - evictionStrategy: - description: |- - EvictionStrategy describes the strategy to follow when a node drain occurs. - The possible options are: - - "None": No action will be taken, according to the specified 'RunStrategy' the VirtualMachine will be restarted or shutdown. - - "LiveMigrate": the VirtualMachineInstance will be migrated instead of being shutdown. - - "LiveMigrateIfPossible": the same as "LiveMigrate" but only if the VirtualMachine is Live-Migratable, otherwise it will behave as "None". - - "External": the VirtualMachineInstance will be protected by a PDB and `vmi.Status.EvacuationNodeName` will be set on eviction. This is mainly useful for cluster-api-provider-kubevirt (capk) which needs a way for VMI's to be blocked from eviction, yet signal capk that eviction has been called on the VMI so the capk controller can handle tearing the VMI down. Details can be found in the commit description https://github.com/kubevirt/kubevirt/commit/c1d77face705c8b126696bac9a3ee3825f27f1fa. - type: string - hostname: - description: |- - Specifies the hostname of the vmi - If not specified, the hostname will be set to the name of the vmi, if dhcp or cloud-init is configured properly. - type: string - livenessProbe: - description: |- - Periodic probe of VirtualMachineInstance liveness. - VirtualmachineInstances will be stopped if the probe fails. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - exec: - description: |- - One and only one of the following should be specified. - Exec specifies the action to take, it will be executed on the guest through the qemu-guest-agent. - If the guest agent is not available, this probe will fail. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - guestAgentPing: - description: GuestAgentPing contacts the - qemu-guest-agent for availability checks. - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field - value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the - HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the VirtualMachineInstance has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: |- - TCPSocket specifies an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle hook - properties: - host: - description: 'Optional: Host name - to connect to, defaults to the pod - IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - For exec probes the timeout fails the probe but does not terminate the command running on the guest. - This means a blocking command can result in an increasing load on the guest. - A small buffer will be added to the resulting workload exec probe to compensate for delays - caused by the qemu guest exec mechanism. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - networks: - description: List of networks that can be - attached to a vm's virtual interface. - items: - description: Network represents a network - type and a resource that should be connected - to the vm. - properties: - multus: - description: Represents the multus cni - network. - properties: - default: - description: |- - Select the default network and add it to the - multus-cni.io/default-network annotation. - type: boolean - networkName: - description: |- - References to a NetworkAttachmentDefinition CRD object. Format: - , /. If namespace is not - specified, VMI namespace is assumed. - type: string - required: - - networkName - type: object - name: - description: |- - Network name. - Must be a DNS_LABEL and unique within the vm. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - pod: - description: Represents the stock pod - network interface. - properties: - vmIPv6NetworkCIDR: - description: |- - IPv6 CIDR for the vm network. - Defaults to fd10:0:2::/120 if not specified. - type: string - vmNetworkCIDR: - description: |- - CIDR for vm network. - Default 10.0.2.0/24 if not specified. - type: string - type: object - required: - - name - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the vmi to fit on a node. - Selector which must match a node's labels for the vmi to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - priorityClassName: - description: |- - If specified, indicates the pod's priority. - If not specified, the pod priority will be default or zero if there is no - default. - type: string - readinessProbe: - description: |- - Periodic probe of VirtualMachineInstance service readiness. - VirtualmachineInstances will be removed from service endpoints if the probe fails. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - properties: - exec: - description: |- - One and only one of the following should be specified. - Exec specifies the action to take, it will be executed on the guest through the qemu-guest-agent. - If the guest agent is not available, this probe will fail. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - guestAgentPing: - description: GuestAgentPing contacts the - qemu-guest-agent for availability checks. - type: object - httpGet: - description: HTTPGet specifies the http - request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set - in the request. HTTP allows repeated - headers. - items: - description: HTTPHeader describes - a custom header to be used in - HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field - value - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - path: - description: Path to access on the - HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the VirtualMachineInstance has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: |- - TCPSocket specifies an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic TCP lifecycle hook - properties: - host: - description: 'Optional: Host name - to connect to, defaults to the pod - IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - For exec probes the timeout fails the probe but does not terminate the command running on the guest. - This means a blocking command can result in an increasing load on the guest. - A small buffer will be added to the resulting workload exec probe to compensate for delays - caused by the qemu guest exec mechanism. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - schedulerName: - description: |- - If specified, the VMI will be dispatched by specified scheduler. - If not specified, the VMI will be dispatched by default scheduler. - type: string - startStrategy: - description: StartStrategy can be set to "Paused" - if Virtual Machine should be started in - paused state. - type: string - subdomain: - description: |- - If specified, the fully qualified vmi hostname will be "...svc.". - If not specified, the vmi will not have a domainname at all. The DNS entry will resolve to the vmi, - no matter if the vmi itself can pick up a hostname. - type: string - terminationGracePeriodSeconds: - description: Grace period observed after signalling - a VirtualMachineInstance to stop after which - the VirtualMachineInstance is force terminated. - format: int64 - type: integer - tolerations: - description: If toleration is specified, obey - all the toleration rules. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: |- - TopologySpreadConstraints describes how a group of VMIs will be spread across a given topology - domains. K8s scheduler will schedule VMI pods in a way which abides by the constraints. - items: - description: TopologySpreadConstraint specifies - how to spread matching pods among the - given topology. - properties: - labelSelector: - description: |- - LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine the number of pods - in their corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select the pods over which - spreading will be calculated. The keys are used to lookup values from the - incoming pod labels, those key-value labels are ANDed with labelSelector - to select the group of existing pods over which spreading will be calculated - for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - MatchLabelKeys cannot be set when LabelSelector isn't set. - Keys that don't exist in the incoming pod labels will - be ignored. A null or empty list means only match against labelSelector. - - - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: |- - MaxSkew describes the degree to which pods may be unevenly distributed. - When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - between the number of matching pods in the target topology and the global minimum. - The global minimum is the minimum number of matching pods in an eligible domain - or zero if the number of eligible domains is less than MinDomains. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 2/2/1: - In this case, the global minimum is 1. - | zone1 | zone2 | zone3 | - | P P | P P | P | - - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - to topologies that satisfy it. - It's a required field. Default value is 1 and 0 is not allowed. - format: int32 - type: integer - minDomains: - description: |- - MinDomains indicates a minimum number of eligible domains. - When the number of eligible domains with matching topology keys is less than minDomains, - Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - And when the number of eligible domains with matching topology keys equals or greater than minDomains, - this value has no effect on scheduling. - As a result, when the number of eligible domains is less than minDomains, - scheduler won't schedule more than maxSkew Pods to those domains. - If value is nil, the constraint behaves as if MinDomains is equal to 1. - Valid values are integers greater than 0. - When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - - - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - labelSelector spread as 2/2/2: - | zone1 | zone2 | zone3 | - | P P | P P | P P | - The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - In this situation, new pod with the same labelSelector cannot be scheduled, - because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - it will violate MaxSkew. - format: int32 - type: integer - nodeAffinityPolicy: - description: |- - NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread skew. Options are: - - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - - - If this value is nil, the behavior is equivalent to the Honor policy. - This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - type: string - nodeTaintsPolicy: - description: |- - NodeTaintsPolicy indicates how we will treat node taints when calculating - pod topology spread skew. Options are: - - Honor: nodes without taints, along with tainted nodes for which the incoming pod - has a toleration, are included. - - Ignore: node taints are ignored. All nodes are included. - - - If this value is nil, the behavior is equivalent to the Ignore policy. - This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - type: string - topologyKey: - description: |- - TopologyKey is the key of node labels. Nodes that have a label with this key - and identical values are considered to be in the same topology. - We consider each as a "bucket", and try to put balanced number - of pods into each bucket. - We define a domain as a particular instance of a topology. - Also, we define an eligible domain as a domain whose nodes meet the requirements of - nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - It's a required field. - type: string - whenUnsatisfiable: - description: |- - WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - the spread constraint. - - DoNotSchedule (default) tells the scheduler not to schedule it. - - ScheduleAnyway tells the scheduler to schedule the pod in any location, - but giving higher precedence to topologies that would help reduce the - skew. - A constraint is considered "Unsatisfiable" for an incoming pod - if and only if every possible node assignment for that pod would violate - "MaxSkew" on some topology. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 3/1/1: - | zone1 | zone2 | zone3 | - | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - won't make it *more* imbalanced. - It's a required field. - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - description: List of volumes that can be mounted - by disks belonging to the vmi. - items: - description: Volume represents a named volume - in a vmi. - properties: - cloudInitConfigDrive: - description: |- - CloudInitConfigDrive represents a cloud-init Config Drive user-data source. - The Config Drive data will be added as a disk to the vmi. A proper cloud-init installation is required inside the guest. - More info: https://cloudinit.readthedocs.io/en/latest/topics/datasources/configdrive.html - properties: - networkData: - description: NetworkData contains - config drive inline cloud-init - networkdata. - type: string - networkDataBase64: - description: NetworkDataBase64 contains - config drive cloud-init networkdata - as a base64 encoded string. - type: string - networkDataSecretRef: - description: NetworkDataSecretRef - references a k8s secret that contains - config drive networkdata. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - secretRef: - description: UserDataSecretRef references - a k8s secret that contains config - drive userdata. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - userData: - description: UserData contains config - drive inline cloud-init userdata. - type: string - userDataBase64: - description: UserDataBase64 contains - config drive cloud-init userdata - as a base64 encoded string. - type: string - type: object - cloudInitNoCloud: - description: |- - CloudInitNoCloud represents a cloud-init NoCloud user-data source. - The NoCloud data will be added as a disk to the vmi. A proper cloud-init installation is required inside the guest. - More info: http://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html - properties: - networkData: - description: NetworkData contains - NoCloud inline cloud-init networkdata. - type: string - networkDataBase64: - description: NetworkDataBase64 contains - NoCloud cloud-init networkdata - as a base64 encoded string. - type: string - networkDataSecretRef: - description: NetworkDataSecretRef - references a k8s secret that contains - NoCloud networkdata. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - secretRef: - description: UserDataSecretRef references - a k8s secret that contains NoCloud - userdata. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - userData: - description: UserData contains NoCloud - inline cloud-init userdata. - type: string - userDataBase64: - description: UserDataBase64 contains - NoCloud cloud-init userdata as - a base64 encoded string. - type: string - type: object - configMap: - description: |- - ConfigMapSource represents a reference to a ConfigMap in the same namespace. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/ - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - optional: - description: Specify whether the - ConfigMap or it's keys must be - defined - type: boolean - volumeLabel: - description: |- - The volume label of the resulting disk inside the VMI. - Different bootstrapping mechanisms require different values. - Typical values are "cidata" (cloud-init), "config-2" (cloud-init) or "OEMDRV" (kickstart). - type: string - type: object - x-kubernetes-map-type: atomic - containerDisk: - description: |- - ContainerDisk references a docker image, embedding a qcow or raw disk. - More info: https://kubevirt.gitbooks.io/user-guide/registry-disk.html - properties: - image: - description: Image is the name of - the image with the embedded disk. - type: string - imagePullPolicy: - description: |- - Image pull policy. - One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - type: string - imagePullSecret: - description: ImagePullSecret is - the name of the Docker registry - secret required to pull the image. - The secret must already exist. - type: string - path: - description: Path defines the path - to disk file in the container - type: string - required: - - image - type: object - dataVolume: - description: |- - DataVolume represents the dynamic creation a PVC for this volume as well as - the process of populating that PVC with a disk image. - properties: - hotpluggable: - description: Hotpluggable indicates - whether the volume can be hotplugged - and hotunplugged. - type: boolean - name: - description: |- - Name of both the DataVolume and the PVC in the same namespace. - After PVC population the DataVolume is garbage collected by default. - type: string - required: - - name - type: object - downwardAPI: - description: DownwardAPI represents - downward API about the pod that should - populate this volume - properties: - fields: - description: Fields is a list of - downward API volume file - items: - description: DownwardAPIVolumeFile - represents information to create - the file containing the pod - field - properties: - fieldRef: - description: 'Required: Selects - a field of the pod: only - annotations, labels, name, - namespace and uid are supported.' - properties: - apiVersion: - description: Version of - the schema the FieldPath - is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the - field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: |- - Optional: mode bits used to set permissions on this file, must be an octal value - between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: 'Required: Path - is the relative path name - of the file to be created. - Must not be absolute or - contain the ''..'' path. - Must be utf-8 encoded. The - first item of the relative - path must not start with - ''..''' - type: string - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - properties: - containerName: - description: 'Container - name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies - the output format of - the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - volumeLabel: - description: |- - The volume label of the resulting disk inside the VMI. - Different bootstrapping mechanisms require different values. - Typical values are "cidata" (cloud-init), "config-2" (cloud-init) or "OEMDRV" (kickstart). - type: string - type: object - downwardMetrics: - description: |- - DownwardMetrics adds a very small disk to VMIs which contains a limited view of host and guest - metrics. The disk content is compatible with vhostmd (https://github.com/vhostmd/vhostmd) and vm-dump-metrics. - type: object - emptyDisk: - description: |- - EmptyDisk represents a temporary disk which shares the vmis lifecycle. - More info: https://kubevirt.gitbooks.io/user-guide/disks-and-volumes.html - properties: - capacity: - anyOf: - - type: integer - - type: string - description: Capacity of the sparse - disk. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - required: - - capacity - type: object - ephemeral: - description: Ephemeral is a special - volume source that "wraps" specified - source and provides copy-on-write - image on top of it. - properties: - persistentVolumeClaim: - description: |- - PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. - Directly attached to the vmi via qemu. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - claimName: - description: |- - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - type: string - readOnly: - description: |- - readOnly Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - type: object - hostDisk: - description: HostDisk represents a disk - created on the cluster level - properties: - capacity: - anyOf: - - type: integer - - type: string - description: Capacity of the sparse - disk - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - path: - description: The path to HostDisk - image located on the cluster - type: string - shared: - description: Shared indicate whether - the path is shared between nodes - type: boolean - type: - description: |- - Contains information if disk.img exists or should be created - allowed options are 'Disk' and 'DiskOrCreate' - type: string - required: - - path - - type - type: object - memoryDump: - description: MemoryDump is attached - to the virt launcher and is populated - with a memory dump of the vmi - properties: - claimName: - description: |- - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - type: string - hotpluggable: - description: Hotpluggable indicates - whether the volume can be hotplugged - and hotunplugged. - type: boolean - readOnly: - description: |- - readOnly Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - name: - description: |- - Volume's name. - Must be a DNS_LABEL and unique within the vmi. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - persistentVolumeClaim: - description: |- - PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. - Directly attached to the vmi via qemu. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - claimName: - description: |- - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - type: string - hotpluggable: - description: Hotpluggable indicates - whether the volume can be hotplugged - and hotunplugged. - type: boolean - readOnly: - description: |- - readOnly Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - secret: - description: |- - SecretVolumeSource represents a reference to a secret data in the same namespace. - More info: https://kubernetes.io/docs/concepts/configuration/secret/ - properties: - optional: - description: Specify whether the - Secret or it's keys must be defined - type: boolean - secretName: - description: |- - Name of the secret in the pod's namespace to use. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - type: string - volumeLabel: - description: |- - The volume label of the resulting disk inside the VMI. - Different bootstrapping mechanisms require different values. - Typical values are "cidata" (cloud-init), "config-2" (cloud-init) or "OEMDRV" (kickstart). - type: string - type: object - serviceAccount: - description: |- - ServiceAccountVolumeSource represents a reference to a service account. - There can only be one volume of this type! - More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - properties: - serviceAccountName: - description: |- - Name of the service account in the pod's namespace to use. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - type: string - type: object - sysprep: - description: Represents a Sysprep volume - source. - properties: - configMap: - description: ConfigMap references - a ConfigMap that contains Sysprep - answer file named autounattend.xml - that should be attached as disk - of CDROM type. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret references a - k8s Secret that contains Sysprep - answer file named autounattend.xml - that should be attached as disk - of CDROM type. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - required: - - domain - type: object - type: object - required: - - template - type: object - type: object - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-machinedeployments.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-machinedeployments.cluster.x-k8s.io.yaml deleted file mode 100644 index ca97a6558..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-machinedeployments.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,564 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: machinedeployments.cluster.x-k8s.io -spec: - group: cluster.x-k8s.io - names: - categories: - - cluster-api - kind: MachineDeployment - listKind: MachineDeploymentList - plural: machinedeployments - shortNames: - - md - singular: machinedeployment - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster - jsonPath: .spec.clusterName - name: Cluster - type: string - - description: Total number of machines desired by this MachineDeployment - jsonPath: .spec.replicas - name: Desired - priority: 10 - type: integer - - description: Total number of non-terminated machines targeted by this MachineDeployment - jsonPath: .status.replicas - name: Replicas - type: integer - - description: Total number of ready machines targeted by this MachineDeployment - jsonPath: .status.readyReplicas - name: Ready - type: integer - - description: Total number of non-terminated machines targeted by this deployment - that have the desired template spec - jsonPath: .status.updatedReplicas - name: Updated - type: integer - - description: Total number of unavailable machines targeted by this MachineDeployment - jsonPath: .status.unavailableReplicas - name: Unavailable - type: integer - - description: MachineDeployment status such as ScalingUp/ScalingDown/Running/Failed/Unknown - jsonPath: .status.phase - name: Phase - type: string - - description: Time duration since creation of MachineDeployment - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Kubernetes version associated with this MachineDeployment - jsonPath: .spec.template.spec.version - name: Version - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: MachineDeployment is the Schema for the machinedeployments API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachineDeploymentSpec defines the desired state of MachineDeployment. - properties: - clusterName: - description: ClusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - minReadySeconds: - description: |- - MinReadySeconds is the minimum number of seconds for which a Node for a newly created machine should be ready before considering the replica available. - Defaults to 0 (machine will be considered available as soon as the Node is ready) - format: int32 - type: integer - paused: - description: Indicates that the deployment is paused. - type: boolean - progressDeadlineSeconds: - description: |- - The maximum time in seconds for a deployment to make progress before it - is considered to be failed. The deployment controller will continue to - process failed deployments and a condition with a ProgressDeadlineExceeded - reason will be surfaced in the deployment status. Note that progress will - not be estimated during the time a deployment is paused. Defaults to 600s. - format: int32 - type: integer - replicas: - description: |- - Number of desired machines. - This is a pointer to distinguish between explicit zero and not specified. - - - Defaults to: - * if the Kubernetes autoscaler min size and max size annotations are set: - - if it's a new MachineDeployment, use min size - - if the replicas field of the old MachineDeployment is < min size, use min size - - if the replicas field of the old MachineDeployment is > max size, use max size - - if the replicas field of the old MachineDeployment is in the (min size, max size) range, keep the value from the oldMD - * otherwise use 1 - Note: Defaulting will be run whenever the replicas field is not set: - * A new MachineDeployment is created with replicas not set. - * On an existing MachineDeployment the replicas field was first set and is now unset. - Those cases are especially relevant for the following Kubernetes autoscaler use cases: - * A new MachineDeployment is created and replicas should be managed by the autoscaler - * An existing MachineDeployment which initially wasn't controlled by the autoscaler - should be later controlled by the autoscaler - format: int32 - type: integer - revisionHistoryLimit: - description: |- - The number of old MachineSets to retain to allow rollback. - This is a pointer to distinguish between explicit zero and not specified. - Defaults to 1. - format: int32 - type: integer - rolloutAfter: - description: |- - RolloutAfter is a field to indicate a rollout should be performed - after the specified time even if no changes have been made to the - MachineDeployment. - Example: In the YAML the time can be specified in the RFC3339 format. - To specify the rolloutAfter target as March 9, 2023, at 9 am UTC - use "2023-03-09T09:00:00Z". - format: date-time - type: string - selector: - description: |- - Label selector for machines. Existing MachineSets whose machines are - selected by this will be the ones affected by this deployment. - It must match the machine template's labels. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - strategy: - description: |- - The deployment strategy to use to replace existing machines with - new ones. - properties: - rollingUpdate: - description: |- - Rolling update config params. Present only if - MachineDeploymentStrategyType = RollingUpdate. - properties: - deletePolicy: - description: |- - DeletePolicy defines the policy used by the MachineDeployment to identify nodes to delete when downscaling. - Valid values are "Random, "Newest", "Oldest" - When no value is supplied, the default DeletePolicy of MachineSet is used - enum: - - Random - - Newest - - Oldest - type: string - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be scheduled above the - desired number of machines. - Value can be an absolute number (ex: 5) or a percentage of - desired machines (ex: 10%). - This can not be 0 if MaxUnavailable is 0. - Absolute number is calculated from percentage by rounding up. - Defaults to 1. - Example: when this is set to 30%, the new MachineSet can be scaled - up immediately when the rolling update starts, such that the total - number of old and new machines do not exceed 130% of desired - machines. Once old machines have been killed, new MachineSet can - be scaled up further, ensuring that total number of machines running - at any time during the update is at most 130% of desired machines. - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of machines that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of desired - machines (ex: 10%). - Absolute number is calculated from percentage by rounding down. - This can not be 0 if MaxSurge is 0. - Defaults to 0. - Example: when this is set to 30%, the old MachineSet can be scaled - down to 70% of desired machines immediately when the rolling update - starts. Once new machines are ready, old MachineSet can be scaled - down further, followed by scaling up the new MachineSet, ensuring - that the total number of machines available at all times - during the update is at least 70% of desired machines. - x-kubernetes-int-or-string: true - type: object - type: - description: |- - Type of deployment. Allowed values are RollingUpdate and OnDelete. - The default is RollingUpdate. - enum: - - RollingUpdate - - OnDelete - type: string - type: object - template: - description: Template describes the machines that will be created. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: |- - Specification of the desired behavior of the machine. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - bootstrap: - description: |- - Bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - ConfigRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.DataSecretName without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - dataSecretName: - description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: ClusterName is the name of the Cluster this object - belongs to. - minLength: 1 - type: string - failureDomain: - description: |- - FailureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - InfrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDeletionTimeout: - description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - type: string - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - nodeVolumeDetachTimeout: - description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - type: string - providerID: - description: |- - ProviderID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - version: - description: |- - Version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - type: object - required: - - clusterName - - selector - - template - type: object - status: - description: MachineDeploymentStatus defines the observed state of MachineDeployment. - properties: - availableReplicas: - description: |- - Total number of available machines (ready for at least minReadySeconds) - targeted by this deployment. - format: int32 - type: integer - conditions: - description: Conditions defines current service state of the MachineDeployment. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - observedGeneration: - description: The generation observed by the deployment controller. - format: int64 - type: integer - phase: - description: Phase represents the current phase of a MachineDeployment - (ScalingUp, ScalingDown, Running, Failed, or Unknown). - type: string - readyReplicas: - description: Total number of ready machines targeted by this deployment. - format: int32 - type: integer - replicas: - description: |- - Total number of non-terminated machines targeted by this deployment - (their labels match the selector). - format: int32 - type: integer - selector: - description: |- - Selector is the same as the label selector but in the string format to avoid introspection - by clients. The string will be in the same format as the query-param syntax. - More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors - type: string - unavailableReplicas: - description: |- - Total number of unavailable machines targeted by this deployment. - This is the total number of machines that are still required for - the deployment to have 100% available capacity. They may either - be machines that are running but not yet available or machines - that still have not been created. - format: int32 - type: integer - updatedReplicas: - description: |- - Total number of non-terminated machines targeted by this deployment - that have the desired template spec. - format: int32 - type: integer - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-machinehealthchecks.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-machinehealthchecks.cluster.x-k8s.io.yaml deleted file mode 100644 index 1b51cbc48..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-machinehealthchecks.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,316 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: machinehealthchecks.cluster.x-k8s.io -spec: - group: cluster.x-k8s.io - names: - categories: - - cluster-api - kind: MachineHealthCheck - listKind: MachineHealthCheckList - plural: machinehealthchecks - shortNames: - - mhc - - mhcs - singular: machinehealthcheck - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster - jsonPath: .spec.clusterName - name: Cluster - type: string - - description: Number of machines currently monitored - jsonPath: .status.expectedMachines - name: ExpectedMachines - type: integer - - description: Maximum number of unhealthy machines allowed - jsonPath: .spec.maxUnhealthy - name: MaxUnhealthy - type: string - - description: Current observed healthy machines - jsonPath: .status.currentHealthy - name: CurrentHealthy - type: integer - - description: Time duration since creation of MachineHealthCheck - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: MachineHealthCheck is the Schema for the machinehealthchecks - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Specification of machine health check policy - properties: - clusterName: - description: ClusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - maxUnhealthy: - anyOf: - - type: integer - - type: string - description: |- - Any further remediation is only allowed if at most "MaxUnhealthy" machines selected by - "selector" are not healthy. - x-kubernetes-int-or-string: true - nodeStartupTimeout: - description: |- - Machines older than this duration without a node will be considered to have - failed and will be remediated. - If not set, this value is defaulted to 10 minutes. - If you wish to disable this feature, set the value explicitly to 0. - type: string - remediationTemplate: - description: |- - RemediationTemplate is a reference to a remediation template - provided by an infrastructure provider. - - - This field is completely optional, when filled, the MachineHealthCheck controller - creates a new object from the template referenced and hands off remediation of the machine to - a controller that lives outside of Cluster API. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - selector: - description: Label selector to match machines whose health will be - exercised - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - unhealthyConditions: - description: |- - UnhealthyConditions contains a list of the conditions that determine - whether a node is considered unhealthy. The conditions are combined in a - logical OR, i.e. if any of the conditions is met, the node is unhealthy. - items: - description: |- - UnhealthyCondition represents a Node condition type and value with a timeout - specified as a duration. When the named condition has been in the given - status for at least the timeout value, a node is considered unhealthy. - properties: - status: - minLength: 1 - type: string - timeout: - type: string - type: - minLength: 1 - type: string - required: - - status - - timeout - - type - type: object - minItems: 1 - type: array - unhealthyRange: - description: |- - Any further remediation is only allowed if the number of machines selected by "selector" as not healthy - is within the range of "UnhealthyRange". Takes precedence over MaxUnhealthy. - Eg. "[3-5]" - This means that remediation will be allowed only when: - (a) there are at least 3 unhealthy machines (and) - (b) there are at most 5 unhealthy machines - pattern: ^\[[0-9]+-[0-9]+\]$ - type: string - required: - - clusterName - - selector - - unhealthyConditions - type: object - status: - description: Most recently observed status of MachineHealthCheck resource - properties: - conditions: - description: Conditions defines current service state of the MachineHealthCheck. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - currentHealthy: - description: total number of healthy machines counted by this machine - health check - format: int32 - minimum: 0 - type: integer - expectedMachines: - description: total number of machines counted by this machine health - check - format: int32 - minimum: 0 - type: integer - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - remediationsAllowed: - description: |- - RemediationsAllowed is the number of further remediations allowed by this machine health check before - maxUnhealthy short circuiting will be applied - format: int32 - minimum: 0 - type: integer - targets: - description: Targets shows the current list of machines the machine - health check is watching - items: - type: string - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-machinepools.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-machinepools.cluster.x-k8s.io.yaml deleted file mode 100644 index a3457b488..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-machinepools.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,476 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: machinepools.cluster.x-k8s.io -spec: - group: cluster.x-k8s.io - names: - categories: - - cluster-api - kind: MachinePool - listKind: MachinePoolList - plural: machinepools - shortNames: - - mp - singular: machinepool - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster - jsonPath: .spec.clusterName - name: Cluster - type: string - - description: Total number of machines desired by this MachinePool - jsonPath: .spec.replicas - name: Desired - priority: 10 - type: integer - - description: MachinePool replicas count - jsonPath: .status.replicas - name: Replicas - type: string - - description: MachinePool status such as Terminating/Pending/Provisioning/Running/Failed - etc - jsonPath: .status.phase - name: Phase - type: string - - description: Time duration since creation of MachinePool - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Kubernetes version associated with this MachinePool - jsonPath: .spec.template.spec.version - name: Version - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: MachinePool is the Schema for the machinepools API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachinePoolSpec defines the desired state of MachinePool. - properties: - clusterName: - description: ClusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - failureDomains: - description: FailureDomains is the list of failure domains this MachinePool - should be attached to. - items: - type: string - type: array - minReadySeconds: - description: |- - Minimum number of seconds for which a newly created machine instances should - be ready. - Defaults to 0 (machine instance will be considered available as soon as it - is ready) - NOTE: No logic is implemented for this field and it currently has no behaviour. - format: int32 - type: integer - providerIDList: - description: |- - ProviderIDList are the identification IDs of machine instances provided by the provider. - This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances. - items: - type: string - type: array - replicas: - description: |- - Number of desired machines. Defaults to 1. - This is a pointer to distinguish between explicit zero and not specified. - format: int32 - type: integer - template: - description: Template describes the machines that will be created. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: |- - Specification of the desired behavior of the machine. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - bootstrap: - description: |- - Bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - ConfigRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.DataSecretName without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - dataSecretName: - description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: ClusterName is the name of the Cluster this object - belongs to. - minLength: 1 - type: string - failureDomain: - description: |- - FailureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - InfrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDeletionTimeout: - description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - type: string - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - nodeVolumeDetachTimeout: - description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - type: string - providerID: - description: |- - ProviderID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - version: - description: |- - Version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - type: object - required: - - clusterName - - template - type: object - status: - description: MachinePoolStatus defines the observed state of MachinePool. - properties: - availableReplicas: - description: The number of available replicas (ready for at least - minReadySeconds) for this MachinePool. - format: int32 - type: integer - bootstrapReady: - description: BootstrapReady is the state of the bootstrap provider. - type: boolean - conditions: - description: Conditions define the current service state of the MachinePool. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - description: |- - FailureMessage indicates that there is a problem reconciling the state, - and will be set to a descriptive error message. - type: string - failureReason: - description: |- - FailureReason indicates that there is a problem reconciling the state, and - will be set to a token value suitable for programmatic interpretation. - type: string - infrastructureReady: - description: InfrastructureReady is the state of the infrastructure - provider. - type: boolean - nodeRefs: - description: NodeRefs will point to the corresponding Nodes if it - they exist. - items: - description: |- - ObjectReference contains enough information to let you inspect or modify the referred object. - --- - New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. - 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. - 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular - restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". - Those cannot be well described when embedded. - 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. - 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity - during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple - and the version of the actual struct is irrelevant. - 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type - will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. - - - Instead of using this type, create a locally provided and used type that is well-focused on your reference. - For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - type: array - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - phase: - description: |- - Phase represents the current phase of cluster actuation. - E.g. Pending, Running, Terminating, Failed etc. - type: string - readyReplicas: - description: The number of ready replicas for this MachinePool. A - machine is considered ready when the node has been created and is - "Ready". - format: int32 - type: integer - replicas: - description: Replicas is the most recently observed number of replicas. - format: int32 - type: integer - unavailableReplicas: - description: |- - Total number of unavailable machine instances targeted by this machine pool. - This is the total number of machine instances that are still required for - the machine pool to have 100% available capacity. They may either - be machine instances that are running but not yet available or machine instances - that still have not been created. - format: int32 - type: integer - type: object - type: object - served: true - storage: true - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-machines.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-machines.cluster.x-k8s.io.yaml deleted file mode 100644 index d452d9639..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-machines.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,475 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: machines.cluster.x-k8s.io -spec: - group: cluster.x-k8s.io - names: - categories: - - cluster-api - kind: Machine - listKind: MachineList - plural: machines - shortNames: - - ma - singular: machine - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster - jsonPath: .spec.clusterName - name: Cluster - type: string - - description: Node name associated with this machine - jsonPath: .status.nodeRef.name - name: NodeName - type: string - - description: Provider ID - jsonPath: .spec.providerID - name: ProviderID - type: string - - description: Machine status such as Terminating/Pending/Running/Failed etc - jsonPath: .status.phase - name: Phase - type: string - - description: Time duration since creation of Machine - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Kubernetes version associated with this Machine - jsonPath: .spec.version - name: Version - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: Machine is the Schema for the machines API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachineSpec defines the desired state of Machine. - properties: - bootstrap: - description: |- - Bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - ConfigRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.DataSecretName without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - dataSecretName: - description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: ClusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - failureDomain: - description: |- - FailureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - InfrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDeletionTimeout: - description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - type: string - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - nodeVolumeDetachTimeout: - description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - type: string - providerID: - description: |- - ProviderID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - version: - description: |- - Version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - status: - description: MachineStatus defines the observed state of Machine. - properties: - addresses: - description: |- - Addresses is a list of addresses assigned to the machine. - This field is copied from the infrastructure provider reference. - items: - description: MachineAddress contains information for the node's - address. - properties: - address: - description: The machine address. - type: string - type: - description: Machine address type, one of Hostname, ExternalIP, - InternalIP, ExternalDNS or InternalDNS. - type: string - required: - - address - - type - type: object - type: array - bootstrapReady: - description: BootstrapReady is the state of the bootstrap provider. - type: boolean - certificatesExpiryDate: - description: |- - CertificatesExpiryDate is the expiry date of the machine certificates. - This value is only set for control plane machines. - format: date-time - type: string - conditions: - description: Conditions defines current service state of the Machine. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - description: |- - FailureMessage will be set in the event that there is a terminal problem - reconciling the Machine and will contain a more verbose string suitable - for logging and human consumption. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - failureReason: - description: |- - FailureReason will be set in the event that there is a terminal problem - reconciling the Machine and will contain a succinct value suitable - for machine interpretation. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - infrastructureReady: - description: InfrastructureReady is the state of the infrastructure - provider. - type: boolean - lastUpdated: - description: LastUpdated identifies when the phase of the Machine - last transitioned. - format: date-time - type: string - nodeInfo: - description: |- - NodeInfo is a set of ids/uuids to uniquely identify the node. - More info: https://kubernetes.io/docs/concepts/nodes/node/#info - properties: - architecture: - description: The Architecture reported by the node - type: string - bootID: - description: Boot ID reported by the node. - type: string - containerRuntimeVersion: - description: ContainerRuntime Version reported by the node through - runtime remote API (e.g. containerd://1.4.2). - type: string - kernelVersion: - description: Kernel Version reported by the node from 'uname -r' - (e.g. 3.16.0-0.bpo.4-amd64). - type: string - kubeProxyVersion: - description: KubeProxy Version reported by the node. - type: string - kubeletVersion: - description: Kubelet Version reported by the node. - type: string - machineID: - description: |- - MachineID reported by the node. For unique machine identification - in the cluster this field is preferred. Learn more from man(5) - machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html - type: string - operatingSystem: - description: The Operating System reported by the node - type: string - osImage: - description: OS Image reported by the node from /etc/os-release - (e.g. Debian GNU/Linux 7 (wheezy)). - type: string - systemUUID: - description: |- - SystemUUID reported by the node. For unique machine identification - MachineID is preferred. This field is specific to Red Hat hosts - https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid - type: string - required: - - architecture - - bootID - - containerRuntimeVersion - - kernelVersion - - kubeProxyVersion - - kubeletVersion - - machineID - - operatingSystem - - osImage - - systemUUID - type: object - nodeRef: - description: NodeRef will point to the corresponding Node if it exists. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - phase: - description: |- - Phase represents the current phase of machine actuation. - E.g. Pending, Running, Terminating, Failed etc. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-machinesets.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-machinesets.cluster.x-k8s.io.yaml deleted file mode 100644 index 395db9ebb..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-machinesets.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,481 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: machinesets.cluster.x-k8s.io -spec: - group: cluster.x-k8s.io - names: - categories: - - cluster-api - kind: MachineSet - listKind: MachineSetList - plural: machinesets - shortNames: - - ms - singular: machineset - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster - jsonPath: .spec.clusterName - name: Cluster - type: string - - description: Total number of machines desired by this machineset - jsonPath: .spec.replicas - name: Desired - priority: 10 - type: integer - - description: Total number of non-terminated machines targeted by this machineset - jsonPath: .status.replicas - name: Replicas - type: integer - - description: Total number of ready machines targeted by this machineset. - jsonPath: .status.readyReplicas - name: Ready - type: integer - - description: Total number of available machines (ready for at least minReadySeconds) - jsonPath: .status.availableReplicas - name: Available - type: integer - - description: Time duration since creation of MachineSet - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Kubernetes version associated with this MachineSet - jsonPath: .spec.template.spec.version - name: Version - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: MachineSet is the Schema for the machinesets API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: MachineSetSpec defines the desired state of MachineSet. - properties: - clusterName: - description: ClusterName is the name of the Cluster this object belongs - to. - minLength: 1 - type: string - deletePolicy: - description: |- - DeletePolicy defines the policy used to identify nodes to delete when downscaling. - Defaults to "Random". Valid values are "Random, "Newest", "Oldest" - enum: - - Random - - Newest - - Oldest - type: string - minReadySeconds: - description: |- - MinReadySeconds is the minimum number of seconds for which a Node for a newly created machine should be ready before considering the replica available. - Defaults to 0 (machine will be considered available as soon as the Node is ready) - format: int32 - type: integer - replicas: - description: |- - Replicas is the number of desired replicas. - This is a pointer to distinguish between explicit zero and unspecified. - - - Defaults to: - * if the Kubernetes autoscaler min size and max size annotations are set: - - if it's a new MachineSet, use min size - - if the replicas field of the old MachineSet is < min size, use min size - - if the replicas field of the old MachineSet is > max size, use max size - - if the replicas field of the old MachineSet is in the (min size, max size) range, keep the value from the oldMS - * otherwise use 1 - Note: Defaulting will be run whenever the replicas field is not set: - * A new MachineSet is created with replicas not set. - * On an existing MachineSet the replicas field was first set and is now unset. - Those cases are especially relevant for the following Kubernetes autoscaler use cases: - * A new MachineSet is created and replicas should be managed by the autoscaler - * An existing MachineSet which initially wasn't controlled by the autoscaler - should be later controlled by the autoscaler - format: int32 - type: integer - selector: - description: |- - Selector is a label query over machines that should match the replica count. - Label keys and values that must match in order to be controlled by this MachineSet. - It must match the machine template's labels. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - template: - description: |- - Template is the object that describes the machine that will be created if - insufficient replicas are detected. - Object references to custom resources are treated as templates. - properties: - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - description: |- - Annotations is an unstructured key value map stored with a resource that may be - set by external tools to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations - type: object - labels: - additionalProperties: - type: string - description: |- - Map of string keys and values that can be used to organize and categorize - (scope and select) objects. May match selectors of replication controllers - and services. - More info: http://kubernetes.io/docs/user-guide/labels - type: object - type: object - spec: - description: |- - Specification of the desired behavior of the machine. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - bootstrap: - description: |- - Bootstrap is a reference to a local struct which encapsulates - fields to configure the Machine’s bootstrapping mechanism. - properties: - configRef: - description: |- - ConfigRef is a reference to a bootstrap provider-specific resource - that holds configuration details. The reference is optional to - allow users/operators to specify Bootstrap.DataSecretName without - the need of a controller. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - dataSecretName: - description: |- - DataSecretName is the name of the secret that stores the bootstrap data script. - If nil, the Machine should remain in the Pending state. - type: string - type: object - clusterName: - description: ClusterName is the name of the Cluster this object - belongs to. - minLength: 1 - type: string - failureDomain: - description: |- - FailureDomain is the failure domain the machine will be created in. - Must match a key in the FailureDomains map stored on the cluster object. - type: string - infrastructureRef: - description: |- - InfrastructureRef is a required reference to a custom resource - offered by an infrastructure provider. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - nodeDeletionTimeout: - description: |- - NodeDeletionTimeout defines how long the controller will attempt to delete the Node that the Machine - hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely. - Defaults to 10 seconds. - type: string - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - type: string - nodeVolumeDetachTimeout: - description: |- - NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes - to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations. - type: string - providerID: - description: |- - ProviderID is the identification ID of the machine provided by the provider. - This field must match the provider ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler - with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out - machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a - generic out-of-tree provider for autoscaler, this field is required by autoscaler to be - able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - version: - description: |- - Version defines the desired Kubernetes version. - This field is meant to be optionally used by bootstrap providers. - type: string - required: - - bootstrap - - clusterName - - infrastructureRef - type: object - type: object - required: - - clusterName - - selector - type: object - status: - description: MachineSetStatus defines the observed state of MachineSet. - properties: - availableReplicas: - description: The number of available replicas (ready for at least - minReadySeconds) for this MachineSet. - format: int32 - type: integer - conditions: - description: Conditions defines current service state of the MachineSet. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - type: string - failureReason: - description: |- - In the event that there is a terminal problem reconciling the - replicas, both FailureReason and FailureMessage will be set. FailureReason - will be populated with a succinct value suitable for machine - interpretation, while FailureMessage will contain a more verbose - string suitable for logging and human consumption. - - - These fields should not be set for transitive errors that a - controller faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the MachineTemplate's spec or the configuration of - the machine controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the machine controller, or the - responsible machine controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the MachineSet object and/or logged in the - controller's output. - type: string - fullyLabeledReplicas: - description: The number of replicas that have labels matching the - labels of the machine template of the MachineSet. - format: int32 - type: integer - observedGeneration: - description: ObservedGeneration reflects the generation of the most - recently observed MachineSet. - format: int64 - type: integer - readyReplicas: - description: The number of ready replicas for this MachineSet. A machine - is considered ready when the node has been created and is "Ready". - format: int32 - type: integer - replicas: - description: Replicas is the most recently observed number of replicas. - format: int32 - type: integer - selector: - description: |- - Selector is the same as the label selector but in the string format to avoid introspection - by clients. The string will be in the same format as the query-param syntax. - More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors - type: string - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-monitoring.coreos.com_podmonitors.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-monitoring.coreos.com_podmonitors.yaml deleted file mode 100644 index 9fd50a145..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-monitoring.coreos.com_podmonitors.yaml +++ /dev/null @@ -1,1152 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.1 - operator.prometheus.io/version: 0.76.1 - name: podmonitors.monitoring.coreos.com -spec: - group: monitoring.coreos.com - names: - categories: - - prometheus-operator - kind: PodMonitor - listKind: PodMonitorList - plural: podmonitors - shortNames: - - pmon - singular: podmonitor - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - The `PodMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of pods. - Among other things, it allows to specify: - * The pods to scrape via label selectors. - * The container ports to scrape. - * Authentication credentials to use. - * Target and metric relabeling. - - `Prometheus` and `PrometheusAgent` objects select `PodMonitor` objects using label and namespace selectors. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Specification of desired Pod selection for target discovery - by Prometheus. - properties: - attachMetadata: - description: |- - `attachMetadata` defines additional metadata which is added to the - discovered targets. - - It requires Prometheus >= v2.35.0. - properties: - node: - description: |- - When set to true, Prometheus attaches node metadata to the discovered - targets. - - The Prometheus service account must have the `list` and `watch` - permissions on the `Nodes` objects. - type: boolean - type: object - bodySizeLimit: - description: |- - When defined, bodySizeLimit specifies a job level limit on the size - of uncompressed response body that will be accepted by Prometheus. - - It requires Prometheus >= v2.28.0. - pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ - type: string - jobLabel: - description: |- - The label to use to retrieve the job name from. - `jobLabel` selects the label from the associated Kubernetes `Pod` - object which will be used as the `job` label for all metrics. - - For example if `jobLabel` is set to `foo` and the Kubernetes `Pod` - object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` - label to all ingested metrics. - - If the value of this field is empty, the `job` label of the metrics - defaults to the namespace and name of the PodMonitor object (e.g. `/`). - type: string - keepDroppedTargets: - description: |- - Per-scrape limit on the number of targets dropped by relabeling - that will be kept in memory. 0 means no limit. - - It requires Prometheus >= v2.47.0. - format: int64 - type: integer - labelLimit: - description: |- - Per-scrape limit on number of labels that will be accepted for a sample. - - It requires Prometheus >= v2.27.0. - format: int64 - type: integer - labelNameLengthLimit: - description: |- - Per-scrape limit on length of labels name that will be accepted for a sample. - - It requires Prometheus >= v2.27.0. - format: int64 - type: integer - labelValueLengthLimit: - description: |- - Per-scrape limit on length of labels value that will be accepted for a sample. - - It requires Prometheus >= v2.27.0. - format: int64 - type: integer - namespaceSelector: - description: |- - `namespaceSelector` defines in which namespace(s) Prometheus should discover the pods. - By default, the pods are discovered in the same namespace as the `PodMonitor` object but it is possible to select pods across different/all namespaces. - properties: - any: - description: |- - Boolean describing whether all namespaces are selected in contrast to a - list restricting them. - type: boolean - matchNames: - description: List of namespace names to select from. - items: - type: string - type: array - type: object - podMetricsEndpoints: - description: Defines how to scrape metrics from the selected pods. - items: - description: |- - PodMetricsEndpoint defines an endpoint serving Prometheus metrics to be scraped by - Prometheus. - properties: - authorization: - description: |- - `authorization` configures the Authorization header credentials to use when - scraping the target. - - Cannot be set at the same time as `basicAuth`, or `oauth2`. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - basicAuth: - description: |- - `basicAuth` configures the Basic Authentication credentials to use when - scraping the target. - - Cannot be set at the same time as `authorization`, or `oauth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerTokenSecret: - description: |- - `bearerTokenSecret` specifies a key of a Secret containing the bearer - token for scraping targets. The secret needs to be in the same namespace - as the PodMonitor object and readable by the Prometheus Operator. - - Deprecated: use `authorization` instead. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - enableHttp2: - description: '`enableHttp2` can be used to disable HTTP2 when - scraping the target.' - type: boolean - filterRunning: - description: |- - When true, the pods which are not running (e.g. either in Failed or - Succeeded state) are dropped during the target discovery. - - If unset, the filtering is enabled. - - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase - type: boolean - followRedirects: - description: |- - `followRedirects` defines whether the scrape requests should follow HTTP - 3xx redirects. - type: boolean - honorLabels: - description: |- - When true, `honorLabels` preserves the metric's labels when they collide - with the target's labels. - type: boolean - honorTimestamps: - description: |- - `honorTimestamps` controls whether Prometheus preserves the timestamps - when exposed by the target. - type: boolean - interval: - description: |- - Interval at which Prometheus scrapes the metrics from the target. - - If empty, Prometheus uses the global scrape interval. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - metricRelabelings: - description: |- - `metricRelabelings` configures the relabeling rules to apply to the - samples before ingestion. - items: - description: |- - RelabelConfig allows dynamic rewriting of the label set for targets, alerts, - scraped samples and remote write samples. - - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - properties: - action: - default: replace - description: |- - Action to perform based on the regex matching. - - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. - `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - - Default: "Replace" - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: |- - Modulus to take of the hash of the source label values. - - Only applicable when the action is `HashMod`. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. - type: string - replacement: - description: |- - Replacement value against which a Replace action is performed if the - regular expression matches. - - Regex capture groups are available. - type: string - separator: - description: Separator is the string between concatenated - SourceLabels. - type: string - sourceLabels: - description: |- - The source labels select values from existing labels. Their content is - concatenated using the configured Separator and matched against the - configured regular expression. - items: - description: |- - LabelName is a valid Prometheus label name which may only contain ASCII - letters, numbers, as well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: |- - Label to which the resulting string is written in a replacement. - - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, - `KeepEqual` and `DropEqual` actions. - - Regex capture groups are available. - type: string - type: object - type: array - oauth2: - description: |- - `oauth2` configures the OAuth2 settings to use when scraping the target. - - It requires Prometheus >= 2.27.0. - - Cannot be set at the same time as `authorization`, or `basicAuth`. - properties: - clientId: - description: |- - `clientId` specifies a key of a Secret or ConfigMap containing the - OAuth2 client's ID. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: |- - `clientSecret` specifies a key of a Secret containing the OAuth2 - client's secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: |- - `endpointParams` configures the HTTP parameters to append to the token - URL. - type: object - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to - use.' - pattern: ^http(s)?://.+$ - type: string - scopes: - description: '`scopes` defines the OAuth2 scopes used for - the token request.' - items: - type: string - type: array - tlsConfig: - description: |- - TLS configuration to use when connecting to the OAuth2 server. - It requires Prometheus >= v2.43.0. - properties: - ca: - description: Certificate authority used when verifying - server certificates. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing - client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for - the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - tokenUrl: - description: '`tokenURL` configures the URL to fetch the - token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - params: - additionalProperties: - items: - type: string - type: array - description: '`params` define optional HTTP URL parameters.' - type: object - path: - description: |- - HTTP path from which to scrape for metrics. - - If empty, Prometheus uses the default value (e.g. `/metrics`). - type: string - port: - description: |- - Name of the Pod port which this endpoint refers to. - - It takes precedence over `targetPort`. - type: string - proxyUrl: - description: |- - `proxyURL` configures the HTTP Proxy URL (e.g. - "http://proxyserver:2195") to go through when scraping the target. - type: string - relabelings: - description: |- - `relabelings` configures the relabeling rules to apply the target's - metadata labels. - - The Operator automatically adds relabelings for a few standard Kubernetes fields. - - The original scrape job's name is available via the `__tmp_prometheus_job_name` label. - - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - items: - description: |- - RelabelConfig allows dynamic rewriting of the label set for targets, alerts, - scraped samples and remote write samples. - - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - properties: - action: - default: replace - description: |- - Action to perform based on the regex matching. - - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. - `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - - Default: "Replace" - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: |- - Modulus to take of the hash of the source label values. - - Only applicable when the action is `HashMod`. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. - type: string - replacement: - description: |- - Replacement value against which a Replace action is performed if the - regular expression matches. - - Regex capture groups are available. - type: string - separator: - description: Separator is the string between concatenated - SourceLabels. - type: string - sourceLabels: - description: |- - The source labels select values from existing labels. Their content is - concatenated using the configured Separator and matched against the - configured regular expression. - items: - description: |- - LabelName is a valid Prometheus label name which may only contain ASCII - letters, numbers, as well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: |- - Label to which the resulting string is written in a replacement. - - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, - `KeepEqual` and `DropEqual` actions. - - Regex capture groups are available. - type: string - type: object - type: array - scheme: - description: |- - HTTP scheme to use for scraping. - - `http` and `https` are the expected values unless you rewrite the - `__scheme__` label via relabeling. - - If empty, Prometheus uses the default value `http`. - enum: - - http - - https - type: string - scrapeTimeout: - description: |- - Timeout after which Prometheus considers the scrape to be failed. - - If empty, Prometheus uses the global scrape timeout unless it is less - than the target's scrape interval value in which the latter is used. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the target port of the `Pod` object behind the Service, the - port must be specified with container port property. - - Deprecated: use 'port' instead. - x-kubernetes-int-or-string: true - tlsConfig: - description: TLS configuration to use when scraping the target. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - trackTimestampsStaleness: - description: |- - `trackTimestampsStaleness` defines whether Prometheus tracks staleness of - the metrics that have an explicit timestamp present in scraped data. - Has no effect if `honorTimestamps` is false. - - It requires Prometheus >= v2.48.0. - type: boolean - type: object - type: array - podTargetLabels: - description: |- - `podTargetLabels` defines the labels which are transferred from the - associated Kubernetes `Pod` object onto the ingested metrics. - items: - type: string - type: array - sampleLimit: - description: |- - `sampleLimit` defines a per-scrape limit on the number of scraped samples - that will be accepted. - format: int64 - type: integer - scrapeClass: - description: The scrape class to apply. - minLength: 1 - type: string - scrapeProtocols: - description: |- - `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the - protocols supported by Prometheus in order of preference (from most to least preferred). - - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.49.0. - items: - description: |- - ScrapeProtocol represents a protocol used by Prometheus for scraping metrics. - Supported values are: - * `OpenMetricsText0.0.1` - * `OpenMetricsText1.0.0` - * `PrometheusProto` - * `PrometheusText0.0.4` - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - type: string - type: array - x-kubernetes-list-type: set - selector: - description: Label selector to select the Kubernetes `Pod` objects - to scrape metrics from. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - targetLimit: - description: |- - `targetLimit` defines a limit on the number of scraped targets that will - be accepted. - format: int64 - type: integer - required: - - selector - type: object - required: - - spec - type: object - served: true - storage: true diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-monitoring.coreos.com_prometheusrules.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-monitoring.coreos.com_prometheusrules.yaml deleted file mode 100644 index bd15e3a85..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-monitoring.coreos.com_prometheusrules.yaml +++ /dev/null @@ -1,141 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.1 - operator.prometheus.io/version: 0.76.1 - name: prometheusrules.monitoring.coreos.com -spec: - group: monitoring.coreos.com - names: - categories: - - prometheus-operator - kind: PrometheusRule - listKind: PrometheusRuleList - plural: prometheusrules - shortNames: - - promrule - singular: prometheusrule - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - The `PrometheusRule` custom resource definition (CRD) defines [alerting](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) and [recording](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) rules to be evaluated by `Prometheus` or `ThanosRuler` objects. - - `Prometheus` and `ThanosRuler` objects select `PrometheusRule` objects using label and namespace selectors. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Specification of desired alerting rule definitions for Prometheus. - properties: - groups: - description: Content of Prometheus rule file - items: - description: RuleGroup is a list of sequentially evaluated recording - and alerting rules. - properties: - interval: - description: Interval determines how often rules in the group - are evaluated. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - limit: - description: |- - Limit the number of alerts an alerting rule and series a recording - rule can produce. - Limit is supported starting with Prometheus >= 2.31 and Thanos Ruler >= 0.24. - type: integer - name: - description: Name of the rule group. - minLength: 1 - type: string - partial_response_strategy: - description: |- - PartialResponseStrategy is only used by ThanosRuler and will - be ignored by Prometheus instances. - More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response - pattern: ^(?i)(abort|warn)?$ - type: string - rules: - description: List of alerting and recording rules. - items: - description: |- - Rule describes an alerting or recording rule - See Prometheus documentation: [alerting](https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) or [recording](https://www.prometheus.io/docs/prometheus/latest/configuration/recording_rules/#recording-rules) rule - properties: - alert: - description: |- - Name of the alert. Must be a valid label value. - Only one of `record` and `alert` must be set. - type: string - annotations: - additionalProperties: - type: string - description: |- - Annotations to add to each alert. - Only valid for alerting rules. - type: object - expr: - anyOf: - - type: integer - - type: string - description: PromQL expression to evaluate. - x-kubernetes-int-or-string: true - for: - description: Alerts are considered firing once they have - been returned for this long. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - keep_firing_for: - description: KeepFiringFor defines how long an alert will - continue firing after the condition that triggered it - has cleared. - minLength: 1 - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - labels: - additionalProperties: - type: string - description: Labels to add or overwrite. - type: object - record: - description: |- - Name of the time series to output to. Must be a valid metric name. - Only one of `record` and `alert` must be set. - type: string - required: - - expr - type: object - type: array - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-monitoring.coreos.com_servicemonitors.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-monitoring.coreos.com_servicemonitors.yaml deleted file mode 100644 index 9732e0384..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-monitoring.coreos.com_servicemonitors.yaml +++ /dev/null @@ -1,1180 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.16.1 - operator.prometheus.io/version: 0.76.1 - name: servicemonitors.monitoring.coreos.com -spec: - group: monitoring.coreos.com - names: - categories: - - prometheus-operator - kind: ServiceMonitor - listKind: ServiceMonitorList - plural: servicemonitors - shortNames: - - smon - singular: servicemonitor - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - The `ServiceMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of services. - Among other things, it allows to specify: - * The services to scrape via label selectors. - * The container ports to scrape. - * Authentication credentials to use. - * Target and metric relabeling. - - `Prometheus` and `PrometheusAgent` objects select `ServiceMonitor` objects using label and namespace selectors. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: |- - Specification of desired Service selection for target discovery by - Prometheus. - properties: - attachMetadata: - description: |- - `attachMetadata` defines additional metadata which is added to the - discovered targets. - - It requires Prometheus >= v2.37.0. - properties: - node: - description: |- - When set to true, Prometheus attaches node metadata to the discovered - targets. - - The Prometheus service account must have the `list` and `watch` - permissions on the `Nodes` objects. - type: boolean - type: object - bodySizeLimit: - description: |- - When defined, bodySizeLimit specifies a job level limit on the size - of uncompressed response body that will be accepted by Prometheus. - - It requires Prometheus >= v2.28.0. - pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ - type: string - endpoints: - description: |- - List of endpoints part of this ServiceMonitor. - Defines how to scrape metrics from Kubernetes [Endpoints](https://kubernetes.io/docs/concepts/services-networking/service/#endpoints) objects. - In most cases, an Endpoints object is backed by a Kubernetes [Service](https://kubernetes.io/docs/concepts/services-networking/service/) object with the same name and labels. - items: - description: |- - Endpoint defines an endpoint serving Prometheus metrics to be scraped by - Prometheus. - properties: - authorization: - description: |- - `authorization` configures the Authorization header credentials to use when - scraping the target. - - Cannot be set at the same time as `basicAuth`, or `oauth2`. - properties: - credentials: - description: Selects a key of a Secret in the namespace - that contains the credentials for authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: - description: |- - Defines the authentication type. The value is case-insensitive. - - "Basic" is not a supported value. - - Default: "Bearer" - type: string - type: object - basicAuth: - description: |- - `basicAuth` configures the Basic Authentication credentials to use when - scraping the target. - - Cannot be set at the same time as `authorization`, or `oauth2`. - properties: - password: - description: |- - `password` specifies a key of a Secret containing the password for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - username: - description: |- - `username` specifies a key of a Secret containing the username for - authentication. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - bearerTokenFile: - description: |- - File to read bearer token for scraping the target. - - Deprecated: use `authorization` instead. - type: string - bearerTokenSecret: - description: |- - `bearerTokenSecret` specifies a key of a Secret containing the bearer - token for scraping targets. The secret needs to be in the same namespace - as the ServiceMonitor object and readable by the Prometheus Operator. - - Deprecated: use `authorization` instead. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - enableHttp2: - description: '`enableHttp2` can be used to disable HTTP2 when - scraping the target.' - type: boolean - filterRunning: - description: |- - When true, the pods which are not running (e.g. either in Failed or - Succeeded state) are dropped during the target discovery. - - If unset, the filtering is enabled. - - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase - type: boolean - followRedirects: - description: |- - `followRedirects` defines whether the scrape requests should follow HTTP - 3xx redirects. - type: boolean - honorLabels: - description: |- - When true, `honorLabels` preserves the metric's labels when they collide - with the target's labels. - type: boolean - honorTimestamps: - description: |- - `honorTimestamps` controls whether Prometheus preserves the timestamps - when exposed by the target. - type: boolean - interval: - description: |- - Interval at which Prometheus scrapes the metrics from the target. - - If empty, Prometheus uses the global scrape interval. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - metricRelabelings: - description: |- - `metricRelabelings` configures the relabeling rules to apply to the - samples before ingestion. - items: - description: |- - RelabelConfig allows dynamic rewriting of the label set for targets, alerts, - scraped samples and remote write samples. - - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - properties: - action: - default: replace - description: |- - Action to perform based on the regex matching. - - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. - `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - - Default: "Replace" - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: |- - Modulus to take of the hash of the source label values. - - Only applicable when the action is `HashMod`. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. - type: string - replacement: - description: |- - Replacement value against which a Replace action is performed if the - regular expression matches. - - Regex capture groups are available. - type: string - separator: - description: Separator is the string between concatenated - SourceLabels. - type: string - sourceLabels: - description: |- - The source labels select values from existing labels. Their content is - concatenated using the configured Separator and matched against the - configured regular expression. - items: - description: |- - LabelName is a valid Prometheus label name which may only contain ASCII - letters, numbers, as well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: |- - Label to which the resulting string is written in a replacement. - - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, - `KeepEqual` and `DropEqual` actions. - - Regex capture groups are available. - type: string - type: object - type: array - oauth2: - description: |- - `oauth2` configures the OAuth2 settings to use when scraping the target. - - It requires Prometheus >= 2.27.0. - - Cannot be set at the same time as `authorization`, or `basicAuth`. - properties: - clientId: - description: |- - `clientId` specifies a key of a Secret or ConfigMap containing the - OAuth2 client's ID. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - clientSecret: - description: |- - `clientSecret` specifies a key of a Secret containing the OAuth2 - client's secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - endpointParams: - additionalProperties: - type: string - description: |- - `endpointParams` configures the HTTP parameters to append to the token - URL. - type: object - noProxy: - description: |- - `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names - that should be excluded from proxying. IP and domain names can - contain port numbers. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: string - proxyConnectHeader: - additionalProperties: - items: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: array - description: |- - ProxyConnectHeader optionally specifies headers to send to - proxies during CONNECT requests. - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: object - x-kubernetes-map-type: atomic - proxyFromEnvironment: - description: |- - Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY). - - It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. - type: boolean - proxyUrl: - description: '`proxyURL` defines the HTTP proxy server to - use.' - pattern: ^http(s)?://.+$ - type: string - scopes: - description: '`scopes` defines the OAuth2 scopes used for - the token request.' - items: - type: string - type: array - tlsConfig: - description: |- - TLS configuration to use when connecting to the OAuth2 server. - It requires Prometheus >= v2.43.0. - properties: - ca: - description: Certificate authority used when verifying - server certificates. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - cert: - description: Client certificate to present when doing - client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for - the targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the - targets. - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for - the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - tokenUrl: - description: '`tokenURL` configures the URL to fetch the - token from.' - minLength: 1 - type: string - required: - - clientId - - clientSecret - - tokenUrl - type: object - params: - additionalProperties: - items: - type: string - type: array - description: params define optional HTTP URL parameters. - type: object - path: - description: |- - HTTP path from which to scrape for metrics. - - If empty, Prometheus uses the default value (e.g. `/metrics`). - type: string - port: - description: |- - Name of the Service port which this endpoint refers to. - - It takes precedence over `targetPort`. - type: string - proxyUrl: - description: |- - `proxyURL` configures the HTTP Proxy URL (e.g. - "http://proxyserver:2195") to go through when scraping the target. - type: string - relabelings: - description: |- - `relabelings` configures the relabeling rules to apply the target's - metadata labels. - - The Operator automatically adds relabelings for a few standard Kubernetes fields. - - The original scrape job's name is available via the `__tmp_prometheus_job_name` label. - - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - items: - description: |- - RelabelConfig allows dynamic rewriting of the label set for targets, alerts, - scraped samples and remote write samples. - - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - properties: - action: - default: replace - description: |- - Action to perform based on the regex matching. - - `Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0. - `DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0. - - Default: "Replace" - enum: - - replace - - Replace - - keep - - Keep - - drop - - Drop - - hashmod - - HashMod - - labelmap - - LabelMap - - labeldrop - - LabelDrop - - labelkeep - - LabelKeep - - lowercase - - Lowercase - - uppercase - - Uppercase - - keepequal - - KeepEqual - - dropequal - - DropEqual - type: string - modulus: - description: |- - Modulus to take of the hash of the source label values. - - Only applicable when the action is `HashMod`. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. - type: string - replacement: - description: |- - Replacement value against which a Replace action is performed if the - regular expression matches. - - Regex capture groups are available. - type: string - separator: - description: Separator is the string between concatenated - SourceLabels. - type: string - sourceLabels: - description: |- - The source labels select values from existing labels. Their content is - concatenated using the configured Separator and matched against the - configured regular expression. - items: - description: |- - LabelName is a valid Prometheus label name which may only contain ASCII - letters, numbers, as well as underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: |- - Label to which the resulting string is written in a replacement. - - It is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`, - `KeepEqual` and `DropEqual` actions. - - Regex capture groups are available. - type: string - type: object - type: array - scheme: - description: |- - HTTP scheme to use for scraping. - - `http` and `https` are the expected values unless you rewrite the - `__scheme__` label via relabeling. - - If empty, Prometheus uses the default value `http`. - enum: - - http - - https - type: string - scrapeTimeout: - description: |- - Timeout after which Prometheus considers the scrape to be failed. - - If empty, Prometheus uses the global scrape timeout unless it is less - than the target's scrape interval value in which the latter is used. - pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the target port of the `Pod` object behind the - Service. The port must be specified with the container's port property. - x-kubernetes-int-or-string: true - tlsConfig: - description: TLS configuration to use when scraping the target. - properties: - ca: - description: Certificate authority used when verifying server - certificates. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. - type: string - cert: - description: Client certificate to present when doing client-authentication. - properties: - configMap: - description: ConfigMap containing data to use for the - targets. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - certFile: - description: Path to the client cert file in the Prometheus - container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the Prometheus - container for the targets. - type: string - keySecret: - description: Secret containing the client key file for the - targets. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - maxVersion: - description: |- - Maximum acceptable TLS version. - - It requires Prometheus >= v2.41.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - minVersion: - description: |- - Minimum acceptable TLS version. - - It requires Prometheus >= v2.35.0. - enum: - - TLS10 - - TLS11 - - TLS12 - - TLS13 - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - trackTimestampsStaleness: - description: |- - `trackTimestampsStaleness` defines whether Prometheus tracks staleness of - the metrics that have an explicit timestamp present in scraped data. - Has no effect if `honorTimestamps` is false. - - It requires Prometheus >= v2.48.0. - type: boolean - type: object - type: array - jobLabel: - description: |- - `jobLabel` selects the label from the associated Kubernetes `Service` - object which will be used as the `job` label for all metrics. - - For example if `jobLabel` is set to `foo` and the Kubernetes `Service` - object is labeled with `foo: bar`, then Prometheus adds the `job="bar"` - label to all ingested metrics. - - If the value of this field is empty or if the label doesn't exist for - the given Service, the `job` label of the metrics defaults to the name - of the associated Kubernetes `Service`. - type: string - keepDroppedTargets: - description: |- - Per-scrape limit on the number of targets dropped by relabeling - that will be kept in memory. 0 means no limit. - - It requires Prometheus >= v2.47.0. - format: int64 - type: integer - labelLimit: - description: |- - Per-scrape limit on number of labels that will be accepted for a sample. - - It requires Prometheus >= v2.27.0. - format: int64 - type: integer - labelNameLengthLimit: - description: |- - Per-scrape limit on length of labels name that will be accepted for a sample. - - It requires Prometheus >= v2.27.0. - format: int64 - type: integer - labelValueLengthLimit: - description: |- - Per-scrape limit on length of labels value that will be accepted for a sample. - - It requires Prometheus >= v2.27.0. - format: int64 - type: integer - namespaceSelector: - description: |- - `namespaceSelector` defines in which namespace(s) Prometheus should discover the services. - By default, the services are discovered in the same namespace as the `ServiceMonitor` object but it is possible to select pods across different/all namespaces. - properties: - any: - description: |- - Boolean describing whether all namespaces are selected in contrast to a - list restricting them. - type: boolean - matchNames: - description: List of namespace names to select from. - items: - type: string - type: array - type: object - podTargetLabels: - description: |- - `podTargetLabels` defines the labels which are transferred from the - associated Kubernetes `Pod` object onto the ingested metrics. - items: - type: string - type: array - sampleLimit: - description: |- - `sampleLimit` defines a per-scrape limit on the number of scraped samples - that will be accepted. - format: int64 - type: integer - scrapeClass: - description: The scrape class to apply. - minLength: 1 - type: string - scrapeProtocols: - description: |- - `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the - protocols supported by Prometheus in order of preference (from most to least preferred). - - If unset, Prometheus uses its default value. - - It requires Prometheus >= v2.49.0. - items: - description: |- - ScrapeProtocol represents a protocol used by Prometheus for scraping metrics. - Supported values are: - * `OpenMetricsText0.0.1` - * `OpenMetricsText1.0.0` - * `PrometheusProto` - * `PrometheusText0.0.4` - enum: - - PrometheusProto - - OpenMetricsText0.0.1 - - OpenMetricsText1.0.0 - - PrometheusText0.0.4 - type: string - type: array - x-kubernetes-list-type: set - selector: - description: Label selector to select the Kubernetes `Endpoints` objects - to scrape metrics from. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - targetLabels: - description: |- - `targetLabels` defines the labels which are transferred from the - associated Kubernetes `Service` object onto the ingested metrics. - items: - type: string - type: array - targetLimit: - description: |- - `targetLimit` defines a limit on the number of scraped targets that will - be accepted. - format: int64 - type: integer - required: - - endpoints - - selector - type: object - required: - - spec - type: object - served: true - storage: true diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-nodepools.hypershift.openshift.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-nodepools.hypershift.openshift.io.yaml deleted file mode 100644 index 41f0da2d3..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-nodepools.hypershift.openshift.io.yaml +++ /dev/null @@ -1,2554 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - name: nodepools.hypershift.openshift.io -spec: - group: hypershift.openshift.io - names: - kind: NodePool - listKind: NodePoolList - plural: nodepools - shortNames: - - np - - nps - singular: nodepool - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster - jsonPath: .spec.clusterName - name: Cluster - type: string - - description: Desired Nodes - jsonPath: .spec.replicas - name: Desired Nodes - type: integer - - description: Available Nodes - jsonPath: .status.replicas - name: Current Nodes - type: integer - - description: Autoscaling Enabled - jsonPath: .status.conditions[?(@.type=="AutoscalingEnabled")].status - name: Autoscaling - type: string - - description: Node Autorepair Enabled - jsonPath: .status.conditions[?(@.type=="AutorepairEnabled")].status - name: Autorepair - type: string - - description: Current version - jsonPath: .status.version - name: Version - type: string - - description: UpdatingVersion in progress - jsonPath: .status.conditions[?(@.type=="UpdatingVersion")].status - name: UpdatingVersion - type: string - - description: UpdatingConfig in progress - jsonPath: .status.conditions[?(@.type=="UpdatingConfig")].status - name: UpdatingConfig - type: string - - description: Message - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Message - type: string - deprecated: true - deprecationWarning: v1alpha1 is a deprecated version for NodePool - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - NodePool is a scalable set of worker nodes attached to a HostedCluster. - NodePool machine architectures are uniform within a given pool, and are - independent of the control plane’s underlying machine architecture. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Spec is the desired behavior of the NodePool. - properties: - arch: - default: amd64 - description: "Arch is the preferred processor architecture for the - NodePool (currently only supported on AWS)\nNOTE: This is set as - optional to prevent validation from failing due to a limitation - on client side validation with open API machinery:\n\thttps://github.com/kubernetes/kubernetes/issues/108768#issuecomment-1253912215\nTODO - Add ppc64le and s390x to enum validation once the architectures - are supported" - enum: - - arm64 - - amd64 - type: string - autoScaling: - description: Autoscaling specifies auto-scaling behavior for the NodePool. - properties: - max: - description: Max is the maximum number of nodes allowed in the - pool. Must be >= 1. - format: int32 - minimum: 1 - type: integer - min: - description: Min is the minimum number of nodes to maintain in - the pool. Must be >= 1. - format: int32 - minimum: 1 - type: integer - required: - - max - - min - type: object - clusterName: - description: |- - ClusterName is the name of the HostedCluster this NodePool belongs to. - - - TODO(dan): Should this be a LocalObjectReference? - type: string - x-kubernetes-validations: - - message: ClusterName is immutable - rule: self == oldSelf - config: - description: |- - Config is a list of references to ConfigMaps containing serialized - MachineConfig resources to be injected into the ignition configurations of - nodes in the NodePool. The MachineConfig API schema is defined here: - - - https://github.com/openshift/machine-config-operator/blob/18963e4f8fe66e8c513ca4b131620760a414997f/pkg/apis/machineconfiguration.openshift.io/v1/types.go#L185 - - - Each ConfigMap must have a single key named "config" whose value is the - JSON or YAML of a serialized MachineConfig. - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - type: array - management: - description: |- - Management specifies behavior for managing nodes in the pool, such as - upgrade strategies and auto-repair behaviors. - properties: - autoRepair: - default: false - description: |- - AutoRepair specifies whether health checks should be enabled for machines - in the NodePool. The default is false. - type: boolean - inPlace: - description: InPlace is the configuration for in-place upgrades. - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - MaxUnavailable is the maximum number of nodes that can be unavailable - during the update. - - - Value can be an absolute number (ex: 5) or a percentage of desired nodes - (ex: 10%). - - - Absolute number is calculated from percentage by rounding down. - - - Defaults to 1. - - - Example: when this is set to 30%, a max of 30% of the nodes can be made - unschedulable/unavailable immediately when the update starts. Once a set - of nodes is updated, more nodes can be made unschedulable for update, - ensuring that the total number of nodes schedulable at all times during - the update is at least 70% of desired nodes. - x-kubernetes-int-or-string: true - type: object - replace: - default: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - strategy: RollingUpdate - description: Replace is the configuration for rolling upgrades. - properties: - rollingUpdate: - description: |- - RollingUpdate specifies a rolling update strategy which upgrades nodes by - creating new nodes and deleting the old ones. - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - MaxSurge is the maximum number of nodes that can be provisioned above the - desired number of nodes. - - - Value can be an absolute number (ex: 5) or a percentage of desired nodes - (ex: 10%). - - - Absolute number is calculated from percentage by rounding up. - - - This can not be 0 if MaxUnavailable is 0. - - - Defaults to 1. - - - Example: when this is set to 30%, new nodes can be provisioned immediately - when the rolling update starts, such that the total number of old and new - nodes do not exceed 130% of desired nodes. Once old nodes have been - deleted, new nodes can be provisioned, ensuring that total number of nodes - running at any time during the update is at most 130% of desired nodes. - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - MaxUnavailable is the maximum number of nodes that can be unavailable - during the update. - - - Value can be an absolute number (ex: 5) or a percentage of desired nodes - (ex: 10%). - - - Absolute number is calculated from percentage by rounding down. - - - This can not be 0 if MaxSurge is 0. - - - Defaults to 0. - - - Example: when this is set to 30%, old nodes can be deleted down to 70% of - desired nodes immediately when the rolling update starts. Once new nodes - are ready, more old nodes be deleted, followed by provisioning new nodes, - ensuring that the total number of nodes available at all times during the - update is at least 70% of desired nodes. - x-kubernetes-int-or-string: true - type: object - strategy: - description: Strategy is the node replacement strategy for - nodes in the pool. - enum: - - RollingUpdate - - OnDelete - type: string - type: object - upgradeType: - description: UpgradeType specifies the type of strategy for handling - upgrades. - enum: - - Replace - - InPlace - type: string - x-kubernetes-validations: - - message: UpgradeType is immutable - rule: self == oldSelf - required: - - upgradeType - type: object - nodeCount: - description: |- - Deprecated: Use Replicas instead. NodeCount will be dropped in the next - api release. - format: int32 - type: integer - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - TODO (alberto): Today changing this field will trigger a recreate rolling update, which kind of defeats - the purpose of the change. In future we plan to propagate this field in-place. - https://github.com/kubernetes-sigs/cluster-api/issues/5880 - type: string - nodeLabels: - additionalProperties: - type: string - description: |- - NodeLabels propagates a list of labels to Nodes, only once on creation. - Valid values are those in https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set - type: object - nodeVolumeDetachTimeout: - description: |- - NodeVolumeDetachTimeout is the maximum amount of time that the controller will spend on detaching volume from a node. - After the timeout, volumes that haven't been detached are skipped. - type: string - pausedUntil: - description: |- - PausedUntil is a field that can be used to pause reconciliation on a resource. - Either a date can be provided in RFC3339 format or a boolean. If a date is - provided: reconciliation is paused on the resource until that date. If the boolean true is - provided: reconciliation is paused on the resource until the field is removed. - type: string - platform: - description: |- - Platform specifies the underlying infrastructure provider for the NodePool - and is used to configure platform specific behavior. - properties: - agent: - description: Agent specifies the configuration used when using - Agent platform. - properties: - agentLabelSelector: - description: |- - AgentLabelSelector contains labels that must be set on an Agent in order to - be selected for a Machine. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: object - aws: - description: AWS specifies the configuration used when operating - on AWS. - properties: - ami: - description: |- - AMI is the image id to use for node instances. If unspecified, the default - is chosen based on the NodePool release payload image. - type: string - instanceProfile: - description: InstanceProfile is the AWS EC2 instance profile, - which is a container for an IAM role that the EC2 instance - uses. - type: string - instanceType: - description: InstanceType is an ec2 instance type for node - instances (e.g. m5.large). - type: string - resourceTags: - description: |- - ResourceTags is an optional list of additional tags to apply to AWS node - instances. - - - These will be merged with HostedCluster scoped tags, and HostedCluster tags - take precedence in case of conflicts. - - - See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for - information on tagging AWS resources. AWS supports a maximum of 50 tags per - resource. OpenShift reserves 25 tags for its use, leaving 25 tags available - for the user. - items: - description: AWSResourceTag is a tag to apply to AWS resources - created for the cluster. - properties: - key: - description: Key is the key of the tag. - maxLength: 128 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - value: - description: |- - Value is the value of the tag. - - - Some AWS service do not support empty values. Since tags are added to - resources in many services, the length of the tag value must meet the - requirements of all services. - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - required: - - key - - value - type: object - maxItems: 25 - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - rootVolume: - description: RootVolume specifies configuration for the root - volume of node instances. - properties: - encrypted: - description: Encrypted is whether the volume should be - encrypted or not. - type: boolean - x-kubernetes-validations: - - message: Encrypted is immutable - rule: self == oldSelf - encryptionKey: - description: |- - EncryptionKey is the KMS key to use to encrypt the volume. Can be either a KMS key ID or ARN. - If Encrypted is set and this is omitted, the default AWS key will be used. - The key must already exist and be accessible by the controller. - type: string - iops: - description: |- - IOPS is the number of IOPS requested for the disk. This is only valid - for type io1. - format: int64 - type: integer - size: - description: |- - Size specifies size (in Gi) of the storage device. - - - Must be greater than the image snapshot size or 8 (whichever is greater). - format: int64 - minimum: 8 - type: integer - type: - description: Type is the type of the volume. - type: string - required: - - size - - type - type: object - securityGroups: - description: |- - SecurityGroups is an optional set of security groups to associate with node - instances. - items: - description: |- - AWSResourceReference is a reference to a specific AWS resource by ID or filters. - Only one of ID or Filters may be specified. Specifying more than one will result in - a validation error. - properties: - filters: - description: |- - Filters is a set of key/value pairs used to identify a resource - They are applied according to the rules defined by the AWS API: - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html - items: - description: Filter is a filter used to identify an - AWS resource - properties: - name: - description: Name of the filter. Filter names - are case-sensitive. - type: string - values: - description: Values includes one or more filter - values. Filter values are case-sensitive. - items: - type: string - type: array - required: - - name - - values - type: object - type: array - id: - description: ID of resource - type: string - type: object - type: array - subnet: - description: Subnet is the subnet to use for node instances. - properties: - filters: - description: |- - Filters is a set of key/value pairs used to identify a resource - They are applied according to the rules defined by the AWS API: - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html - items: - description: Filter is a filter used to identify an - AWS resource - properties: - name: - description: Name of the filter. Filter names are - case-sensitive. - type: string - values: - description: Values includes one or more filter - values. Filter values are case-sensitive. - items: - type: string - type: array - required: - - name - - values - type: object - type: array - id: - description: ID of resource - type: string - type: object - x-kubernetes-validations: - - message: subnet is invalid, a valid subnet id or filters - must be set, but not both - rule: 'has(self.id) && self.id.startsWith(''subnet-'') ? - !has(self.filters) : size(self.filters) > 0' - tenancy: - description: |- - Tenancy indicates if instance should run on shared or single-tenant hardware. - - - Possible values: - default: NodePool instances run on shared hardware. - dedicated: Each NodePool instance runs on single-tenant hardware. - host: NodePool instances run on user's pre-allocated dedicated hosts. - enum: - - default - - dedicated - - host - type: string - required: - - instanceType - type: object - azure: - properties: - availabilityZone: - description: |- - AvailabilityZone is the failure domain identifier where the VM should be attached to. This must not be specified - for clusters in a location that does not support AvailabilityZone. - type: string - diagnostics: - description: |- - Diagnostics specifies the diagnostics settings for a virtual machine. - If not specified, then Boot diagnostics will be disabled. - properties: - storageAccountType: - default: Disabled - description: |- - StorageAccountType determines if the storage account for storing the diagnostics data - should be disabled (Disabled), provisioned by Azure (Managed) or by the user (UserManaged). - enum: - - Managed - - UserManaged - - Disabled - type: string - storageAccountURI: - description: |- - StorageAccountURI is the URI of the user-managed storage account. - The URI typically will be `https://.blob.core.windows.net/` - but may differ if you are using Azure DNS zone endpoints. - You can find the correct endpoint by looking for the Blob Primary Endpoint in the - endpoints tab in the Azure console or with the CLI by issuing - `az storage account list --query='[].{name: name, "resource group": resourceGroup, "blob endpoint": primaryEndpoints.blob}'`. - format: uri - maxLength: 1024 - type: string - type: object - x-kubernetes-validations: - - message: storageAccountURI is required when storageAccountType - is UserManaged - rule: 'self.storageAccountType == ''UserManaged'' ? has(self.storageAccountURI) - : true' - diskEncryptionSetID: - description: |- - DiskEncryptionSetID is the ID of the DiskEncryptionSet resource to use to encrypt the OS disks for the VMs. This - needs to exist in the same subscription id listed in the Hosted Cluster, hcluster.Spec.Platform.Azure.SubscriptionID. - DiskEncryptionSetID should also exist in a resource group under the same subscription id and the same location - listed in the Hosted Cluster, hcluster.Spec.Platform.Azure.Location. - type: string - diskSizeGB: - default: 120 - description: DiskSizeGB is the size in GB to assign to the - OS disk - format: int32 - minimum: 16 - type: integer - diskStorageAccountType: - default: Premium_LRS - description: |- - DiskStorageAccountType is the disk storage account type to use. Valid values are: - * Standard_LRS: HDD - * StandardSSD_LRS: Standard SSD - * Premium_LRS: Premium SDD - * UltraSSD_LRS: Ultra SDD - - - Defaults to Premium_LRS. For more details, visit the Azure documentation: - https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison - enum: - - Standard_LRS - - StandardSSD_LRS - - Premium_LRS - - UltraSSD_LRS - type: string - enableEphemeralOSDisk: - description: EnableEphemeralOSDisk is a flag when set to true, - will enable ephemeral OS disk. - type: boolean - image: - description: Image is the image to boot the VMs with - properties: - azureImageType: - description: |- - Type is the type of image data that will be provided to the Azure VM. This can be either "ImageID" or - "AzureMarketplace". - enum: - - ImageID - - AzureMarketplace - type: string - azureMarketplace: - description: AzureMarketplace contains the Azure Marketplace - image info to use to boot the Azure VMs from. - properties: - offer: - description: Offer specifies the name of a group of - related images created by the publisher. - minLength: 1 - type: string - publisher: - description: Publisher is the name of the organization - that created the image - minLength: 1 - type: string - sku: - description: |- - SKU specifies an instance of an offer, such as a major release of a distribution. - For example, 18.04-LTS, 2019-Datacenter - minLength: 1 - type: string - version: - description: |- - Version specifies the version of an image sku. The allowed formats are Major.Minor.Build or 'latest'. Major, - Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at - deployment time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a - new version becomes available. - minLength: 1 - type: string - required: - - offer - - publisher - - sku - - version - type: object - imageID: - description: ImageID is the Azure resource ID of a VHD - image to use to boot the Azure VMs from. - type: string - required: - - azureImageType - type: object - x-kubernetes-validations: - - message: Image is immutable - rule: self == oldSelf - machineIdentityID: - type: string - subnetID: - description: |- - SubnetID is the subnet ID of an existing subnet where the nodes in the nodepool will be created. This can be a - different subnet than the one listed in the HostedCluster, hcluster.Spec.Platform.Azure.SubnetID, but must exist - in the same hcluster.Spec.Platform.Azure.VnetID and must exist under the same subscription ID, - hcluster.Spec.Platform.Azure.SubscriptionID. - type: string - x-kubernetes-validations: - - message: SubnetID is immutable - rule: self == oldSelf - vmsize: - description: VMSize is the Azure VM instance type to use for - the nodes being created in the nodepool. - type: string - required: - - image - - machineIdentityID - - subnetID - - vmsize - type: object - ibmcloud: - description: IBMCloud defines IBMCloud specific settings for components - properties: - providerType: - description: ProviderType is a specific supported infrastructure - provider within IBM Cloud. - type: string - type: object - kubevirt: - description: Kubevirt specifies the configuration used when operating - on KubeVirt platform. - properties: - additionalNetworks: - description: AdditionalNetworks specify the extra networks - attached to the nodes - items: - description: |- - KubevirtNetwork specifies the configuration for a virtual machine - network interface - properties: - name: - description: |- - Name specify the network attached to the nodes - it is a value with the format "[namespace]/[name]" to reference the - multus network attachment definition - type: string - required: - - name - type: object - type: array - attachDefaultNetwork: - default: true - description: |- - AttachDefaultNetwork specify if the default pod network should be attached to the nodes - this can only be set to false if AdditionalNetworks are configured - type: boolean - compute: - default: - cores: 2 - memory: 8Gi - description: Compute contains values representing the virtual - hardware requested for the VM - properties: - cores: - default: 2 - description: Cores represents how many cores the guest - VM should have - format: int32 - type: integer - memory: - anyOf: - - type: integer - - type: string - default: 8Gi - description: Memory represents how much guest memory the - VM should have - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - qosClass: - default: Burstable - description: |- - QosClass If set to "Guaranteed", requests the scheduler to place the VirtualMachineInstance on a node with - limit memory and CPU, equal to be the requested values, to set the VMI as a Guaranteed QoS Class; - See here for more details: - https://kubevirt.io/user-guide/operations/node_overcommit/#requesting-the-right-qos-class-for-virtualmachineinstances - enum: - - Burstable - - Guaranteed - type: string - type: object - hostDevices: - description: |- - KubevirtHostDevices specifies the host devices (e.g. GPU devices) to be passed - from the management cluster, to the nodepool nodes - items: - properties: - count: - default: 1 - description: |- - Count is the number of instances the specified host device will be attached to each of the - NodePool's nodes. Default is 1. - minimum: 1 - type: integer - deviceName: - description: |- - DeviceName is the name of the host device that is desired to be utilized in the HostedCluster's NodePool - The device can be any supported PCI device, including GPU, either as a passthrough or a vGPU slice. - type: string - required: - - deviceName - type: object - type: array - networkInterfaceMultiqueue: - default: Enable - description: |- - NetworkInterfaceMultiQueue If set to "Enable", virtual network interfaces configured with a virtio bus will also - enable the vhost multiqueue feature for network devices. The number of queues created depends on additional - factors of the VirtualMachineInstance, like the number of guest CPUs. - enum: - - Enable - - Disable - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the kubevirt VirtualMachine to fit on a node. - Selector which must match a node's labels for the VM to be scheduled on that node. More info: - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - rootVolume: - default: - persistent: - size: 32Gi - type: Persistent - description: RootVolume represents values associated with - the VM volume that will host rhcos - properties: - cacheStrategy: - description: CacheStrategy defines the boot image caching - strategy. Default - no caching - properties: - type: - default: None - description: Type is the type of the caching strategy - enum: - - None - - PVC - type: string - required: - - type - type: object - diskImage: - description: Image represents what rhcos image to use - for the node pool - properties: - containerDiskImage: - description: ContainerDiskImage is a string representing - the container image that holds the root disk - type: string - type: object - persistent: - description: |- - Persistent volume type means the VM's storage is backed by a PVC - VMs that use persistent volumes can survive disruption events like restart and eviction - This is the default type used when no storage type is defined. - properties: - accessModes: - description: |- - AccessModes is an array that contains the desired Access Modes the root volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes - items: - enum: - - ReadWriteOnce - - ReadWriteMany - - ReadOnly - - ReadWriteOncePod - type: string - type: array - size: - anyOf: - - type: integer - - type: string - default: 32Gi - description: Size is the size of the persistent storage - volume - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - storageClass: - description: StorageClass is the storageClass used - for the underlying PVC that hosts the volume - type: string - volumeMode: - description: |- - VolumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - enum: - - Filesystem - - Block - type: string - type: object - type: - default: Persistent - description: Type represents the type of storage to associate - with the kubevirt VMs. - enum: - - Persistent - type: string - type: object - required: - - rootVolume - type: object - powervs: - description: PowerVS specifies the configuration used when using - IBMCloud PowerVS platform. - properties: - image: - description: |- - Image used for deploying the nodes. If unspecified, the default - is chosen based on the NodePool release payload image. - properties: - id: - description: ID of resource - type: string - name: - description: Name of resource - type: string - type: object - imageDeletePolicy: - default: delete - description: |- - ImageDeletePolicy is policy for the image deletion. - - - delete: delete the image from the infrastructure. - retain: delete the image from the openshift but retain in the infrastructure. - - - The default is delete - enum: - - delete - - retain - type: string - memoryGiB: - default: 32 - description: |- - MemoryGiB is the size of a virtual machine's memory, in GiB. - maximum value for the MemoryGiB depends on the selected SystemType. - when SystemType is set to e880 maximum MemoryGiB value is 7463 GiB. - when SystemType is set to e980 maximum MemoryGiB value is 15307 GiB. - when SystemType is set to s922 maximum MemoryGiB value is 942 GiB. - The minimum memory is 32 GiB. - - - When omitted, this means the user has no opinion and the platform is left to choose a reasonable - default. The current default is 32. - format: int32 - type: integer - processorType: - default: shared - description: |- - ProcessorType is the VM instance processor type. - It must be set to one of the following values: Dedicated, Capped or Shared. - - - Dedicated: resources are allocated for a specific client, The hypervisor makes a 1:1 binding of a partition’s processor to a physical processor core. - Shared: Shared among other clients. - Capped: Shared, but resources do not expand beyond those that are requested, the amount of CPU time is Capped to the value specified for the entitlement. - - - if the processorType is selected as Dedicated, then Processors value cannot be fractional. - When omitted, this means that the user has no opinion and the platform is left to choose a - reasonable default. The current default is shared. - enum: - - dedicated - - shared - - capped - type: string - processors: - anyOf: - - type: integer - - type: string - default: "0.5" - description: |- - Processors is the number of virtual processors in a virtual machine. - when the processorType is selected as Dedicated the processors value cannot be fractional. - maximum value for the Processors depends on the selected SystemType. - when SystemType is set to e880 or e980 maximum Processors value is 143. - when SystemType is set to s922 maximum Processors value is 15. - minimum value for Processors depends on the selected ProcessorType. - when ProcessorType is set as Shared or Capped, The minimum processors is 0.5. - when ProcessorType is set as Dedicated, The minimum processors is 1. - When omitted, this means that the user has no opinion and the platform is left to choose a - reasonable default. The default is set based on the selected ProcessorType. - when ProcessorType selected as Dedicated, the default is set to 1. - when ProcessorType selected as Shared or Capped, the default is set to 0.5. - x-kubernetes-int-or-string: true - storageType: - default: tier1 - description: |- - StorageType for the image and nodes, this will be ignored if Image is specified. - The storage tiers in PowerVS are based on I/O operations per second (IOPS). - It means that the performance of your storage volumes is limited to the maximum number of IOPS based on volume size and storage tier. - Although, the exact numbers might change over time, the Tier 3 storage is currently set to 3 IOPS/GB, and the Tier 1 storage is currently set to 10 IOPS/GB. - - - The default is tier1 - enum: - - tier1 - - tier3 - type: string - systemType: - default: s922 - description: |- - SystemType is the System type used to host the instance. - systemType determines the number of cores and memory that is available. - Few of the supported SystemTypes are s922,e880,e980. - e880 systemType available only in Dallas Datacenters. - e980 systemType available in Datacenters except Dallas and Washington. - When omitted, this means that the user has no opinion and the platform is left to choose a - reasonable default. The current default is s922 which is generally available. - type: string - type: object - type: - description: Type specifies the platform name. - enum: - - AWS - - None - - IBMCloud - - Agent - - KubeVirt - - Azure - - PowerVS - type: string - x-kubernetes-validations: - - message: Type is immutable - rule: self == oldSelf - required: - - type - type: object - x-kubernetes-validations: - - message: Platform is immutable - rule: self == oldSelf - release: - description: |- - Release specifies the OCP release used for the NodePool. This informs the - ignition configuration for machines, as well as other platform specific - machine properties (e.g. an AMI on the AWS platform). - properties: - image: - description: Image is the image pullspec of an OCP release payload - image. - pattern: ^(\w+\S+)$ - type: string - required: - - image - type: object - replicas: - description: |- - Replicas is the desired number of nodes the pool should maintain. If - unset, the default value is 0. - format: int32 - type: integer - taints: - description: Taints if specified, propagates a list of taints to Nodes, - only once on creation. - items: - description: |- - Taint is as v1 Core but without TimeAdded. - https://github.com/kubernetes/kubernetes/blob/ed8cad1e80d096257921908a52ac69cf1f41a098/staging/src/k8s.io/api/core/v1/types.go#L3037-L3053 - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied to a node. - type: string - value: - description: The taint value corresponding to the taint key. - type: string - required: - - effect - - key - type: object - type: array - tuningConfig: - description: |- - TuningConfig is a list of references to ConfigMaps containing serialized - Tuned resources to define the tuning configuration to be applied to - nodes in the NodePool. The Tuned API is defined here: - - - https://github.com/openshift/cluster-node-tuning-operator/blob/2c76314fb3cc8f12aef4a0dcd67ddc3677d5b54f/pkg/apis/tuned/v1/tuned_types.go - - - Each ConfigMap must have a single key named "tuned" whose value is the - JSON or YAML of a serialized Tuned. - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - type: array - required: - - clusterName - - management - - platform - - release - type: object - status: - description: Status is the latest observed status of the NodePool. - properties: - conditions: - description: |- - Conditions represents the latest available observations of the node pool's - current state. - items: - description: |- - We define our own condition type since metav1.Condition has validation - for Reason that might be broken by what we bubble up from CAPI. - NodePoolCondition defines an observation of NodePool resource operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - observedGeneration: - format: int64 - minimum: 0 - type: integer - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - platform: - description: Platform hols the specific statuses - properties: - kubeVirt: - description: KubeVirt contains the KubeVirt platform statuses - properties: - cacheName: - description: CacheName holds the name of the cache DataVolume, - if exists - type: string - credentials: - description: |- - Credentials shows the client credentials used when creating KubeVirt virtual machines. - This filed is only exists when the KubeVirt virtual machines are being placed - on a cluster separate from the one hosting the Hosted Control Plane components. - - - The default behavior when Credentials is not defined is for the KubeVirt VMs to be placed on - the same cluster and namespace as the Hosted Control Plane. - properties: - infraKubeConfigSecret: - description: |- - InfraKubeConfigSecret is a reference to a secret that contains the kubeconfig for the external infra cluster - that will be used to host the KubeVirt virtual machines for this cluster. - properties: - key: - type: string - name: - type: string - required: - - key - - name - type: object - x-kubernetes-validations: - - message: infraKubeConfigSecret is immutable - rule: self == oldSelf - infraNamespace: - description: |- - InfraNamespace defines the namespace on the external infra cluster that is used to host the KubeVirt - virtual machines. This namespace must already exist before creating the HostedCluster and the kubeconfig - referenced in the InfraKubeConfigSecret must have access to manage the required resources within this - namespace. - type: string - x-kubernetes-validations: - - message: infraNamespace is immutable - rule: self == oldSelf - required: - - infraNamespace - type: object - type: object - type: object - replicas: - description: Replicas is the latest observed number of nodes in the - pool. - format: int32 - type: integer - version: - description: |- - Version is the semantic version of the latest applied release specified by - the NodePool. - type: string - type: object - type: object - served: true - storage: false - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - - additionalPrinterColumns: - - description: Cluster - jsonPath: .spec.clusterName - name: Cluster - type: string - - description: Desired Nodes - jsonPath: .spec.replicas - name: Desired Nodes - type: integer - - description: Available Nodes - jsonPath: .status.replicas - name: Current Nodes - type: integer - - description: Autoscaling Enabled - jsonPath: .status.conditions[?(@.type=="AutoscalingEnabled")].status - name: Autoscaling - type: string - - description: Node Autorepair Enabled - jsonPath: .status.conditions[?(@.type=="AutorepairEnabled")].status - name: Autorepair - type: string - - description: Current version - jsonPath: .status.version - name: Version - type: string - - description: UpdatingVersion in progress - jsonPath: .status.conditions[?(@.type=="UpdatingVersion")].status - name: UpdatingVersion - type: string - - description: UpdatingConfig in progress - jsonPath: .status.conditions[?(@.type=="UpdatingConfig")].status - name: UpdatingConfig - type: string - - description: Message - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Message - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: |- - NodePool is a scalable set of worker nodes attached to a HostedCluster. - NodePool machine architectures are uniform within a given pool, and are - independent of the control plane’s underlying machine architecture. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Spec is the desired behavior of the NodePool. - properties: - arch: - default: amd64 - description: "Arch is the preferred processor architecture for the - NodePool (currently only supported on AWS)\nNOTE: This is set as - optional to prevent validation from failing due to a limitation - on client side validation with open API machinery:\n\thttps://github.com/kubernetes/kubernetes/issues/108768#issuecomment-1253912215\nTODO - Add s390x to enum validation once the architecture is supported" - enum: - - arm64 - - amd64 - - ppc64le - type: string - x-kubernetes-validations: - - message: Arch is immutable - rule: self == oldSelf - autoScaling: - description: Autoscaling specifies auto-scaling behavior for the NodePool. - properties: - max: - description: Max is the maximum number of nodes allowed in the - pool. Must be >= 1. - format: int32 - minimum: 1 - type: integer - min: - description: Min is the minimum number of nodes to maintain in - the pool. Must be >= 1. - format: int32 - minimum: 1 - type: integer - required: - - max - - min - type: object - x-kubernetes-validations: - - message: max must be equal or greater than min - rule: self.max >= self.min - clusterName: - description: |- - ClusterName is the name of the HostedCluster this NodePool belongs to. - - - TODO(dan): Should this be a LocalObjectReference? - type: string - x-kubernetes-validations: - - message: ClusterName is immutable - rule: self == oldSelf - config: - description: |- - Config is a list of references to ConfigMaps containing serialized - MachineConfig resources to be injected into the ignition configurations of - nodes in the NodePool. The MachineConfig API schema is defined here: - - - https://github.com/openshift/machine-config-operator/blob/18963e4f8fe66e8c513ca4b131620760a414997f/pkg/apis/machineconfiguration.openshift.io/v1/types.go#L185 - - - Each ConfigMap must have a single key named "config" whose value is the YML - with one or more serialized machineconfiguration.openshift.io resources: - KubeletConfig - ContainerRuntimeConfig - MachineConfig - ClusterImagePolicy - ImageContentSourcePolicy - or - ImageDigestMirrorSet - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - type: array - management: - description: |- - Management specifies behavior for managing nodes in the pool, such as - upgrade strategies and auto-repair behaviors. - properties: - autoRepair: - default: false - description: |- - AutoRepair specifies whether health checks should be enabled for machines - in the NodePool. The default is false. - type: boolean - inPlace: - description: InPlace is the configuration for in-place upgrades. - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - MaxUnavailable is the maximum number of nodes that can be unavailable - during the update. - - - Value can be an absolute number (ex: 5) or a percentage of desired nodes - (ex: 10%). - - - Absolute number is calculated from percentage by rounding down. - - - Defaults to 1. - - - Example: when this is set to 30%, a max of 30% of the nodes can be made - unschedulable/unavailable immediately when the update starts. Once a set - of nodes is updated, more nodes can be made unschedulable for update, - ensuring that the total number of nodes schedulable at all times during - the update is at least 70% of desired nodes. - x-kubernetes-int-or-string: true - type: object - replace: - default: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - strategy: RollingUpdate - description: Replace is the configuration for rolling upgrades. - properties: - rollingUpdate: - description: |- - RollingUpdate specifies a rolling update strategy which upgrades nodes by - creating new nodes and deleting the old ones. - properties: - maxSurge: - anyOf: - - type: integer - - type: string - description: |- - MaxSurge is the maximum number of nodes that can be provisioned above the - desired number of nodes. - - - Value can be an absolute number (ex: 5) or a percentage of desired nodes - (ex: 10%). - - - Absolute number is calculated from percentage by rounding up. - - - This can not be 0 if MaxUnavailable is 0. - - - Defaults to 1. - - - Example: when this is set to 30%, new nodes can be provisioned immediately - when the rolling update starts, such that the total number of old and new - nodes do not exceed 130% of desired nodes. Once old nodes have been - deleted, new nodes can be provisioned, ensuring that total number of nodes - running at any time during the update is at most 130% of desired nodes. - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - MaxUnavailable is the maximum number of nodes that can be unavailable - during the update. - - - Value can be an absolute number (ex: 5) or a percentage of desired nodes - (ex: 10%). - - - Absolute number is calculated from percentage by rounding down. - - - This can not be 0 if MaxSurge is 0. - - - Defaults to 0. - - - Example: when this is set to 30%, old nodes can be deleted down to 70% of - desired nodes immediately when the rolling update starts. Once new nodes - are ready, more old nodes be deleted, followed by provisioning new nodes, - ensuring that the total number of nodes available at all times during the - update is at least 70% of desired nodes. - x-kubernetes-int-or-string: true - type: object - strategy: - description: Strategy is the node replacement strategy for - nodes in the pool. - enum: - - RollingUpdate - - OnDelete - type: string - type: object - upgradeType: - description: UpgradeType specifies the type of strategy for handling - upgrades. - enum: - - Replace - - InPlace - type: string - x-kubernetes-validations: - - message: UpgradeType is immutable - rule: self == oldSelf - required: - - upgradeType - type: object - nodeDrainTimeout: - description: |- - NodeDrainTimeout is the maximum amount of time that the controller will spend on draining a node. - The default value is 0, meaning that the node can be drained without any time limitations. - NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` - TODO (alberto): Today changing this field will trigger a recreate rolling update, which kind of defeats - the purpose of the change. In future we plan to propagate this field in-place. - https://github.com/kubernetes-sigs/cluster-api/issues/5880 / https://github.com/kubernetes-sigs/cluster-api/pull/10589 - type: string - nodeLabels: - additionalProperties: - type: string - description: |- - NodeLabels propagates a list of labels to Nodes, only once on creation. - Valid values are those in https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set - type: object - nodeVolumeDetachTimeout: - description: |- - NodeVolumeDetachTimeout is the maximum amount of time that the controller will spend on detaching volumes from a node. - The default value is 0, meaning that the volumes will be detached from the node without any time limitations. - After the timeout, the detachment of volumes that haven't been detached yet is skipped. - TODO (cbusse): Same comment as Alberto's for `NodeDrainTimeout`: - Today changing this field will trigger a recreate rolling update, which kind of defeats - the purpose of the change. In future we plan to propagate this field in-place. - https://github.com/kubernetes-sigs/cluster-api/issues/5880 / https://github.com/kubernetes-sigs/cluster-api/pull/10589 - type: string - pausedUntil: - description: |- - PausedUntil is a field that can be used to pause reconciliation on a resource. - Either a date can be provided in RFC3339 format or a boolean. If a date is - provided: reconciliation is paused on the resource until that date. If the boolean true is - provided: reconciliation is paused on the resource until the field is removed. - type: string - platform: - description: |- - Platform specifies the underlying infrastructure provider for the NodePool - and is used to configure platform specific behavior. - properties: - agent: - description: Agent specifies the configuration used when using - Agent platform. - properties: - agentLabelSelector: - description: |- - AgentLabelSelector contains labels that must be set on an Agent in order to - be selected for a Machine. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: object - aws: - description: AWS specifies the configuration used when operating - on AWS. - properties: - ami: - description: |- - AMI is the image id to use for node instances. If unspecified, the default - is chosen based on the NodePool release payload image. - type: string - instanceProfile: - description: InstanceProfile is the AWS EC2 instance profile, - which is a container for an IAM role that the EC2 instance - uses. - type: string - instanceType: - description: InstanceType is an ec2 instance type for node - instances (e.g. m5.large). - type: string - resourceTags: - description: |- - ResourceTags is an optional list of additional tags to apply to AWS node - instances. - - - These will be merged with HostedCluster scoped tags, and HostedCluster tags - take precedence in case of conflicts. - - - See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for - information on tagging AWS resources. AWS supports a maximum of 50 tags per - resource. OpenShift reserves 25 tags for its use, leaving 25 tags available - for the user. - items: - description: AWSResourceTag is a tag to apply to AWS resources - created for the cluster. - properties: - key: - description: Key is the key of the tag. - maxLength: 128 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - value: - description: |- - Value is the value of the tag. - - - Some AWS service do not support empty values. Since tags are added to - resources in many services, the length of the tag value must meet the - requirements of all services. - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - required: - - key - - value - type: object - maxItems: 25 - type: array - rootVolume: - description: RootVolume specifies configuration for the root - volume of node instances. - properties: - encrypted: - description: Encrypted is whether the volume should be - encrypted or not. - type: boolean - x-kubernetes-validations: - - message: Encrypted is immutable - rule: self == oldSelf - encryptionKey: - description: |- - EncryptionKey is the KMS key to use to encrypt the volume. Can be either a KMS key ID or ARN. - If Encrypted is set and this is omitted, the default AWS key will be used. - The key must already exist and be accessible by the controller. - type: string - iops: - description: |- - IOPS is the number of IOPS requested for the disk. This is only valid - for type io1. - format: int64 - type: integer - size: - description: |- - Size specifies size (in Gi) of the storage device. - - - Must be greater than the image snapshot size or 8 (whichever is greater). - format: int64 - minimum: 8 - type: integer - type: - description: Type is the type of the volume. - type: string - required: - - size - - type - type: object - securityGroups: - description: |- - SecurityGroups is an optional set of security groups to associate with node - instances. - items: - description: |- - AWSResourceReference is a reference to a specific AWS resource by ID or filters. - Only one of ID or Filters may be specified. Specifying more than one will result in - a validation error. - properties: - filters: - description: |- - Filters is a set of key/value pairs used to identify a resource - They are applied according to the rules defined by the AWS API: - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html - items: - description: Filter is a filter used to identify an - AWS resource - properties: - name: - description: Name of the filter. Filter names - are case-sensitive. - type: string - values: - description: Values includes one or more filter - values. Filter values are case-sensitive. - items: - type: string - type: array - required: - - name - - values - type: object - type: array - id: - description: ID of resource - type: string - type: object - type: array - subnet: - description: Subnet is the subnet to use for node instances. - properties: - filters: - description: |- - Filters is a set of key/value pairs used to identify a resource - They are applied according to the rules defined by the AWS API: - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html - items: - description: Filter is a filter used to identify an - AWS resource - properties: - name: - description: Name of the filter. Filter names are - case-sensitive. - type: string - values: - description: Values includes one or more filter - values. Filter values are case-sensitive. - items: - type: string - type: array - required: - - name - - values - type: object - type: array - id: - description: ID of resource - type: string - type: object - x-kubernetes-validations: - - message: subnet is invalid, a valid subnet id or filters - must be set, but not both - rule: 'has(self.id) && self.id.startsWith(''subnet-'') ? - !has(self.filters) : size(self.filters) > 0' - tenancy: - description: |- - Tenancy indicates if instance should run on shared or single-tenant hardware. - - - Possible values: - default: NodePool instances run on shared hardware. - dedicated: Each NodePool instance runs on single-tenant hardware. - host: NodePool instances run on user's pre-allocated dedicated hosts. - enum: - - default - - dedicated - - host - type: string - required: - - instanceType - - subnet - type: object - azure: - properties: - availabilityZone: - description: |- - AvailabilityZone is the failure domain identifier where the VM should be attached to. This must not be specified - for clusters in a location that does not support AvailabilityZone. - type: string - diagnostics: - description: |- - Diagnostics specifies the diagnostics settings for a virtual machine. - If not specified, then Boot diagnostics will be disabled. - properties: - storageAccountType: - default: Disabled - description: |- - StorageAccountType determines if the storage account for storing the diagnostics data - should be disabled (Disabled), provisioned by Azure (Managed) or by the user (UserManaged). - enum: - - Managed - - UserManaged - - Disabled - type: string - storageAccountURI: - description: |- - StorageAccountURI is the URI of the user-managed storage account. - The URI typically will be `https://.blob.core.windows.net/` - but may differ if you are using Azure DNS zone endpoints. - You can find the correct endpoint by looking for the Blob Primary Endpoint in the - endpoints tab in the Azure console or with the CLI by issuing - `az storage account list --query='[].{name: name, "resource group": resourceGroup, "blob endpoint": primaryEndpoints.blob}'`. - format: uri - maxLength: 1024 - type: string - type: object - x-kubernetes-validations: - - message: storageAccountURI is required when storageAccountType - is UserManaged - rule: 'self.storageAccountType == ''UserManaged'' ? has(self.storageAccountURI) - : true' - diskEncryptionSetID: - description: |- - DiskEncryptionSetID is the ID of the DiskEncryptionSet resource to use to encrypt the OS disks for the VMs. This - needs to exist in the same subscription id listed in the Hosted Cluster, HostedCluster.Spec.Platform.Azure.SubscriptionID. - DiskEncryptionSetID should also exist in a resource group under the same subscription id and the same location - listed in the Hosted Cluster, HostedCluster.Spec.Platform.Azure.Location. - type: string - diskSizeGB: - default: 30 - description: |- - DiskSizeGB is the size in GB to assign to the OS disk - CAPZ default is 30GB, https://github.com/kubernetes-sigs/cluster-api-provider-azure/blob/b3708019a67ff19407b87d63c402af94ca4246f6/api/v1beta1/types.go#L599 - format: int32 - minimum: 16 - type: integer - diskStorageAccountType: - default: Premium_LRS - description: |- - DiskStorageAccountType is the disk storage account type to use. Valid values are: - * Standard_LRS: HDD - * StandardSSD_LRS: Standard SSD - * Premium_LRS: Premium SDD - * UltraSSD_LRS: Ultra SDD - - - Defaults to Premium_LRS. For more details, visit the Azure documentation: - https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison - enum: - - Standard_LRS - - StandardSSD_LRS - - Premium_LRS - - UltraSSD_LRS - type: string - enableEphemeralOSDisk: - description: EnableEphemeralOSDisk is a flag when set to true, - will enable ephemeral OS disk. - type: boolean - image: - description: |- - ImageID is the id of the image to boot from. If unset, the default image at the location below will be used and - is expected to exist: subscription//resourceGroups//providers/Microsoft.Compute/images/rhcos.x86_64.vhd. - The and the are expected to be the same resource group documented in the - Hosted Cluster specification respectively, HostedCluster.Spec.Platform.Azure.SubscriptionID and - HostedCluster.Spec.Platform.Azure.ResourceGroupName. - properties: - azureImageType: - description: |- - Type is the type of image data that will be provided to the Azure VM. This can be either "ImageID" or - "AzureMarketplace". - enum: - - ImageID - - AzureMarketplace - type: string - azureMarketplace: - description: AzureMarketplace contains the Azure Marketplace - image info to use to boot the Azure VMs from. - properties: - offer: - description: Offer specifies the name of a group of - related images created by the publisher. - minLength: 1 - type: string - publisher: - description: Publisher is the name of the organization - that created the image - maxLength: 50 - minLength: 3 - pattern: ^[a-z0-9][a-z0-9-_]{2,49}$ - type: string - sku: - description: |- - SKU specifies an instance of an offer, such as a major release of a distribution. - For example, 18.04-LTS, 2019-Datacenter - minLength: 1 - pattern: ^[a-z0-9-_]+$ - type: string - version: - description: |- - Version specifies the version of an image sku. The allowed formats are Major.Minor.Build or 'latest'. Major, - Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at - deployment time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a - new version becomes available. - maxLength: 32 - minLength: 1 - pattern: ^[0-9]+\.[0-9]+\.[0-9]+$ - type: string - required: - - offer - - publisher - - sku - - version - type: object - imageID: - description: ImageID is the Azure resource ID of a VHD - image to use to boot the Azure VMs from. - type: string - required: - - azureImageType - type: object - machineIdentityID: - description: |- - MachineIdentityID is a user-assigned identity assigned to the VMs used to authenticate with Azure services. This - field is expected to exist under the same resource group as HostedCluster.Spec.Platform.Azure.ResourceGroupName. This - user assigned identity is expected to have the Contributor role assigned to it and scoped to the resource group - under HostedCluster.Spec.Platform.Azure.ResourceGroupName. - - - If this field is not supplied, the Service Principal credentials will be written to a file on the disk of each VM - in order to be accessible by the cloud provider; the aforementioned credentials provided are the same ones as - HostedCluster.Spec.Platform.Azure.Credentials. However, this is less secure than using a managed identity. - type: string - subnetID: - description: |- - SubnetID is the subnet ID of an existing subnet where the nodes in the nodepool will be created. This can be a - different subnet than the one listed in the HostedCluster, HostedCluster.Spec.Platform.Azure.SubnetID, but must - exist in the same HostedCluster.Spec.Platform.Azure.VnetID and must exist under the same subscription ID, - HostedCluster.Spec.Platform.Azure.SubscriptionID. - type: string - x-kubernetes-validations: - - message: SubnetID is immutable - rule: self == oldSelf - vmsize: - description: VMSize is the Azure VM instance type to use for - the nodes being created in the nodepool. - type: string - required: - - image - - subnetID - - vmsize - type: object - ibmcloud: - description: IBMCloud defines IBMCloud specific settings for components - properties: - providerType: - description: ProviderType is a specific supported infrastructure - provider within IBM Cloud. - type: string - type: object - kubevirt: - description: Kubevirt specifies the configuration used when operating - on KubeVirt platform. - properties: - additionalNetworks: - description: AdditionalNetworks specify the extra networks - attached to the nodes - items: - description: |- - KubevirtNetwork specifies the configuration for a virtual machine - network interface - properties: - name: - description: |- - Name specify the network attached to the nodes - it is a value with the format "[namespace]/[name]" to reference the - multus network attachment definition - type: string - required: - - name - type: object - type: array - attachDefaultNetwork: - default: true - description: |- - AttachDefaultNetwork specify if the default pod network should be attached to the nodes - this can only be set to false if AdditionalNetworks are configured - type: boolean - compute: - default: - cores: 2 - memory: 8Gi - description: Compute contains values representing the virtual - hardware requested for the VM - properties: - cores: - default: 2 - description: Cores represents how many cores the guest - VM should have - format: int32 - type: integer - memory: - anyOf: - - type: integer - - type: string - default: 8Gi - description: Memory represents how much guest memory the - VM should have - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - qosClass: - default: Burstable - description: |- - QosClass If set to "Guaranteed", requests the scheduler to place the VirtualMachineInstance on a node with - limit memory and CPU, equal to be the requested values, to set the VMI as a Guaranteed QoS Class; - See here for more details: - https://kubevirt.io/user-guide/operations/node_overcommit/#requesting-the-right-qos-class-for-virtualmachineinstances - enum: - - Burstable - - Guaranteed - type: string - type: object - hostDevices: - description: |- - KubevirtHostDevices specifies the host devices (e.g. GPU devices) to be passed - from the management cluster, to the nodepool nodes - items: - properties: - count: - default: 1 - description: |- - Count is the number of instances the specified host device will be attached to each of the - NodePool's nodes. Default is 1. - minimum: 1 - type: integer - deviceName: - description: |- - DeviceName is the name of the host device that is desired to be utilized in the HostedCluster's NodePool - The device can be any supported PCI device, including GPU, either as a passthrough or a vGPU slice. - type: string - required: - - deviceName - type: object - type: array - networkInterfaceMultiqueue: - default: Enable - description: |- - NetworkInterfaceMultiQueue If set to "Enable", virtual network interfaces configured with a virtio bus will also - enable the vhost multiqueue feature for network devices. The number of queues created depends on additional - factors of the VirtualMachineInstance, like the number of guest CPUs. - enum: - - Enable - - Disable - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the kubevirt VirtualMachine to fit on a node. - Selector which must match a node's labels for the VM to be scheduled on that node. More info: - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - rootVolume: - default: - persistent: - size: 32Gi - type: Persistent - description: RootVolume represents values associated with - the VM volume that will host rhcos - properties: - cacheStrategy: - description: CacheStrategy defines the boot image caching - strategy. Default - no caching - properties: - type: - default: None - description: Type is the type of the caching strategy - enum: - - None - - PVC - type: string - required: - - type - type: object - diskImage: - description: Image represents what rhcos image to use - for the node pool - properties: - containerDiskImage: - description: ContainerDiskImage is a string representing - the container image that holds the root disk - type: string - type: object - persistent: - description: |- - Persistent volume type means the VM's storage is backed by a PVC - VMs that use persistent volumes can survive disruption events like restart and eviction - This is the default type used when no storage type is defined. - properties: - accessModes: - description: |- - AccessModes is an array that contains the desired Access Modes the root volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes - items: - enum: - - ReadWriteOnce - - ReadWriteMany - - ReadOnly - - ReadWriteOncePod - type: string - type: array - size: - anyOf: - - type: integer - - type: string - default: 32Gi - description: Size is the size of the persistent storage - volume - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - storageClass: - description: StorageClass is the storageClass used - for the underlying PVC that hosts the volume - type: string - volumeMode: - description: |- - VolumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - enum: - - Filesystem - - Block - type: string - type: object - type: - default: Persistent - description: Type represents the type of storage to associate - with the kubevirt VMs. - enum: - - Persistent - type: string - type: object - required: - - rootVolume - type: object - openstack: - description: OpenStack specifies the configuration used when using - OpenStack platform. - properties: - flavor: - description: Flavor is the OpenStack flavor to use for the - node instances. - type: string - imageName: - description: |- - ImageName is the OpenStack Glance image name to use for node instances. If unspecified, the default - is chosen based on the NodePool release payload image. - type: string - required: - - flavor - type: object - powervs: - description: PowerVS specifies the configuration used when using - IBMCloud PowerVS platform. - properties: - image: - description: |- - Image used for deploying the nodes. If unspecified, the default - is chosen based on the NodePool release payload image. - properties: - id: - description: ID of resource - type: string - name: - description: Name of resource - type: string - type: object - imageDeletePolicy: - default: delete - description: |- - ImageDeletePolicy is policy for the image deletion. - - - delete: delete the image from the infrastructure. - retain: delete the image from the openshift but retain in the infrastructure. - - - The default is delete - enum: - - delete - - retain - type: string - memoryGiB: - default: 32 - description: |- - MemoryGiB is the size of a virtual machine's memory, in GiB. - maximum value for the MemoryGiB depends on the selected SystemType. - when SystemType is set to e880 maximum MemoryGiB value is 7463 GiB. - when SystemType is set to e980 maximum MemoryGiB value is 15307 GiB. - when SystemType is set to s922 maximum MemoryGiB value is 942 GiB. - The minimum memory is 32 GiB. - - - When omitted, this means the user has no opinion and the platform is left to choose a reasonable - default. The current default is 32. - format: int32 - type: integer - processorType: - default: shared - description: |- - ProcessorType is the VM instance processor type. - It must be set to one of the following values: Dedicated, Capped or Shared. - - - Dedicated: resources are allocated for a specific client, The hypervisor makes a 1:1 binding of a partition’s processor to a physical processor core. - Shared: Shared among other clients. - Capped: Shared, but resources do not expand beyond those that are requested, the amount of CPU time is Capped to the value specified for the entitlement. - - - if the processorType is selected as Dedicated, then Processors value cannot be fractional. - When omitted, this means that the user has no opinion and the platform is left to choose a - reasonable default. The current default is shared. - enum: - - dedicated - - shared - - capped - type: string - processors: - anyOf: - - type: integer - - type: string - default: "0.5" - description: |- - Processors is the number of virtual processors in a virtual machine. - when the processorType is selected as Dedicated the processors value cannot be fractional. - maximum value for the Processors depends on the selected SystemType. - when SystemType is set to e880 or e980 maximum Processors value is 143. - when SystemType is set to s922 maximum Processors value is 15. - minimum value for Processors depends on the selected ProcessorType. - when ProcessorType is set as Shared or Capped, The minimum processors is 0.5. - when ProcessorType is set as Dedicated, The minimum processors is 1. - When omitted, this means that the user has no opinion and the platform is left to choose a - reasonable default. The default is set based on the selected ProcessorType. - when ProcessorType selected as Dedicated, the default is set to 1. - when ProcessorType selected as Shared or Capped, the default is set to 0.5. - x-kubernetes-int-or-string: true - storageType: - default: tier1 - description: |- - StorageType for the image and nodes, this will be ignored if Image is specified. - The storage tiers in PowerVS are based on I/O operations per second (IOPS). - It means that the performance of your storage volumes is limited to the maximum number of IOPS based on volume size and storage tier. - Although, the exact numbers might change over time, the Tier 3 storage is currently set to 3 IOPS/GB, and the Tier 1 storage is currently set to 10 IOPS/GB. - - - The default is tier1 - enum: - - tier1 - - tier3 - type: string - systemType: - default: s922 - description: |- - SystemType is the System type used to host the instance. - systemType determines the number of cores and memory that is available. - Few of the supported SystemTypes are s922,e880,e980. - e880 systemType available only in Dallas Datacenters. - e980 systemType available in Datacenters except Dallas and Washington. - When omitted, this means that the user has no opinion and the platform is left to choose a - reasonable default. The current default is s922 which is generally available. - type: string - type: object - type: - description: Type specifies the platform name. - enum: - - AWS - - None - - IBMCloud - - Agent - - KubeVirt - - Azure - - PowerVS - - OpenStack - type: string - x-kubernetes-validations: - - message: Type is immutable - rule: self == oldSelf - required: - - type - type: object - release: - description: |- - Release specifies the OCP release used for the NodePool. This informs the - ignition configuration for machines, as well as other platform specific - machine properties (e.g. an AMI on the AWS platform). - properties: - image: - description: Image is the image pullspec of an OCP release payload - image. - pattern: ^(\w+\S+)$ - type: string - required: - - image - type: object - replicas: - description: |- - Replicas is the desired number of nodes the pool should maintain. If - unset, the default value is 0. - format: int32 - type: integer - taints: - description: Taints if specified, propagates a list of taints to Nodes, - only once on creation. - items: - description: |- - Taint is as v1 Core but without TimeAdded. - https://github.com/kubernetes/kubernetes/blob/ed8cad1e80d096257921908a52ac69cf1f41a098/staging/src/k8s.io/api/core/v1/types.go#L3037-L3053 - properties: - effect: - description: |- - Required. The effect of the taint on pods - that do not tolerate the taint. - Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied to a node. - type: string - value: - description: The taint value corresponding to the taint key. - pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ - type: string - required: - - effect - - key - type: object - type: array - tuningConfig: - description: |- - TuningConfig is a list of references to ConfigMaps containing serialized - Tuned or PerformanceProfile resources to define the tuning configuration to be applied to - nodes in the NodePool. The Tuned API is defined here: - - - https://github.com/openshift/cluster-node-tuning-operator/blob/2c76314fb3cc8f12aef4a0dcd67ddc3677d5b54f/pkg/apis/tuned/v1/tuned_types.go - - - The PerformanceProfile API is defined here: - https://github.com/openshift/cluster-node-tuning-operator/tree/b41042d42d4ba5bb2e99960248cf1d6ae4935018/pkg/apis/performanceprofile/v2 - - - Each ConfigMap must have a single key named "tuning" whose value is the - JSON or YAML of a serialized Tuned or PerformanceProfile. - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. - type: string - type: object - x-kubernetes-map-type: atomic - type: array - required: - - clusterName - - management - - platform - - release - type: object - x-kubernetes-validations: - - message: Arch is required once set - rule: '!has(oldSelf.arch) || has(self.arch)' - - message: Setting Arch to arm64 is only supported for AWS and Azure - rule: self.arch != 'arm64' || has(self.platform.aws) || has(self.platform.azure) - - message: Both replicas or autoScaling should not be set - rule: '!has(self.replicas) || !has(self.autoScaling)' - status: - description: Status is the latest observed status of the NodePool. - properties: - conditions: - description: |- - Conditions represents the latest available observations of the node pool's - current state. - items: - description: |- - We define our own condition type since metav1.Condition has validation - for Reason that might be broken by what we bubble up from CAPI. - NodePoolCondition defines an observation of NodePool resource operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - observedGeneration: - format: int64 - minimum: 0 - type: integer - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - platform: - description: Platform hols the specific statuses - properties: - kubeVirt: - description: KubeVirt contains the KubeVirt platform statuses - properties: - cacheName: - description: CacheName holds the name of the cache DataVolume, - if exists - type: string - credentials: - description: |- - Credentials shows the client credentials used when creating KubeVirt virtual machines. - This filed is only exists when the KubeVirt virtual machines are being placed - on a cluster separate from the one hosting the Hosted Control Plane components. - - - The default behavior when Credentials is not defined is for the KubeVirt VMs to be placed on - the same cluster and namespace as the Hosted Control Plane. - properties: - infraKubeConfigSecret: - description: |- - InfraKubeConfigSecret is a reference to a secret that contains the kubeconfig for the external infra cluster - that will be used to host the KubeVirt virtual machines for this cluster. - properties: - key: - type: string - name: - type: string - required: - - key - - name - type: object - x-kubernetes-validations: - - message: infraKubeConfigSecret is immutable - rule: self == oldSelf - infraNamespace: - description: |- - InfraNamespace defines the namespace on the external infra cluster that is used to host the KubeVirt - virtual machines. This namespace must already exist before creating the HostedCluster and the kubeconfig - referenced in the InfraKubeConfigSecret must have access to manage the required resources within this - namespace. - type: string - x-kubernetes-validations: - - message: infraNamespace is immutable - rule: self == oldSelf - required: - - infraNamespace - type: object - type: object - type: object - replicas: - description: Replicas is the latest observed number of nodes in the - pool. - format: int32 - type: integer - version: - description: |- - Version is the semantic version of the latest applied release specified by - the NodePool. - type: string - type: object - type: object - served: true - storage: true - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-openstackclusters.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-openstackclusters.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index c030af5ae..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-openstackclusters.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,2300 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - labels: - cluster.x-k8s.io/v1beta1: v1beta1 - name: openstackclusters.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: OpenStackCluster - listKind: OpenStackClusterList - plural: openstackclusters - shortNames: - - osc - singular: openstackcluster - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster to which this OpenStackCluster belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - description: Cluster infrastructure is ready for OpenStack instances - jsonPath: .status.ready - name: Ready - type: string - - description: Network the cluster is using - jsonPath: .status.network.id - name: Network - type: string - - description: API Endpoint - jsonPath: .spec.controlPlaneEndpoint.host - name: Endpoint - priority: 1 - type: string - - description: Bastion address for breakglass access - jsonPath: .status.bastion.floatingIP - name: Bastion IP - type: string - - description: Time duration since creation of OpenStackCluster - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: OpenStackCluster is the Schema for the openstackclusters API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: OpenStackClusterSpec defines the desired state of OpenStackCluster. - properties: - apiServerFixedIP: - description: |- - APIServerFixedIP is the fixed IP which will be associated with the API server. - In the case where the API server has a floating IP but not a managed load balancer, - this field is not used. - If a managed load balancer is used and this field is not specified, a fixed IP will - be dynamically allocated for the load balancer. - If a managed load balancer is not used AND the API server floating IP is disabled, - this field MUST be specified and should correspond to a pre-allocated port that - holds the fixed IP to be used as a VIP. - type: string - apiServerFloatingIP: - description: |- - APIServerFloatingIP is the floatingIP which will be associated with the API server. - The floatingIP will be created if it does not already exist. - If not specified, a new floatingIP is allocated. - This field is not used if DisableAPIServerFloatingIP is set to true. - type: string - apiServerLoadBalancer: - description: |- - APIServerLoadBalancer configures the optional LoadBalancer for the APIServer. - If not specified, no load balancer will be created for the API server. - properties: - additionalPorts: - description: AdditionalPorts adds additional tcp ports to the - load balancer. - items: - type: integer - type: array - x-kubernetes-list-type: set - allowedCIDRs: - description: AllowedCIDRs restrict access to all API-Server listeners - to the given address CIDRs. - items: - type: string - type: array - x-kubernetes-list-type: set - availabilityZone: - description: AvailabilityZone is the failure domain that will - be used to create the APIServerLoadBalancer Spec. - type: string - enabled: - default: true - description: |- - Enabled defines whether a load balancer should be created. This value - defaults to true if an APIServerLoadBalancer is given. - - - There is no reason to set this to false. To disable creation of the - API server loadbalancer, omit the APIServerLoadBalancer field in the - cluster spec instead. - type: boolean - network: - description: Network defines which network should the load balancer - be allocated on. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an OpenStack - network. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network to use. If ID is - provided, the other filters cannot be provided. Must be - in UUID format. - format: uuid - type: string - type: object - provider: - description: |- - Provider specifies name of a specific Octavia provider to use for the - API load balancer. The Octavia default will be used if it is not - specified. - type: string - subnets: - description: |- - Subnets define which subnets should the load balancer be allocated on. - It is expected that subnets are located on the network specified in this resource. - Only the first element is taken into account. - kubebuilder:validation:MaxLength:=2 - items: - description: SubnetParam specifies an OpenStack subnet to use. - It may be specified by either ID or filter, but not both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select the subnet. - It must match exactly one subnet. - minProperties: 1 - properties: - cidr: - type: string - description: - type: string - gatewayIP: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RAMode: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the subnet. It will not be - validated. - format: uuid - type: string - type: object - type: array - x-kubernetes-list-type: atomic - required: - - enabled - type: object - apiServerPort: - description: |- - APIServerPort is the port on which the listener on the APIServer - will be created - type: integer - bastion: - description: |- - Bastion is the OpenStack instance to login the nodes - - - As a rolling update is not ideal during a bastion host session, we - prevent changes to a running bastion configuration. To make changes, it's required - to first set `enabled: false` which will remove the bastion and then changes can be made. - properties: - availabilityZone: - description: AvailabilityZone is the failure domain that will - be used to create the Bastion Spec. - type: string - enabled: - default: true - description: |- - Enabled means that bastion is enabled. The bastion is enabled by - default if this field is not specified. Set this field to false to disable the - bastion. - - - It is not currently possible to remove the bastion from the cluster - spec without first disabling it by setting this field to false and - waiting until the bastion has been deleted. - type: boolean - floatingIP: - description: |- - FloatingIP which will be associated to the bastion machine. It's the IP address, not UUID. - The floating IP should already exist and should not be associated with a port. If FIP of this address does not - exist, CAPO will try to create it, but by default only OpenStack administrators have privileges to do so. - format: ipv4 - type: string - spec: - description: Spec for the bastion itself - properties: - additionalBlockDevices: - description: AdditionalBlockDevices is a list of specifications - for additional block devices to attach to the server instance - items: - description: AdditionalBlockDevice is a block device to - attach to the server. - properties: - name: - description: |- - Name of the block device in the context of a machine. - If the block device is a volume, the Cinder volume will be named - as a combination of the machine name and this name. - Also, this name will be used for tagging the block device. - Information about the block device tag can be obtained from the OpenStack - metadata API or the config drive. - Name cannot be 'root', which is reserved for the root volume. - type: string - sizeGiB: - description: SizeGiB is the size of the block device - in gibibytes (GiB). - minimum: 1 - type: integer - storage: - description: |- - Storage specifies the storage type of the block device and - additional storage options. - properties: - type: - description: |- - Type is the type of block device to create. - This can be either "Volume" or "Local". - type: string - volume: - description: Volume contains additional storage - options for a volume block device. - properties: - availabilityZone: - description: |- - AvailabilityZone is the volume availability zone to create the volume - in. If not specified, the volume will be created without an explicit - availability zone. - properties: - from: - default: Name - description: |- - From specifies where we will obtain the availability zone for the - volume. The options are "Name" and "Machine". If "Name" is specified - then the Name field must also be specified. If "Machine" is specified - the volume will use the value of FailureDomain, if any, from the - associated Machine. - enum: - - Name - - Machine - type: string - name: - description: |- - Name is the name of a volume availability zone to use. It is required - if From is "Name". The volume availability zone name may not contain - spaces. - minLength: 1 - pattern: ^[^ ]+$ - type: string - type: object - x-kubernetes-validations: - - message: name is required when from is 'Name' - or default - rule: '!has(self.from) || self.from == ''Name'' - ? has(self.name) : !has(self.name)' - type: - description: |- - Type is the Cinder volume type of the volume. - If omitted, the default Cinder volume type that is configured in the OpenStack cloud - will be used. - type: string - type: object - required: - - type - type: object - required: - - name - - sizeGiB - - storage - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - configDrive: - description: Config Drive support - type: boolean - flavor: - description: The flavor reference for the flavor for your - server instance. - type: string - floatingIPPoolRef: - description: |- - floatingIPPoolRef is a reference to a IPPool that will be assigned - to an IPAddressClaim. Once the IPAddressClaim is fulfilled, the FloatingIP - will be assigned to the OpenStackMachine. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - identityRef: - description: |- - IdentityRef is a reference to a secret holding OpenStack credentials - to be used when reconciling this machine. If not specified, the - credentials specified in the cluster will be used. - properties: - cloudName: - description: CloudName specifies the name of the entry - in the clouds.yaml file to use. - type: string - name: - description: |- - Name is the name of a secret in the same namespace as the resource being provisioned. - The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file. - The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate. - type: string - required: - - cloudName - - name - type: object - image: - description: |- - The image to use for your server instance. - If the rootVolume is specified, this will be used when creating the root volume. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: |- - Filter describes a query for an image. If specified, the combination - of name and tags must return a single matching image or an error will - be raised. - minProperties: 1 - properties: - name: - description: The name of the desired image. If specified, - the combination of name and tags must return a single - matching image or an error will be raised. - type: string - tags: - description: The tags associated with the desired - image. If specified, the combination of name and - tags must return a single matching image or an error - will be raised. - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the image. ID will not - be validated before use. - format: uuid - type: string - type: object - ports: - description: |- - Ports to be attached to the server instance. They are created if a port with the given name does not already exist. - If not specified a default port will be added for the default cluster network. - items: - properties: - adminStateUp: - description: AdminStateUp specifies whether the port - should be created in the up (true) or down (false) - state. The default is up. - type: boolean - allowedAddressPairs: - description: |- - AllowedAddressPairs is a list of address pairs which Neutron will - allow the port to send traffic from in addition to the port's - addresses. If not specified, the MAC Address will be the MAC Address - of the port. Depending on the configuration of Neutron, it may be - supported to specify a CIDR instead of a specific IP address. - items: - properties: - ipAddress: - description: |- - IPAddress is the IP address of the allowed address pair. Depending on - the configuration of Neutron, it may be supported to specify a CIDR - instead of a specific IP address. - type: string - macAddress: - description: |- - MACAddress is the MAC address of the allowed address pair. If not - specified, the MAC address will be the MAC address of the port. - type: string - required: - - ipAddress - type: object - type: array - description: - description: Description is a human-readable description - for the port. - type: string - disablePortSecurity: - description: |- - DisablePortSecurity enables or disables the port security when set. - When not set, it takes the value of the corresponding field at the network level. - type: boolean - fixedIPs: - description: FixedIPs is a list of pairs of subnet and/or - IP address to assign to the port. If specified, these - must be subnets of the port's network. - items: - properties: - ipAddress: - description: |- - IPAddress is a specific IP address to assign to the port. If Subnet - is also specified, IPAddress must be a valid IP address in the - subnet. If Subnet is not specified, IPAddress must be a valid IP - address in any subnet of the port's network. - type: string - subnet: - description: |- - Subnet is an openstack subnet query that will return the id of a subnet to create - the fixed IP of a port in. This query must not return more than one subnet. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to - select the subnet. It must match exactly - one subnet. - minProperties: 1 - properties: - cidr: - type: string - description: - type: string - gatewayIP: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RAMode: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the subnet. - It will not be validated. - format: uuid - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - hostID: - description: HostID specifies the ID of the host where - the port resides. - type: string - macAddress: - description: MACAddress specifies the MAC address of - the port. If not specified, the MAC address will be - generated. - type: string - nameSuffix: - description: NameSuffix will be appended to the name - of the port if specified. If unspecified, instead - the 0-based index of the port in the list is used. - type: string - network: - description: |- - Network is a query for an openstack network that the port will be created or discovered on. - This will fail if the query returns more than one network. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select - an OpenStack network. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network to use. - If ID is provided, the other filters cannot be - provided. Must be in UUID format. - format: uuid - type: string - type: object - profile: - description: |- - Profile is a set of key-value pairs that are used for binding - details. We intentionally don't expose this as a map[string]string - because we only want to enable the users to set the values of the - keys that are known to work in OpenStack Networking API. See - https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port - To set profiles, your tenant needs permissions rule:create_port, and - rule:create_port:binding:profile - properties: - ovsHWOffload: - description: OVSHWOffload enables or disables the - OVS hardware offload feature. - type: boolean - trustedVF: - description: TrustedVF enables or disables the “trusted - mode” for the VF. - type: boolean - type: object - propagateUplinkStatus: - description: PropageteUplinkStatus enables or disables - the propagate uplink status on the port. - type: boolean - securityGroups: - description: SecurityGroups is a list of the names, - uuids, filters or any combination these of the security - groups to assign to the instance. - items: - description: SecurityGroupParam specifies an OpenStack - security group. It may be specified by ID or filter, - but not both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query to select - an OpenStack security group. If provided, cannot - be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the security group - to use. If ID is provided, the other filters - cannot be provided. Must be in UUID format. - format: uuid - type: string - type: object - type: array - x-kubernetes-list-type: atomic - tags: - description: |- - Tags applied to the port (and corresponding trunk, if a trunk is configured.) - These tags are applied in addition to the instance's tags, which will also be applied to the port. - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: |- - Trunk specifies whether trunking is enabled at the port level. If not - provided the value is inherited from the machine, or false for a - bastion host. - type: boolean - valueSpecs: - description: |- - Value specs are extra parameters to include in the API request with OpenStack. - This is an extension point for the API, so what they do and if they are supported, - depends on the specific OpenStack implementation. - items: - description: ValueSpec represents a single value_spec - key-value pair. - properties: - key: - description: Key is the key in the key-value pair. - type: string - name: - description: |- - Name is the name of the key-value pair. - This is just for identifying the pair and will not be sent to the OpenStack API. - type: string - value: - description: Value is the value in the key-value - pair. - type: string - required: - - key - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - vnicType: - description: |- - VNICType specifies the type of vNIC which this port should be - attached to. This is used to determine which mechanism driver(s) to - be used to bind the port. The valid values are normal, macvtap, - direct, baremetal, direct-physical, virtio-forwarder, smart-nic and - remote-managed, although these values will not be validated in this - API to ensure compatibility with future neutron changes or custom - implementations. What type of vNIC is actually available depends on - deployments. If not specified, the Neutron default value is used. - type: string - type: object - type: array - providerID: - description: ProviderID is the unique identifier as specified - by the cloud provider. - type: string - rootVolume: - description: The volume metadata to boot from - properties: - availabilityZone: - description: |- - AvailabilityZone is the volume availability zone to create the volume - in. If not specified, the volume will be created without an explicit - availability zone. - properties: - from: - default: Name - description: |- - From specifies where we will obtain the availability zone for the - volume. The options are "Name" and "Machine". If "Name" is specified - then the Name field must also be specified. If "Machine" is specified - the volume will use the value of FailureDomain, if any, from the - associated Machine. - enum: - - Name - - Machine - type: string - name: - description: |- - Name is the name of a volume availability zone to use. It is required - if From is "Name". The volume availability zone name may not contain - spaces. - minLength: 1 - pattern: ^[^ ]+$ - type: string - type: object - x-kubernetes-validations: - - message: name is required when from is 'Name' or default - rule: '!has(self.from) || self.from == ''Name'' ? has(self.name) - : !has(self.name)' - sizeGiB: - description: SizeGiB is the size of the block device in - gibibytes (GiB). - minimum: 1 - type: integer - type: - description: |- - Type is the Cinder volume type of the volume. - If omitted, the default Cinder volume type that is configured in the OpenStack cloud - will be used. - type: string - required: - - sizeGiB - type: object - securityGroups: - description: The names of the security groups to assign to - the instance - items: - description: SecurityGroupParam specifies an OpenStack security - group. It may be specified by ID or filter, but not both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query to select an OpenStack - security group. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the security group to use. - If ID is provided, the other filters cannot be provided. - Must be in UUID format. - format: uuid - type: string - type: object - type: array - serverGroup: - description: The server group to assign the machine to. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query to select an OpenStack - server group. If provided, it cannot be empty. - minProperties: 1 - properties: - name: - description: Name is the name of a server group to - look for. - type: string - type: object - id: - description: ID is the ID of the server group to use. - format: uuid - type: string - type: object - serverMetadata: - description: Metadata mapping. Allows you to create a map - of key value pairs to add to the server instance. - items: - properties: - key: - description: Key is the server metadata key - maxLength: 255 - type: string - value: - description: Value is the server metadata value - maxLength: 255 - type: string - required: - - key - - value - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - sshKeyName: - description: The ssh key to inject in the instance - type: string - tags: - description: |- - Tags which will be added to the machine and all dependent resources - which support them. These are in addition to Tags defined on the - cluster. - Requires Nova api 2.52 minimum! - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: Whether the server instance is created on a trunk - port or not. - type: boolean - required: - - flavor - - image - type: object - type: object - x-kubernetes-validations: - - message: spec is required if bastion is enabled - rule: '!self.enabled || has(self.spec)' - controlPlaneAvailabilityZones: - description: |- - ControlPlaneAvailabilityZones is the set of availability zones which - control plane machines may be deployed to. - items: - type: string - type: array - x-kubernetes-list-type: set - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. - It is normally populated automatically by the OpenStackCluster - controller during cluster provisioning. If it is set on creation the - control plane endpoint will use the values set here in preference to - values set elsewhere. - ControlPlaneEndpoint cannot be modified after ControlPlaneEndpoint.Host has been set. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - controlPlaneOmitAvailabilityZone: - description: |- - ControlPlaneOmitAvailabilityZone causes availability zone to be - omitted when creating control plane nodes, allowing the Nova - scheduler to make a decision on which availability zone to use based - on other scheduling constraints - type: boolean - disableAPIServerFloatingIP: - description: |- - DisableAPIServerFloatingIP determines whether or not to attempt to attach a floating - IP to the API server. This allows for the creation of clusters when attaching a floating - IP to the API server (and hence, in many cases, exposing the API server to the internet) - is not possible or desirable, e.g. if using a shared VLAN for communication between - management and workload clusters or when the management cluster is inside the - project network. - This option requires that the API server use a VIP on the cluster network so that the - underlying machines can change without changing ControlPlaneEndpoint.Host. - When using a managed load balancer, this VIP will be managed automatically. - If not using a managed load balancer, cluster configuration will fail without additional - configuration to manage the VIP on the control plane machines, which falls outside of - the scope of this controller. - type: boolean - disableExternalNetwork: - description: |- - DisableExternalNetwork specifies whether or not to attempt to connect the cluster - to an external network. This allows for the creation of clusters when connecting - to an external network is not possible or desirable, e.g. if using a provider network. - type: boolean - disablePortSecurity: - description: |- - DisablePortSecurity disables the port security of the network created for the - Kubernetes cluster, which also disables SecurityGroups - type: boolean - externalNetwork: - description: |- - ExternalNetwork is the OpenStack Network to be used to get public internet to the VMs. - This option is ignored if DisableExternalNetwork is set to true. - - - If ExternalNetwork is defined it must refer to exactly one external network. - - - If ExternalNetwork is not defined or is empty the controller will use any - existing external network as long as there is only one. It is an - error if ExternalNetwork is not defined and there are multiple - external networks unless DisableExternalNetwork is also set. - - - If ExternalNetwork is not defined and there are no external networks - the controller will proceed as though DisableExternalNetwork was set. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an OpenStack - network. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network to use. If ID is provided, - the other filters cannot be provided. Must be in UUID format. - format: uuid - type: string - type: object - externalRouterIPs: - description: |- - ExternalRouterIPs is an array of externalIPs on the respective subnets. - This is necessary if the router needs a fixed ip in a specific subnet. - items: - properties: - fixedIP: - description: The FixedIP in the corresponding subnet - type: string - subnet: - description: The subnet in which the FixedIP is used for the - Gateway of this router - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select the subnet. - It must match exactly one subnet. - minProperties: 1 - properties: - cidr: - type: string - description: - type: string - gatewayIP: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RAMode: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the subnet. It will not be - validated. - format: uuid - type: string - type: object - required: - - subnet - type: object - type: array - x-kubernetes-list-type: atomic - identityRef: - description: |- - IdentityRef is a reference to a secret holding OpenStack credentials - to be used when reconciling this cluster. It is also to reconcile - machines unless overridden in the machine spec. - properties: - cloudName: - description: CloudName specifies the name of the entry in the - clouds.yaml file to use. - type: string - name: - description: |- - Name is the name of a secret in the same namespace as the resource being provisioned. - The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file. - The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate. - type: string - required: - - cloudName - - name - type: object - managedSecurityGroups: - description: |- - ManagedSecurityGroups determines whether OpenStack security groups for the cluster - will be managed by the OpenStack provider or whether pre-existing security groups will - be specified as part of the configuration. - By default, the managed security groups have rules that allow the Kubelet, etcd, and the - Kubernetes API server to function correctly. - It's possible to add additional rules to the managed security groups. - When defined to an empty struct, the managed security groups will be created with the default rules. - properties: - allNodesSecurityGroupRules: - description: allNodesSecurityGroupRules defines the rules that - should be applied to all nodes. - items: - description: |- - SecurityGroupRuleSpec represent the basic information of the associated OpenStack - Security Group Role. - For now this is only used for the allNodesSecurityGroupRules but when we add - other security groups, we'll need to add a validation because - Remote* fields are mutually exclusive. - properties: - description: - description: description of the security group rule. - type: string - direction: - description: |- - direction in which the security group rule is applied. The only values - allowed are "ingress" or "egress". For a compute instance, an ingress - security group rule is applied to incoming (ingress) traffic for that - instance. An egress rule is applied to traffic leaving the instance. - type: string - etherType: - description: |- - etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the - ingress or egress rules. - type: string - name: - description: |- - name of the security group rule. - It's used to identify the rule so it can be patched and will not be sent to the OpenStack API. - type: string - portRangeMax: - description: |- - portRangeMax is a number in the range that is matched by the security group - rule. The portRangeMin attribute constrains the portRangeMax attribute. - type: integer - portRangeMin: - description: |- - portRangeMin is a number in the range that is matched by the security group - rule. If the protocol is TCP or UDP, this value must be less than or equal - to the value of the portRangeMax attribute. - type: integer - protocol: - description: protocol is the protocol that is matched by - the security group rule. - type: string - remoteGroupID: - description: |- - remoteGroupID is the remote group ID to be associated with this security group rule. - You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups. - type: string - remoteIPPrefix: - description: |- - remoteIPPrefix is the remote IP prefix to be associated with this security group rule. - You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups. - type: string - remoteManagedGroups: - description: |- - remoteManagedGroups is the remote managed groups to be associated with this security group rule. - You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups. - items: - enum: - - bastion - - controlplane - - worker - type: string - type: array - required: - - direction - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - allowAllInClusterTraffic: - default: false - description: AllowAllInClusterTraffic allows all ingress and egress - traffic between cluster nodes when set to true. - type: boolean - required: - - allowAllInClusterTraffic - type: object - managedSubnets: - description: |- - ManagedSubnets describe OpenStack Subnets to be created. Cluster actuator will create a network, - subnets with the defined CIDR, and a router connected to these subnets. Currently only one IPv4 - subnet is supported. If you leave this empty, no network will be created. - items: - properties: - allocationPools: - description: |- - AllocationPools is an array of AllocationPool objects that will be applied to OpenStack Subnet being created. - If set, OpenStack will only allocate these IPs for Machines. It will still be possible to create ports from - outside of these ranges manually. - items: - properties: - end: - description: End represents the end of the AlloctionPool, - that is the highest IP of the pool. - type: string - start: - description: Start represents the start of the AllocationPool, - that is the lowest IP of the pool. - type: string - required: - - end - - start - type: object - type: array - cidr: - description: |- - CIDR is representing the IP address range used to create the subnet, e.g. 10.0.0.0/24. - This field is required when defining a subnet. - type: string - dnsNameservers: - description: |- - DNSNameservers holds a list of DNS server addresses that will be provided when creating - the subnet. These addresses need to have the same IP version as CIDR. - items: - type: string - type: array - required: - - cidr - type: object - maxItems: 1 - type: array - x-kubernetes-list-type: atomic - network: - description: |- - Network specifies an existing network to use if no ManagedSubnets - are specified. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an OpenStack - network. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network to use. If ID is provided, - the other filters cannot be provided. Must be in UUID format. - format: uuid - type: string - type: object - networkMTU: - description: |- - NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID. - This value will be used only if the Cluster actuator creates the network. - If left empty, the network will have the default MTU defined in Openstack network service. - To use this field, the Openstack installation requires the net-mtu neutron API extension. - type: integer - router: - description: |- - Router specifies an existing router to be used if ManagedSubnets are - specified. If specified, no new router will be created. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an OpenStack - router. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the router to use. If ID is provided, - the other filters cannot be provided. Must be in UUID format. - format: uuid - type: string - type: object - subnets: - description: |- - Subnets specifies existing subnets to use if not ManagedSubnets are - specified. All subnets must be in the network specified by Network. - There can be zero, one, or two subnets. If no subnets are specified, - all subnets in Network will be used. If 2 subnets are specified, one - must be IPv4 and the other IPv6. - items: - description: SubnetParam specifies an OpenStack subnet to use. It - may be specified by either ID or filter, but not both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select the subnet. - It must match exactly one subnet. - minProperties: 1 - properties: - cidr: - type: string - description: - type: string - gatewayIP: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RAMode: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the subnet. It will not be validated. - format: uuid - type: string - type: object - maxItems: 2 - type: array - x-kubernetes-list-type: atomic - tags: - description: Tags to set on all resources in cluster which support - tags - items: - type: string - type: array - x-kubernetes-list-type: set - required: - - identityRef - type: object - status: - description: OpenStackClusterStatus defines the observed state of OpenStackCluster. - properties: - apiServerLoadBalancer: - description: APIServerLoadBalancer describes the api server load balancer - if one exists - properties: - allowedCIDRs: - items: - type: string - type: array - id: - type: string - internalIP: - type: string - ip: - type: string - loadBalancerNetwork: - description: |- - LoadBalancerNetwork contains information about network and/or subnets which the - loadbalancer is allocated on. - If subnets are specified within the LoadBalancerNetwork currently only the first - subnet in the list is taken into account. - properties: - id: - type: string - name: - type: string - subnets: - description: Subnets is a list of subnets associated with - the default cluster network. Machines which use the default - cluster network will get an address from all of these subnets. - items: - description: Subnet represents basic information about the - associated OpenStack Neutron Subnet. - properties: - cidr: - type: string - id: - type: string - name: - type: string - tags: - items: - type: string - type: array - required: - - cidr - - id - - name - type: object - type: array - tags: - items: - type: string - type: array - required: - - id - - name - type: object - name: - type: string - tags: - items: - type: string - type: array - required: - - id - - internalIP - - ip - - name - type: object - bastion: - description: Bastion contains the information about the deployed bastion - host - properties: - floatingIP: - type: string - id: - type: string - ip: - type: string - name: - type: string - resolved: - description: |- - Resolved contains parts of the bastion's machine spec with all - external references fully resolved. - properties: - imageID: - description: ImageID is the ID of the image to use for the - machine and is calculated based on ImageFilter. - type: string - ports: - description: Ports is the fully resolved list of ports to - create for the machine. - items: - description: ResolvedPortSpec is a PortOpts with all contained - references fully resolved. - properties: - adminStateUp: - description: AdminStateUp specifies whether the port - should be created in the up (true) or down (false) - state. The default is up. - type: boolean - allowedAddressPairs: - description: |- - AllowedAddressPairs is a list of address pairs which Neutron will - allow the port to send traffic from in addition to the port's - addresses. If not specified, the MAC Address will be the MAC Address - of the port. Depending on the configuration of Neutron, it may be - supported to specify a CIDR instead of a specific IP address. - items: - properties: - ipAddress: - description: |- - IPAddress is the IP address of the allowed address pair. Depending on - the configuration of Neutron, it may be supported to specify a CIDR - instead of a specific IP address. - type: string - macAddress: - description: |- - MACAddress is the MAC address of the allowed address pair. If not - specified, the MAC address will be the MAC address of the port. - type: string - required: - - ipAddress - type: object - type: array - description: - description: Description is a human-readable description - for the port. - type: string - disablePortSecurity: - description: |- - DisablePortSecurity enables or disables the port security when set. - When not set, it takes the value of the corresponding field at the network level. - type: boolean - fixedIPs: - description: FixedIPs is a list of pairs of subnet and/or - IP address to assign to the port. If specified, these - must be subnets of the port's network. - items: - description: ResolvedFixedIP is a FixedIP with the - Subnet resolved to an ID. - properties: - ipAddress: - description: |- - IPAddress is a specific IP address to assign to the port. If SubnetID - is also specified, IPAddress must be a valid IP address in the - subnet. If Subnet is not specified, IPAddress must be a valid IP - address in any subnet of the port's network. - type: string - subnet: - description: SubnetID is the id of a subnet to - create the fixed IP of a port in. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - hostID: - description: HostID specifies the ID of the host where - the port resides. - type: string - macAddress: - description: MACAddress specifies the MAC address of - the port. If not specified, the MAC address will be - generated. - type: string - name: - description: Name is the name of the port. - type: string - networkID: - description: NetworkID is the ID of the network the - port will be created in. - type: string - profile: - description: |- - Profile is a set of key-value pairs that are used for binding - details. We intentionally don't expose this as a map[string]string - because we only want to enable the users to set the values of the - keys that are known to work in OpenStack Networking API. See - https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port - To set profiles, your tenant needs permissions rule:create_port, and - rule:create_port:binding:profile - properties: - ovsHWOffload: - description: OVSHWOffload enables or disables the - OVS hardware offload feature. - type: boolean - trustedVF: - description: TrustedVF enables or disables the “trusted - mode” for the VF. - type: boolean - type: object - propagateUplinkStatus: - description: PropageteUplinkStatus enables or disables - the propagate uplink status on the port. - type: boolean - securityGroups: - description: SecurityGroups is a list of security group - IDs to assign to the port. - items: - type: string - type: array - x-kubernetes-list-type: atomic - tags: - description: Tags applied to the port (and corresponding - trunk, if a trunk is configured.) - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: Trunk specifies whether trunking is enabled - at the port level. - type: boolean - valueSpecs: - description: |- - Value specs are extra parameters to include in the API request with OpenStack. - This is an extension point for the API, so what they do and if they are supported, - depends on the specific OpenStack implementation. - items: - description: ValueSpec represents a single value_spec - key-value pair. - properties: - key: - description: Key is the key in the key-value pair. - type: string - name: - description: |- - Name is the name of the key-value pair. - This is just for identifying the pair and will not be sent to the OpenStack API. - type: string - value: - description: Value is the value in the key-value - pair. - type: string - required: - - key - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - vnicType: - description: |- - VNICType specifies the type of vNIC which this port should be - attached to. This is used to determine which mechanism driver(s) to - be used to bind the port. The valid values are normal, macvtap, - direct, baremetal, direct-physical, virtio-forwarder, smart-nic and - remote-managed, although these values will not be validated in this - API to ensure compatibility with future neutron changes or custom - implementations. What type of vNIC is actually available depends on - deployments. If not specified, the Neutron default value is used. - type: string - required: - - description - - name - - networkID - type: object - type: array - serverGroupID: - description: ServerGroupID is the ID of the server group the - machine should be added to and is calculated based on ServerGroupFilter. - type: string - type: object - resources: - description: Resources contains references to OpenStack resources - created for the bastion. - properties: - ports: - description: Ports is the status of the ports created for - the machine. - items: - properties: - id: - description: ID is the unique identifier of the port. - type: string - required: - - id - type: object - type: array - type: object - sshKeyName: - type: string - state: - description: InstanceState describes the state of an OpenStack - instance. - type: string - type: object - bastionSecurityGroup: - description: |- - BastionSecurityGroup contains the information about the OpenStack - Security Group that needs to be applied to worker nodes. - properties: - id: - description: id of the security group - type: string - name: - description: name of the security group - type: string - required: - - id - - name - type: object - controlPlaneSecurityGroup: - description: |- - ControlPlaneSecurityGroup contains the information about the - OpenStack Security Group that needs to be applied to control plane - nodes. - properties: - id: - description: id of the security group - type: string - name: - description: name of the security group - type: string - required: - - id - - name - type: object - externalNetwork: - description: ExternalNetwork contains information about the external - network used for default ingress and egress traffic. - properties: - id: - type: string - name: - type: string - tags: - items: - type: string - type: array - required: - - id - - name - type: object - failureDomains: - additionalProperties: - description: |- - FailureDomainSpec is the Schema for Cluster API failure domains. - It allows controllers to understand how many failure domains a cluster can optionally span across. - properties: - attributes: - additionalProperties: - type: string - description: Attributes is a free form map of attributes an - infrastructure provider might use or require. - type: object - controlPlane: - description: ControlPlane determines if this failure domain - is suitable for use by control plane machines. - type: boolean - type: object - description: FailureDomains represent OpenStack availability zones - type: object - failureMessage: - description: |- - FailureMessage will be set in the event that there is a terminal problem - reconciling the OpenStackCluster and will contain a more verbose string suitable - for logging and human consumption. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the OpenStackCluster's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of - OpenStackClusters can be added as events to the OpenStackCluster object - and/or logged in the controller's output. - type: string - failureReason: - description: |- - FailureReason will be set in the event that there is a terminal problem - reconciling the OpenStackCluster and will contain a succinct value suitable - for machine interpretation. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the OpenStackCluster's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of - OpenStackClusters can be added as events to the OpenStackCluster object - and/or logged in the controller's output. - type: string - network: - description: Network contains information about the created OpenStack - Network. - properties: - id: - type: string - name: - type: string - subnets: - description: Subnets is a list of subnets associated with the - default cluster network. Machines which use the default cluster - network will get an address from all of these subnets. - items: - description: Subnet represents basic information about the associated - OpenStack Neutron Subnet. - properties: - cidr: - type: string - id: - type: string - name: - type: string - tags: - items: - type: string - type: array - required: - - cidr - - id - - name - type: object - type: array - tags: - items: - type: string - type: array - required: - - id - - name - type: object - ready: - default: false - description: Ready is true when the cluster infrastructure is ready. - type: boolean - router: - description: Router describes the default cluster router - properties: - id: - type: string - ips: - items: - type: string - type: array - name: - type: string - tags: - items: - type: string - type: array - required: - - id - - name - type: object - workerSecurityGroup: - description: |- - WorkerSecurityGroup contains the information about the OpenStack - Security Group that needs to be applied to worker nodes. - properties: - id: - description: id of the security group - type: string - name: - description: name of the security group - type: string - required: - - id - - name - type: object - required: - - ready - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-openstackclustertemplates.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-openstackclustertemplates.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index e2b9831ef..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-openstackclustertemplates.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,1830 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - labels: - cluster.x-k8s.io/v1beta1: v1beta1 - name: openstackclustertemplates.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: OpenStackClusterTemplate - listKind: OpenStackClusterTemplateList - plural: openstackclustertemplates - shortNames: - - osct - singular: openstackclustertemplate - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: OpenStackClusterTemplate is the Schema for the openstackclustertemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: OpenStackClusterTemplateSpec defines the desired state of - OpenStackClusterTemplate. - properties: - template: - description: OpenStackClusterTemplateResource describes the data needed - to create a OpenStackCluster from a template. - properties: - spec: - description: OpenStackClusterSpec defines the desired state of - OpenStackCluster. - properties: - apiServerFixedIP: - description: |- - APIServerFixedIP is the fixed IP which will be associated with the API server. - In the case where the API server has a floating IP but not a managed load balancer, - this field is not used. - If a managed load balancer is used and this field is not specified, a fixed IP will - be dynamically allocated for the load balancer. - If a managed load balancer is not used AND the API server floating IP is disabled, - this field MUST be specified and should correspond to a pre-allocated port that - holds the fixed IP to be used as a VIP. - type: string - apiServerFloatingIP: - description: |- - APIServerFloatingIP is the floatingIP which will be associated with the API server. - The floatingIP will be created if it does not already exist. - If not specified, a new floatingIP is allocated. - This field is not used if DisableAPIServerFloatingIP is set to true. - type: string - apiServerLoadBalancer: - description: |- - APIServerLoadBalancer configures the optional LoadBalancer for the APIServer. - If not specified, no load balancer will be created for the API server. - properties: - additionalPorts: - description: AdditionalPorts adds additional tcp ports - to the load balancer. - items: - type: integer - type: array - x-kubernetes-list-type: set - allowedCIDRs: - description: AllowedCIDRs restrict access to all API-Server - listeners to the given address CIDRs. - items: - type: string - type: array - x-kubernetes-list-type: set - availabilityZone: - description: AvailabilityZone is the failure domain that - will be used to create the APIServerLoadBalancer Spec. - type: string - enabled: - default: true - description: |- - Enabled defines whether a load balancer should be created. This value - defaults to true if an APIServerLoadBalancer is given. - - - There is no reason to set this to false. To disable creation of the - API server loadbalancer, omit the APIServerLoadBalancer field in the - cluster spec instead. - type: boolean - network: - description: Network defines which network should the - load balancer be allocated on. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an - OpenStack network. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network to use. If - ID is provided, the other filters cannot be provided. - Must be in UUID format. - format: uuid - type: string - type: object - provider: - description: |- - Provider specifies name of a specific Octavia provider to use for the - API load balancer. The Octavia default will be used if it is not - specified. - type: string - subnets: - description: |- - Subnets define which subnets should the load balancer be allocated on. - It is expected that subnets are located on the network specified in this resource. - Only the first element is taken into account. - kubebuilder:validation:MaxLength:=2 - items: - description: SubnetParam specifies an OpenStack subnet - to use. It may be specified by either ID or filter, - but not both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select - the subnet. It must match exactly one subnet. - minProperties: 1 - properties: - cidr: - type: string - description: - type: string - gatewayIP: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RAMode: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the subnet. It will - not be validated. - format: uuid - type: string - type: object - type: array - x-kubernetes-list-type: atomic - required: - - enabled - type: object - apiServerPort: - description: |- - APIServerPort is the port on which the listener on the APIServer - will be created - type: integer - bastion: - description: |- - Bastion is the OpenStack instance to login the nodes - - - As a rolling update is not ideal during a bastion host session, we - prevent changes to a running bastion configuration. To make changes, it's required - to first set `enabled: false` which will remove the bastion and then changes can be made. - properties: - availabilityZone: - description: AvailabilityZone is the failure domain that - will be used to create the Bastion Spec. - type: string - enabled: - default: true - description: |- - Enabled means that bastion is enabled. The bastion is enabled by - default if this field is not specified. Set this field to false to disable the - bastion. - - - It is not currently possible to remove the bastion from the cluster - spec without first disabling it by setting this field to false and - waiting until the bastion has been deleted. - type: boolean - floatingIP: - description: |- - FloatingIP which will be associated to the bastion machine. It's the IP address, not UUID. - The floating IP should already exist and should not be associated with a port. If FIP of this address does not - exist, CAPO will try to create it, but by default only OpenStack administrators have privileges to do so. - format: ipv4 - type: string - spec: - description: Spec for the bastion itself - properties: - additionalBlockDevices: - description: AdditionalBlockDevices is a list of specifications - for additional block devices to attach to the server - instance - items: - description: AdditionalBlockDevice is a block device - to attach to the server. - properties: - name: - description: |- - Name of the block device in the context of a machine. - If the block device is a volume, the Cinder volume will be named - as a combination of the machine name and this name. - Also, this name will be used for tagging the block device. - Information about the block device tag can be obtained from the OpenStack - metadata API or the config drive. - Name cannot be 'root', which is reserved for the root volume. - type: string - sizeGiB: - description: SizeGiB is the size of the block - device in gibibytes (GiB). - minimum: 1 - type: integer - storage: - description: |- - Storage specifies the storage type of the block device and - additional storage options. - properties: - type: - description: |- - Type is the type of block device to create. - This can be either "Volume" or "Local". - type: string - volume: - description: Volume contains additional - storage options for a volume block device. - properties: - availabilityZone: - description: |- - AvailabilityZone is the volume availability zone to create the volume - in. If not specified, the volume will be created without an explicit - availability zone. - properties: - from: - default: Name - description: |- - From specifies where we will obtain the availability zone for the - volume. The options are "Name" and "Machine". If "Name" is specified - then the Name field must also be specified. If "Machine" is specified - the volume will use the value of FailureDomain, if any, from the - associated Machine. - enum: - - Name - - Machine - type: string - name: - description: |- - Name is the name of a volume availability zone to use. It is required - if From is "Name". The volume availability zone name may not contain - spaces. - minLength: 1 - pattern: ^[^ ]+$ - type: string - type: object - x-kubernetes-validations: - - message: name is required when from - is 'Name' or default - rule: '!has(self.from) || self.from - == ''Name'' ? has(self.name) : !has(self.name)' - type: - description: |- - Type is the Cinder volume type of the volume. - If omitted, the default Cinder volume type that is configured in the OpenStack cloud - will be used. - type: string - type: object - required: - - type - type: object - required: - - name - - sizeGiB - - storage - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - configDrive: - description: Config Drive support - type: boolean - flavor: - description: The flavor reference for the flavor for - your server instance. - type: string - floatingIPPoolRef: - description: |- - floatingIPPoolRef is a reference to a IPPool that will be assigned - to an IPAddressClaim. Once the IPAddressClaim is fulfilled, the FloatingIP - will be assigned to the OpenStackMachine. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - identityRef: - description: |- - IdentityRef is a reference to a secret holding OpenStack credentials - to be used when reconciling this machine. If not specified, the - credentials specified in the cluster will be used. - properties: - cloudName: - description: CloudName specifies the name of the - entry in the clouds.yaml file to use. - type: string - name: - description: |- - Name is the name of a secret in the same namespace as the resource being provisioned. - The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file. - The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate. - type: string - required: - - cloudName - - name - type: object - image: - description: |- - The image to use for your server instance. - If the rootVolume is specified, this will be used when creating the root volume. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: |- - Filter describes a query for an image. If specified, the combination - of name and tags must return a single matching image or an error will - be raised. - minProperties: 1 - properties: - name: - description: The name of the desired image. - If specified, the combination of name and - tags must return a single matching image - or an error will be raised. - type: string - tags: - description: The tags associated with the - desired image. If specified, the combination - of name and tags must return a single matching - image or an error will be raised. - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the image. ID will - not be validated before use. - format: uuid - type: string - type: object - ports: - description: |- - Ports to be attached to the server instance. They are created if a port with the given name does not already exist. - If not specified a default port will be added for the default cluster network. - items: - properties: - adminStateUp: - description: AdminStateUp specifies whether - the port should be created in the up (true) - or down (false) state. The default is up. - type: boolean - allowedAddressPairs: - description: |- - AllowedAddressPairs is a list of address pairs which Neutron will - allow the port to send traffic from in addition to the port's - addresses. If not specified, the MAC Address will be the MAC Address - of the port. Depending on the configuration of Neutron, it may be - supported to specify a CIDR instead of a specific IP address. - items: - properties: - ipAddress: - description: |- - IPAddress is the IP address of the allowed address pair. Depending on - the configuration of Neutron, it may be supported to specify a CIDR - instead of a specific IP address. - type: string - macAddress: - description: |- - MACAddress is the MAC address of the allowed address pair. If not - specified, the MAC address will be the MAC address of the port. - type: string - required: - - ipAddress - type: object - type: array - description: - description: Description is a human-readable - description for the port. - type: string - disablePortSecurity: - description: |- - DisablePortSecurity enables or disables the port security when set. - When not set, it takes the value of the corresponding field at the network level. - type: boolean - fixedIPs: - description: FixedIPs is a list of pairs of - subnet and/or IP address to assign to the - port. If specified, these must be subnets - of the port's network. - items: - properties: - ipAddress: - description: |- - IPAddress is a specific IP address to assign to the port. If Subnet - is also specified, IPAddress must be a valid IP address in the - subnet. If Subnet is not specified, IPAddress must be a valid IP - address in any subnet of the port's network. - type: string - subnet: - description: |- - Subnet is an openstack subnet query that will return the id of a subnet to create - the fixed IP of a port in. This query must not return more than one subnet. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter - to select the subnet. It must match - exactly one subnet. - minProperties: 1 - properties: - cidr: - type: string - description: - type: string - gatewayIP: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RAMode: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the - subnet. It will not be validated. - format: uuid - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - hostID: - description: HostID specifies the ID of the - host where the port resides. - type: string - macAddress: - description: MACAddress specifies the MAC address - of the port. If not specified, the MAC address - will be generated. - type: string - nameSuffix: - description: NameSuffix will be appended to - the name of the port if specified. If unspecified, - instead the 0-based index of the port in the - list is used. - type: string - network: - description: |- - Network is a query for an openstack network that the port will be created or discovered on. - This will fail if the query returns more than one network. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to - select an OpenStack network. If provided, - cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network - to use. If ID is provided, the other filters - cannot be provided. Must be in UUID format. - format: uuid - type: string - type: object - profile: - description: |- - Profile is a set of key-value pairs that are used for binding - details. We intentionally don't expose this as a map[string]string - because we only want to enable the users to set the values of the - keys that are known to work in OpenStack Networking API. See - https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port - To set profiles, your tenant needs permissions rule:create_port, and - rule:create_port:binding:profile - properties: - ovsHWOffload: - description: OVSHWOffload enables or disables - the OVS hardware offload feature. - type: boolean - trustedVF: - description: TrustedVF enables or disables - the “trusted mode” for the VF. - type: boolean - type: object - propagateUplinkStatus: - description: PropageteUplinkStatus enables or - disables the propagate uplink status on the - port. - type: boolean - securityGroups: - description: SecurityGroups is a list of the - names, uuids, filters or any combination these - of the security groups to assign to the instance. - items: - description: SecurityGroupParam specifies - an OpenStack security group. It may be specified - by ID or filter, but not both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query - to select an OpenStack security group. - If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the security - group to use. If ID is provided, the - other filters cannot be provided. Must - be in UUID format. - format: uuid - type: string - type: object - type: array - x-kubernetes-list-type: atomic - tags: - description: |- - Tags applied to the port (and corresponding trunk, if a trunk is configured.) - These tags are applied in addition to the instance's tags, which will also be applied to the port. - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: |- - Trunk specifies whether trunking is enabled at the port level. If not - provided the value is inherited from the machine, or false for a - bastion host. - type: boolean - valueSpecs: - description: |- - Value specs are extra parameters to include in the API request with OpenStack. - This is an extension point for the API, so what they do and if they are supported, - depends on the specific OpenStack implementation. - items: - description: ValueSpec represents a single - value_spec key-value pair. - properties: - key: - description: Key is the key in the key-value - pair. - type: string - name: - description: |- - Name is the name of the key-value pair. - This is just for identifying the pair and will not be sent to the OpenStack API. - type: string - value: - description: Value is the value in the - key-value pair. - type: string - required: - - key - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - vnicType: - description: |- - VNICType specifies the type of vNIC which this port should be - attached to. This is used to determine which mechanism driver(s) to - be used to bind the port. The valid values are normal, macvtap, - direct, baremetal, direct-physical, virtio-forwarder, smart-nic and - remote-managed, although these values will not be validated in this - API to ensure compatibility with future neutron changes or custom - implementations. What type of vNIC is actually available depends on - deployments. If not specified, the Neutron default value is used. - type: string - type: object - type: array - providerID: - description: ProviderID is the unique identifier as - specified by the cloud provider. - type: string - rootVolume: - description: The volume metadata to boot from - properties: - availabilityZone: - description: |- - AvailabilityZone is the volume availability zone to create the volume - in. If not specified, the volume will be created without an explicit - availability zone. - properties: - from: - default: Name - description: |- - From specifies where we will obtain the availability zone for the - volume. The options are "Name" and "Machine". If "Name" is specified - then the Name field must also be specified. If "Machine" is specified - the volume will use the value of FailureDomain, if any, from the - associated Machine. - enum: - - Name - - Machine - type: string - name: - description: |- - Name is the name of a volume availability zone to use. It is required - if From is "Name". The volume availability zone name may not contain - spaces. - minLength: 1 - pattern: ^[^ ]+$ - type: string - type: object - x-kubernetes-validations: - - message: name is required when from is 'Name' - or default - rule: '!has(self.from) || self.from == ''Name'' - ? has(self.name) : !has(self.name)' - sizeGiB: - description: SizeGiB is the size of the block - device in gibibytes (GiB). - minimum: 1 - type: integer - type: - description: |- - Type is the Cinder volume type of the volume. - If omitted, the default Cinder volume type that is configured in the OpenStack cloud - will be used. - type: string - required: - - sizeGiB - type: object - securityGroups: - description: The names of the security groups to assign - to the instance - items: - description: SecurityGroupParam specifies an OpenStack - security group. It may be specified by ID or filter, - but not both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query to select - an OpenStack security group. If provided, - cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the security group - to use. If ID is provided, the other filters - cannot be provided. Must be in UUID format. - format: uuid - type: string - type: object - type: array - serverGroup: - description: The server group to assign the machine - to. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query to select - an OpenStack server group. If provided, it cannot - be empty. - minProperties: 1 - properties: - name: - description: Name is the name of a server - group to look for. - type: string - type: object - id: - description: ID is the ID of the server group - to use. - format: uuid - type: string - type: object - serverMetadata: - description: Metadata mapping. Allows you to create - a map of key value pairs to add to the server instance. - items: - properties: - key: - description: Key is the server metadata key - maxLength: 255 - type: string - value: - description: Value is the server metadata value - maxLength: 255 - type: string - required: - - key - - value - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - sshKeyName: - description: The ssh key to inject in the instance - type: string - tags: - description: |- - Tags which will be added to the machine and all dependent resources - which support them. These are in addition to Tags defined on the - cluster. - Requires Nova api 2.52 minimum! - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: Whether the server instance is created - on a trunk port or not. - type: boolean - required: - - flavor - - image - type: object - type: object - x-kubernetes-validations: - - message: spec is required if bastion is enabled - rule: '!self.enabled || has(self.spec)' - controlPlaneAvailabilityZones: - description: |- - ControlPlaneAvailabilityZones is the set of availability zones which - control plane machines may be deployed to. - items: - type: string - type: array - x-kubernetes-list-type: set - controlPlaneEndpoint: - description: |- - ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. - It is normally populated automatically by the OpenStackCluster - controller during cluster provisioning. If it is set on creation the - control plane endpoint will use the values set here in preference to - values set elsewhere. - ControlPlaneEndpoint cannot be modified after ControlPlaneEndpoint.Host has been set. - properties: - host: - description: The hostname on which the API server is serving. - type: string - port: - description: The port on which the API server is serving. - format: int32 - type: integer - required: - - host - - port - type: object - controlPlaneOmitAvailabilityZone: - description: |- - ControlPlaneOmitAvailabilityZone causes availability zone to be - omitted when creating control plane nodes, allowing the Nova - scheduler to make a decision on which availability zone to use based - on other scheduling constraints - type: boolean - disableAPIServerFloatingIP: - description: |- - DisableAPIServerFloatingIP determines whether or not to attempt to attach a floating - IP to the API server. This allows for the creation of clusters when attaching a floating - IP to the API server (and hence, in many cases, exposing the API server to the internet) - is not possible or desirable, e.g. if using a shared VLAN for communication between - management and workload clusters or when the management cluster is inside the - project network. - This option requires that the API server use a VIP on the cluster network so that the - underlying machines can change without changing ControlPlaneEndpoint.Host. - When using a managed load balancer, this VIP will be managed automatically. - If not using a managed load balancer, cluster configuration will fail without additional - configuration to manage the VIP on the control plane machines, which falls outside of - the scope of this controller. - type: boolean - disableExternalNetwork: - description: |- - DisableExternalNetwork specifies whether or not to attempt to connect the cluster - to an external network. This allows for the creation of clusters when connecting - to an external network is not possible or desirable, e.g. if using a provider network. - type: boolean - disablePortSecurity: - description: |- - DisablePortSecurity disables the port security of the network created for the - Kubernetes cluster, which also disables SecurityGroups - type: boolean - externalNetwork: - description: |- - ExternalNetwork is the OpenStack Network to be used to get public internet to the VMs. - This option is ignored if DisableExternalNetwork is set to true. - - - If ExternalNetwork is defined it must refer to exactly one external network. - - - If ExternalNetwork is not defined or is empty the controller will use any - existing external network as long as there is only one. It is an - error if ExternalNetwork is not defined and there are multiple - external networks unless DisableExternalNetwork is also set. - - - If ExternalNetwork is not defined and there are no external networks - the controller will proceed as though DisableExternalNetwork was set. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an OpenStack - network. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network to use. If ID - is provided, the other filters cannot be provided. Must - be in UUID format. - format: uuid - type: string - type: object - externalRouterIPs: - description: |- - ExternalRouterIPs is an array of externalIPs on the respective subnets. - This is necessary if the router needs a fixed ip in a specific subnet. - items: - properties: - fixedIP: - description: The FixedIP in the corresponding subnet - type: string - subnet: - description: The subnet in which the FixedIP is used - for the Gateway of this router - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select - the subnet. It must match exactly one subnet. - minProperties: 1 - properties: - cidr: - type: string - description: - type: string - gatewayIP: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RAMode: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the subnet. It will - not be validated. - format: uuid - type: string - type: object - required: - - subnet - type: object - type: array - x-kubernetes-list-type: atomic - identityRef: - description: |- - IdentityRef is a reference to a secret holding OpenStack credentials - to be used when reconciling this cluster. It is also to reconcile - machines unless overridden in the machine spec. - properties: - cloudName: - description: CloudName specifies the name of the entry - in the clouds.yaml file to use. - type: string - name: - description: |- - Name is the name of a secret in the same namespace as the resource being provisioned. - The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file. - The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate. - type: string - required: - - cloudName - - name - type: object - managedSecurityGroups: - description: |- - ManagedSecurityGroups determines whether OpenStack security groups for the cluster - will be managed by the OpenStack provider or whether pre-existing security groups will - be specified as part of the configuration. - By default, the managed security groups have rules that allow the Kubelet, etcd, and the - Kubernetes API server to function correctly. - It's possible to add additional rules to the managed security groups. - When defined to an empty struct, the managed security groups will be created with the default rules. - properties: - allNodesSecurityGroupRules: - description: allNodesSecurityGroupRules defines the rules - that should be applied to all nodes. - items: - description: |- - SecurityGroupRuleSpec represent the basic information of the associated OpenStack - Security Group Role. - For now this is only used for the allNodesSecurityGroupRules but when we add - other security groups, we'll need to add a validation because - Remote* fields are mutually exclusive. - properties: - description: - description: description of the security group rule. - type: string - direction: - description: |- - direction in which the security group rule is applied. The only values - allowed are "ingress" or "egress". For a compute instance, an ingress - security group rule is applied to incoming (ingress) traffic for that - instance. An egress rule is applied to traffic leaving the instance. - type: string - etherType: - description: |- - etherType must be IPv4 or IPv6, and addresses represented in CIDR must match the - ingress or egress rules. - type: string - name: - description: |- - name of the security group rule. - It's used to identify the rule so it can be patched and will not be sent to the OpenStack API. - type: string - portRangeMax: - description: |- - portRangeMax is a number in the range that is matched by the security group - rule. The portRangeMin attribute constrains the portRangeMax attribute. - type: integer - portRangeMin: - description: |- - portRangeMin is a number in the range that is matched by the security group - rule. If the protocol is TCP or UDP, this value must be less than or equal - to the value of the portRangeMax attribute. - type: integer - protocol: - description: protocol is the protocol that is matched - by the security group rule. - type: string - remoteGroupID: - description: |- - remoteGroupID is the remote group ID to be associated with this security group rule. - You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups. - type: string - remoteIPPrefix: - description: |- - remoteIPPrefix is the remote IP prefix to be associated with this security group rule. - You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups. - type: string - remoteManagedGroups: - description: |- - remoteManagedGroups is the remote managed groups to be associated with this security group rule. - You can specify either remoteGroupID or remoteIPPrefix or remoteManagedGroups. - items: - enum: - - bastion - - controlplane - - worker - type: string - type: array - required: - - direction - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - allowAllInClusterTraffic: - default: false - description: AllowAllInClusterTraffic allows all ingress - and egress traffic between cluster nodes when set to - true. - type: boolean - required: - - allowAllInClusterTraffic - type: object - managedSubnets: - description: |- - ManagedSubnets describe OpenStack Subnets to be created. Cluster actuator will create a network, - subnets with the defined CIDR, and a router connected to these subnets. Currently only one IPv4 - subnet is supported. If you leave this empty, no network will be created. - items: - properties: - allocationPools: - description: |- - AllocationPools is an array of AllocationPool objects that will be applied to OpenStack Subnet being created. - If set, OpenStack will only allocate these IPs for Machines. It will still be possible to create ports from - outside of these ranges manually. - items: - properties: - end: - description: End represents the end of the AlloctionPool, - that is the highest IP of the pool. - type: string - start: - description: Start represents the start of the - AllocationPool, that is the lowest IP of the - pool. - type: string - required: - - end - - start - type: object - type: array - cidr: - description: |- - CIDR is representing the IP address range used to create the subnet, e.g. 10.0.0.0/24. - This field is required when defining a subnet. - type: string - dnsNameservers: - description: |- - DNSNameservers holds a list of DNS server addresses that will be provided when creating - the subnet. These addresses need to have the same IP version as CIDR. - items: - type: string - type: array - required: - - cidr - type: object - maxItems: 1 - type: array - x-kubernetes-list-type: atomic - network: - description: |- - Network specifies an existing network to use if no ManagedSubnets - are specified. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an OpenStack - network. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network to use. If ID - is provided, the other filters cannot be provided. Must - be in UUID format. - format: uuid - type: string - type: object - networkMTU: - description: |- - NetworkMTU sets the maximum transmission unit (MTU) value to address fragmentation for the private network ID. - This value will be used only if the Cluster actuator creates the network. - If left empty, the network will have the default MTU defined in Openstack network service. - To use this field, the Openstack installation requires the net-mtu neutron API extension. - type: integer - router: - description: |- - Router specifies an existing router to be used if ManagedSubnets are - specified. If specified, no new router will be created. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an OpenStack - router. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the router to use. If ID - is provided, the other filters cannot be provided. Must - be in UUID format. - format: uuid - type: string - type: object - subnets: - description: |- - Subnets specifies existing subnets to use if not ManagedSubnets are - specified. All subnets must be in the network specified by Network. - There can be zero, one, or two subnets. If no subnets are specified, - all subnets in Network will be used. If 2 subnets are specified, one - must be IPv4 and the other IPv6. - items: - description: SubnetParam specifies an OpenStack subnet to - use. It may be specified by either ID or filter, but not - both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select the - subnet. It must match exactly one subnet. - minProperties: 1 - properties: - cidr: - type: string - description: - type: string - gatewayIP: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RAMode: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the subnet. It will not - be validated. - format: uuid - type: string - type: object - maxItems: 2 - type: array - x-kubernetes-list-type: atomic - tags: - description: Tags to set on all resources in cluster which - support tags - items: - type: string - type: array - x-kubernetes-list-type: set - required: - - identityRef - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-openstackfloatingippools.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-openstackfloatingippools.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index 180260385..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-openstackfloatingippools.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,258 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - labels: - cluster.x-k8s.io/v1beta1: v1alpha1 - name: openstackfloatingippools.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - kind: OpenStackFloatingIPPool - listKind: OpenStackFloatingIPPoolList - plural: openstackfloatingippools - singular: openstackfloatingippool - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: OpenStackFloatingIPPool is the Schema for the openstackfloatingippools - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: OpenStackFloatingIPPoolSpec defines the desired state of - OpenStackFloatingIPPool. - properties: - floatingIPNetwork: - description: FloatingIPNetwork is the external network to use for - floating ips, if there's only one external network it will be used - by default - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an OpenStack - network. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network to use. If ID is provided, - the other filters cannot be provided. Must be in UUID format. - format: uuid - type: string - type: object - identityRef: - description: IdentityRef is a reference to a identity to be used when - reconciling this pool. - properties: - cloudName: - description: CloudName specifies the name of the entry in the - clouds.yaml file to use. - type: string - name: - description: |- - Name is the name of a secret in the same namespace as the resource being provisioned. - The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file. - The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate. - type: string - required: - - cloudName - - name - type: object - maxIPs: - description: |- - MaxIPs is the maximum number of floating ips that can be allocated from this pool, if nil there is no limit. - If set, the pool will stop allocating floating ips when it reaches this number of ClaimedIPs. - type: integer - preAllocatedFloatingIPs: - description: |- - PreAllocatedFloatingIPs is a list of floating IPs precreated in OpenStack that should be used by this pool. - These are used before allocating new ones and are not deleted from OpenStack when the pool is deleted. - items: - type: string - type: array - reclaimPolicy: - description: The stratergy to use for reclaiming floating ips when - they are released from a machine - enum: - - Retain - - Delete - type: string - required: - - identityRef - - reclaimPolicy - type: object - status: - description: OpenStackFloatingIPPoolStatus defines the observed state - of OpenStackFloatingIPPool. - properties: - availableIPs: - default: [] - items: - type: string - type: array - claimedIPs: - default: [] - items: - type: string - type: array - conditions: - description: Conditions provide observations of the operational state - of a Cluster API resource. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failedIPs: - description: FailedIPs contains a list of floating ips that failed - to be allocated - items: - type: string - type: array - floatingIPNetwork: - description: floatingIPNetwork contains information about the network - used for floating ips - properties: - id: - type: string - name: - type: string - tags: - items: - type: string - type: array - required: - - id - - name - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-openstackmachines.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-openstackmachines.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index 54cdf2c76..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-openstackmachines.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,1152 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - labels: - cluster.x-k8s.io/v1beta1: v1beta1 - name: openstackmachines.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: OpenStackMachine - listKind: OpenStackMachineList - plural: openstackmachines - shortNames: - - osm - singular: openstackmachine - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster to which this OpenStackMachine belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - description: OpenStack instance state - jsonPath: .status.instanceState - name: InstanceState - type: string - - description: Machine ready status - jsonPath: .status.ready - name: Ready - type: string - - description: OpenStack instance ID - jsonPath: .spec.providerID - name: ProviderID - type: string - - description: Machine object which owns with this OpenStackMachine - jsonPath: .metadata.ownerReferences[?(@.kind=="Machine")].name - name: Machine - type: string - - description: Time duration since creation of OpenStackMachine - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: OpenStackMachine is the Schema for the openstackmachines API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: OpenStackMachineSpec defines the desired state of OpenStackMachine. - properties: - additionalBlockDevices: - description: AdditionalBlockDevices is a list of specifications for - additional block devices to attach to the server instance - items: - description: AdditionalBlockDevice is a block device to attach to - the server. - properties: - name: - description: |- - Name of the block device in the context of a machine. - If the block device is a volume, the Cinder volume will be named - as a combination of the machine name and this name. - Also, this name will be used for tagging the block device. - Information about the block device tag can be obtained from the OpenStack - metadata API or the config drive. - Name cannot be 'root', which is reserved for the root volume. - type: string - sizeGiB: - description: SizeGiB is the size of the block device in gibibytes - (GiB). - minimum: 1 - type: integer - storage: - description: |- - Storage specifies the storage type of the block device and - additional storage options. - properties: - type: - description: |- - Type is the type of block device to create. - This can be either "Volume" or "Local". - type: string - volume: - description: Volume contains additional storage options - for a volume block device. - properties: - availabilityZone: - description: |- - AvailabilityZone is the volume availability zone to create the volume - in. If not specified, the volume will be created without an explicit - availability zone. - properties: - from: - default: Name - description: |- - From specifies where we will obtain the availability zone for the - volume. The options are "Name" and "Machine". If "Name" is specified - then the Name field must also be specified. If "Machine" is specified - the volume will use the value of FailureDomain, if any, from the - associated Machine. - enum: - - Name - - Machine - type: string - name: - description: |- - Name is the name of a volume availability zone to use. It is required - if From is "Name". The volume availability zone name may not contain - spaces. - minLength: 1 - pattern: ^[^ ]+$ - type: string - type: object - x-kubernetes-validations: - - message: name is required when from is 'Name' or default - rule: '!has(self.from) || self.from == ''Name'' ? - has(self.name) : !has(self.name)' - type: - description: |- - Type is the Cinder volume type of the volume. - If omitted, the default Cinder volume type that is configured in the OpenStack cloud - will be used. - type: string - type: object - required: - - type - type: object - required: - - name - - sizeGiB - - storage - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - configDrive: - description: Config Drive support - type: boolean - flavor: - description: The flavor reference for the flavor for your server instance. - type: string - floatingIPPoolRef: - description: |- - floatingIPPoolRef is a reference to a IPPool that will be assigned - to an IPAddressClaim. Once the IPAddressClaim is fulfilled, the FloatingIP - will be assigned to the OpenStackMachine. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - identityRef: - description: |- - IdentityRef is a reference to a secret holding OpenStack credentials - to be used when reconciling this machine. If not specified, the - credentials specified in the cluster will be used. - properties: - cloudName: - description: CloudName specifies the name of the entry in the - clouds.yaml file to use. - type: string - name: - description: |- - Name is the name of a secret in the same namespace as the resource being provisioned. - The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file. - The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate. - type: string - required: - - cloudName - - name - type: object - image: - description: |- - The image to use for your server instance. - If the rootVolume is specified, this will be used when creating the root volume. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: |- - Filter describes a query for an image. If specified, the combination - of name and tags must return a single matching image or an error will - be raised. - minProperties: 1 - properties: - name: - description: The name of the desired image. If specified, - the combination of name and tags must return a single matching - image or an error will be raised. - type: string - tags: - description: The tags associated with the desired image. If - specified, the combination of name and tags must return - a single matching image or an error will be raised. - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the image. ID will not be validated - before use. - format: uuid - type: string - type: object - ports: - description: |- - Ports to be attached to the server instance. They are created if a port with the given name does not already exist. - If not specified a default port will be added for the default cluster network. - items: - properties: - adminStateUp: - description: AdminStateUp specifies whether the port should - be created in the up (true) or down (false) state. The default - is up. - type: boolean - allowedAddressPairs: - description: |- - AllowedAddressPairs is a list of address pairs which Neutron will - allow the port to send traffic from in addition to the port's - addresses. If not specified, the MAC Address will be the MAC Address - of the port. Depending on the configuration of Neutron, it may be - supported to specify a CIDR instead of a specific IP address. - items: - properties: - ipAddress: - description: |- - IPAddress is the IP address of the allowed address pair. Depending on - the configuration of Neutron, it may be supported to specify a CIDR - instead of a specific IP address. - type: string - macAddress: - description: |- - MACAddress is the MAC address of the allowed address pair. If not - specified, the MAC address will be the MAC address of the port. - type: string - required: - - ipAddress - type: object - type: array - description: - description: Description is a human-readable description for - the port. - type: string - disablePortSecurity: - description: |- - DisablePortSecurity enables or disables the port security when set. - When not set, it takes the value of the corresponding field at the network level. - type: boolean - fixedIPs: - description: FixedIPs is a list of pairs of subnet and/or IP - address to assign to the port. If specified, these must be - subnets of the port's network. - items: - properties: - ipAddress: - description: |- - IPAddress is a specific IP address to assign to the port. If Subnet - is also specified, IPAddress must be a valid IP address in the - subnet. If Subnet is not specified, IPAddress must be a valid IP - address in any subnet of the port's network. - type: string - subnet: - description: |- - Subnet is an openstack subnet query that will return the id of a subnet to create - the fixed IP of a port in. This query must not return more than one subnet. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select the - subnet. It must match exactly one subnet. - minProperties: 1 - properties: - cidr: - type: string - description: - type: string - gatewayIP: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RAMode: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the subnet. It will - not be validated. - format: uuid - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - hostID: - description: HostID specifies the ID of the host where the port - resides. - type: string - macAddress: - description: MACAddress specifies the MAC address of the port. - If not specified, the MAC address will be generated. - type: string - nameSuffix: - description: NameSuffix will be appended to the name of the - port if specified. If unspecified, instead the 0-based index - of the port in the list is used. - type: string - network: - description: |- - Network is a query for an openstack network that the port will be created or discovered on. - This will fail if the query returns more than one network. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select an OpenStack - network. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network to use. If ID is - provided, the other filters cannot be provided. Must be - in UUID format. - format: uuid - type: string - type: object - profile: - description: |- - Profile is a set of key-value pairs that are used for binding - details. We intentionally don't expose this as a map[string]string - because we only want to enable the users to set the values of the - keys that are known to work in OpenStack Networking API. See - https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port - To set profiles, your tenant needs permissions rule:create_port, and - rule:create_port:binding:profile - properties: - ovsHWOffload: - description: OVSHWOffload enables or disables the OVS hardware - offload feature. - type: boolean - trustedVF: - description: TrustedVF enables or disables the “trusted - mode” for the VF. - type: boolean - type: object - propagateUplinkStatus: - description: PropageteUplinkStatus enables or disables the propagate - uplink status on the port. - type: boolean - securityGroups: - description: SecurityGroups is a list of the names, uuids, filters - or any combination these of the security groups to assign - to the instance. - items: - description: SecurityGroupParam specifies an OpenStack security - group. It may be specified by ID or filter, but not both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query to select an OpenStack - security group. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the security group to use. - If ID is provided, the other filters cannot be provided. - Must be in UUID format. - format: uuid - type: string - type: object - type: array - x-kubernetes-list-type: atomic - tags: - description: |- - Tags applied to the port (and corresponding trunk, if a trunk is configured.) - These tags are applied in addition to the instance's tags, which will also be applied to the port. - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: |- - Trunk specifies whether trunking is enabled at the port level. If not - provided the value is inherited from the machine, or false for a - bastion host. - type: boolean - valueSpecs: - description: |- - Value specs are extra parameters to include in the API request with OpenStack. - This is an extension point for the API, so what they do and if they are supported, - depends on the specific OpenStack implementation. - items: - description: ValueSpec represents a single value_spec key-value - pair. - properties: - key: - description: Key is the key in the key-value pair. - type: string - name: - description: |- - Name is the name of the key-value pair. - This is just for identifying the pair and will not be sent to the OpenStack API. - type: string - value: - description: Value is the value in the key-value pair. - type: string - required: - - key - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - vnicType: - description: |- - VNICType specifies the type of vNIC which this port should be - attached to. This is used to determine which mechanism driver(s) to - be used to bind the port. The valid values are normal, macvtap, - direct, baremetal, direct-physical, virtio-forwarder, smart-nic and - remote-managed, although these values will not be validated in this - API to ensure compatibility with future neutron changes or custom - implementations. What type of vNIC is actually available depends on - deployments. If not specified, the Neutron default value is used. - type: string - type: object - type: array - providerID: - description: ProviderID is the unique identifier as specified by the - cloud provider. - type: string - rootVolume: - description: The volume metadata to boot from - properties: - availabilityZone: - description: |- - AvailabilityZone is the volume availability zone to create the volume - in. If not specified, the volume will be created without an explicit - availability zone. - properties: - from: - default: Name - description: |- - From specifies where we will obtain the availability zone for the - volume. The options are "Name" and "Machine". If "Name" is specified - then the Name field must also be specified. If "Machine" is specified - the volume will use the value of FailureDomain, if any, from the - associated Machine. - enum: - - Name - - Machine - type: string - name: - description: |- - Name is the name of a volume availability zone to use. It is required - if From is "Name". The volume availability zone name may not contain - spaces. - minLength: 1 - pattern: ^[^ ]+$ - type: string - type: object - x-kubernetes-validations: - - message: name is required when from is 'Name' or default - rule: '!has(self.from) || self.from == ''Name'' ? has(self.name) - : !has(self.name)' - sizeGiB: - description: SizeGiB is the size of the block device in gibibytes - (GiB). - minimum: 1 - type: integer - type: - description: |- - Type is the Cinder volume type of the volume. - If omitted, the default Cinder volume type that is configured in the OpenStack cloud - will be used. - type: string - required: - - sizeGiB - type: object - securityGroups: - description: The names of the security groups to assign to the instance - items: - description: SecurityGroupParam specifies an OpenStack security - group. It may be specified by ID or filter, but not both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query to select an OpenStack - security group. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the security group to use. If ID - is provided, the other filters cannot be provided. Must be - in UUID format. - format: uuid - type: string - type: object - type: array - serverGroup: - description: The server group to assign the machine to. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query to select an OpenStack server - group. If provided, it cannot be empty. - minProperties: 1 - properties: - name: - description: Name is the name of a server group to look for. - type: string - type: object - id: - description: ID is the ID of the server group to use. - format: uuid - type: string - type: object - serverMetadata: - description: Metadata mapping. Allows you to create a map of key value - pairs to add to the server instance. - items: - properties: - key: - description: Key is the server metadata key - maxLength: 255 - type: string - value: - description: Value is the server metadata value - maxLength: 255 - type: string - required: - - key - - value - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - sshKeyName: - description: The ssh key to inject in the instance - type: string - tags: - description: |- - Tags which will be added to the machine and all dependent resources - which support them. These are in addition to Tags defined on the - cluster. - Requires Nova api 2.52 minimum! - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: Whether the server instance is created on a trunk port - or not. - type: boolean - required: - - flavor - - image - type: object - status: - description: OpenStackMachineStatus defines the observed state of OpenStackMachine. - properties: - addresses: - description: Addresses contains the OpenStack instance associated - addresses. - items: - description: NodeAddress contains information for the node's address. - properties: - address: - description: The node address. - type: string - type: - description: Node address type, one of Hostname, ExternalIP - or InternalIP. - type: string - required: - - address - - type - type: object - type: array - conditions: - description: Conditions provide observations of the operational state - of a Cluster API resource. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. - type: string - severity: - description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failureMessage: - description: |- - FailureMessage will be set in the event that there is a terminal problem - reconciling the Machine and will contain a more verbose string suitable - for logging and human consumption. - - - This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over - time (like service outages), but instead indicate that something is - fundamentally wrong with the Machine's spec or the configuration of - the controller, and that manual intervention is required. Examples - of terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the - responsible controller itself being critically misconfigured. - - - Any transient errors that occur during the reconciliation of Machines - can be added as events to the Machine object and/or logged in the - controller's output. - type: string - failureReason: - description: MachineStatusError defines errors states for Machine - objects. - type: string - instanceID: - description: InstanceID is the OpenStack instance ID for this machine. - type: string - instanceState: - description: InstanceState is the state of the OpenStack instance - for this machine. - type: string - ready: - description: Ready is true when the provider resource is ready. - type: boolean - resolved: - description: |- - Resolved contains parts of the machine spec with all external - references fully resolved. - properties: - imageID: - description: ImageID is the ID of the image to use for the machine - and is calculated based on ImageFilter. - type: string - ports: - description: Ports is the fully resolved list of ports to create - for the machine. - items: - description: ResolvedPortSpec is a PortOpts with all contained - references fully resolved. - properties: - adminStateUp: - description: AdminStateUp specifies whether the port should - be created in the up (true) or down (false) state. The - default is up. - type: boolean - allowedAddressPairs: - description: |- - AllowedAddressPairs is a list of address pairs which Neutron will - allow the port to send traffic from in addition to the port's - addresses. If not specified, the MAC Address will be the MAC Address - of the port. Depending on the configuration of Neutron, it may be - supported to specify a CIDR instead of a specific IP address. - items: - properties: - ipAddress: - description: |- - IPAddress is the IP address of the allowed address pair. Depending on - the configuration of Neutron, it may be supported to specify a CIDR - instead of a specific IP address. - type: string - macAddress: - description: |- - MACAddress is the MAC address of the allowed address pair. If not - specified, the MAC address will be the MAC address of the port. - type: string - required: - - ipAddress - type: object - type: array - description: - description: Description is a human-readable description - for the port. - type: string - disablePortSecurity: - description: |- - DisablePortSecurity enables or disables the port security when set. - When not set, it takes the value of the corresponding field at the network level. - type: boolean - fixedIPs: - description: FixedIPs is a list of pairs of subnet and/or - IP address to assign to the port. If specified, these - must be subnets of the port's network. - items: - description: ResolvedFixedIP is a FixedIP with the Subnet - resolved to an ID. - properties: - ipAddress: - description: |- - IPAddress is a specific IP address to assign to the port. If SubnetID - is also specified, IPAddress must be a valid IP address in the - subnet. If Subnet is not specified, IPAddress must be a valid IP - address in any subnet of the port's network. - type: string - subnet: - description: SubnetID is the id of a subnet to create - the fixed IP of a port in. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - hostID: - description: HostID specifies the ID of the host where the - port resides. - type: string - macAddress: - description: MACAddress specifies the MAC address of the - port. If not specified, the MAC address will be generated. - type: string - name: - description: Name is the name of the port. - type: string - networkID: - description: NetworkID is the ID of the network the port - will be created in. - type: string - profile: - description: |- - Profile is a set of key-value pairs that are used for binding - details. We intentionally don't expose this as a map[string]string - because we only want to enable the users to set the values of the - keys that are known to work in OpenStack Networking API. See - https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port - To set profiles, your tenant needs permissions rule:create_port, and - rule:create_port:binding:profile - properties: - ovsHWOffload: - description: OVSHWOffload enables or disables the OVS - hardware offload feature. - type: boolean - trustedVF: - description: TrustedVF enables or disables the “trusted - mode” for the VF. - type: boolean - type: object - propagateUplinkStatus: - description: PropageteUplinkStatus enables or disables the - propagate uplink status on the port. - type: boolean - securityGroups: - description: SecurityGroups is a list of security group - IDs to assign to the port. - items: - type: string - type: array - x-kubernetes-list-type: atomic - tags: - description: Tags applied to the port (and corresponding - trunk, if a trunk is configured.) - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: Trunk specifies whether trunking is enabled - at the port level. - type: boolean - valueSpecs: - description: |- - Value specs are extra parameters to include in the API request with OpenStack. - This is an extension point for the API, so what they do and if they are supported, - depends on the specific OpenStack implementation. - items: - description: ValueSpec represents a single value_spec - key-value pair. - properties: - key: - description: Key is the key in the key-value pair. - type: string - name: - description: |- - Name is the name of the key-value pair. - This is just for identifying the pair and will not be sent to the OpenStack API. - type: string - value: - description: Value is the value in the key-value pair. - type: string - required: - - key - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - vnicType: - description: |- - VNICType specifies the type of vNIC which this port should be - attached to. This is used to determine which mechanism driver(s) to - be used to bind the port. The valid values are normal, macvtap, - direct, baremetal, direct-physical, virtio-forwarder, smart-nic and - remote-managed, although these values will not be validated in this - API to ensure compatibility with future neutron changes or custom - implementations. What type of vNIC is actually available depends on - deployments. If not specified, the Neutron default value is used. - type: string - required: - - description - - name - - networkID - type: object - type: array - serverGroupID: - description: ServerGroupID is the ID of the server group the machine - should be added to and is calculated based on ServerGroupFilter. - type: string - type: object - resources: - description: Resources contains references to OpenStack resources - created for the machine. - properties: - ports: - description: Ports is the status of the ports created for the - machine. - items: - properties: - id: - description: ID is the unique identifier of the port. - type: string - required: - - id - type: object - type: array - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-openstackmachinetemplates.infrastructure.cluster.x-k8s.io.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-openstackmachinetemplates.infrastructure.cluster.x-k8s.io.yaml deleted file mode 100644 index 7c0b8921a..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-openstackmachinetemplates.infrastructure.cluster.x-k8s.io.yaml +++ /dev/null @@ -1,848 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - creationTimestamp: null - labels: - cluster.x-k8s.io/v1beta1: v1beta1 - name: openstackmachinetemplates.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - categories: - - cluster-api - kind: OpenStackMachineTemplate - listKind: OpenStackMachineTemplateList - plural: openstackmachinetemplates - shortNames: - - osmt - singular: openstackmachinetemplate - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: OpenStackMachineTemplate is the Schema for the openstackmachinetemplates - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: OpenStackMachineTemplateSpec defines the desired state of - OpenStackMachineTemplate. - properties: - template: - description: OpenStackMachineTemplateResource describes the data needed - to create a OpenStackMachine from a template. - properties: - spec: - description: Spec is the specification of the desired behavior - of the machine. - properties: - additionalBlockDevices: - description: AdditionalBlockDevices is a list of specifications - for additional block devices to attach to the server instance - items: - description: AdditionalBlockDevice is a block device to - attach to the server. - properties: - name: - description: |- - Name of the block device in the context of a machine. - If the block device is a volume, the Cinder volume will be named - as a combination of the machine name and this name. - Also, this name will be used for tagging the block device. - Information about the block device tag can be obtained from the OpenStack - metadata API or the config drive. - Name cannot be 'root', which is reserved for the root volume. - type: string - sizeGiB: - description: SizeGiB is the size of the block device - in gibibytes (GiB). - minimum: 1 - type: integer - storage: - description: |- - Storage specifies the storage type of the block device and - additional storage options. - properties: - type: - description: |- - Type is the type of block device to create. - This can be either "Volume" or "Local". - type: string - volume: - description: Volume contains additional storage - options for a volume block device. - properties: - availabilityZone: - description: |- - AvailabilityZone is the volume availability zone to create the volume - in. If not specified, the volume will be created without an explicit - availability zone. - properties: - from: - default: Name - description: |- - From specifies where we will obtain the availability zone for the - volume. The options are "Name" and "Machine". If "Name" is specified - then the Name field must also be specified. If "Machine" is specified - the volume will use the value of FailureDomain, if any, from the - associated Machine. - enum: - - Name - - Machine - type: string - name: - description: |- - Name is the name of a volume availability zone to use. It is required - if From is "Name". The volume availability zone name may not contain - spaces. - minLength: 1 - pattern: ^[^ ]+$ - type: string - type: object - x-kubernetes-validations: - - message: name is required when from is 'Name' - or default - rule: '!has(self.from) || self.from == ''Name'' - ? has(self.name) : !has(self.name)' - type: - description: |- - Type is the Cinder volume type of the volume. - If omitted, the default Cinder volume type that is configured in the OpenStack cloud - will be used. - type: string - type: object - required: - - type - type: object - required: - - name - - sizeGiB - - storage - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - configDrive: - description: Config Drive support - type: boolean - flavor: - description: The flavor reference for the flavor for your - server instance. - type: string - floatingIPPoolRef: - description: |- - floatingIPPoolRef is a reference to a IPPool that will be assigned - to an IPAddressClaim. Once the IPAddressClaim is fulfilled, the FloatingIP - will be assigned to the OpenStackMachine. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - identityRef: - description: |- - IdentityRef is a reference to a secret holding OpenStack credentials - to be used when reconciling this machine. If not specified, the - credentials specified in the cluster will be used. - properties: - cloudName: - description: CloudName specifies the name of the entry - in the clouds.yaml file to use. - type: string - name: - description: |- - Name is the name of a secret in the same namespace as the resource being provisioned. - The secret must contain a key named `clouds.yaml` which contains an OpenStack clouds.yaml file. - The secret may optionally contain a key named `cacert` containing a PEM-encoded CA certificate. - type: string - required: - - cloudName - - name - type: object - image: - description: |- - The image to use for your server instance. - If the rootVolume is specified, this will be used when creating the root volume. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: |- - Filter describes a query for an image. If specified, the combination - of name and tags must return a single matching image or an error will - be raised. - minProperties: 1 - properties: - name: - description: The name of the desired image. If specified, - the combination of name and tags must return a single - matching image or an error will be raised. - type: string - tags: - description: The tags associated with the desired - image. If specified, the combination of name and - tags must return a single matching image or an error - will be raised. - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the image. ID will not - be validated before use. - format: uuid - type: string - type: object - ports: - description: |- - Ports to be attached to the server instance. They are created if a port with the given name does not already exist. - If not specified a default port will be added for the default cluster network. - items: - properties: - adminStateUp: - description: AdminStateUp specifies whether the port - should be created in the up (true) or down (false) - state. The default is up. - type: boolean - allowedAddressPairs: - description: |- - AllowedAddressPairs is a list of address pairs which Neutron will - allow the port to send traffic from in addition to the port's - addresses. If not specified, the MAC Address will be the MAC Address - of the port. Depending on the configuration of Neutron, it may be - supported to specify a CIDR instead of a specific IP address. - items: - properties: - ipAddress: - description: |- - IPAddress is the IP address of the allowed address pair. Depending on - the configuration of Neutron, it may be supported to specify a CIDR - instead of a specific IP address. - type: string - macAddress: - description: |- - MACAddress is the MAC address of the allowed address pair. If not - specified, the MAC address will be the MAC address of the port. - type: string - required: - - ipAddress - type: object - type: array - description: - description: Description is a human-readable description - for the port. - type: string - disablePortSecurity: - description: |- - DisablePortSecurity enables or disables the port security when set. - When not set, it takes the value of the corresponding field at the network level. - type: boolean - fixedIPs: - description: FixedIPs is a list of pairs of subnet and/or - IP address to assign to the port. If specified, these - must be subnets of the port's network. - items: - properties: - ipAddress: - description: |- - IPAddress is a specific IP address to assign to the port. If Subnet - is also specified, IPAddress must be a valid IP address in the - subnet. If Subnet is not specified, IPAddress must be a valid IP - address in any subnet of the port's network. - type: string - subnet: - description: |- - Subnet is an openstack subnet query that will return the id of a subnet to create - the fixed IP of a port in. This query must not return more than one subnet. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to - select the subnet. It must match exactly - one subnet. - minProperties: 1 - properties: - cidr: - type: string - description: - type: string - gatewayIP: - type: string - ipVersion: - type: integer - ipv6AddressMode: - type: string - ipv6RAMode: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the uuid of the subnet. - It will not be validated. - format: uuid - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - hostID: - description: HostID specifies the ID of the host where - the port resides. - type: string - macAddress: - description: MACAddress specifies the MAC address of - the port. If not specified, the MAC address will be - generated. - type: string - nameSuffix: - description: NameSuffix will be appended to the name - of the port if specified. If unspecified, instead - the 0-based index of the port in the list is used. - type: string - network: - description: |- - Network is a query for an openstack network that the port will be created or discovered on. - This will fail if the query returns more than one network. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a filter to select - an OpenStack network. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the network to use. - If ID is provided, the other filters cannot be - provided. Must be in UUID format. - format: uuid - type: string - type: object - profile: - description: |- - Profile is a set of key-value pairs that are used for binding - details. We intentionally don't expose this as a map[string]string - because we only want to enable the users to set the values of the - keys that are known to work in OpenStack Networking API. See - https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-port-detail#create-port - To set profiles, your tenant needs permissions rule:create_port, and - rule:create_port:binding:profile - properties: - ovsHWOffload: - description: OVSHWOffload enables or disables the - OVS hardware offload feature. - type: boolean - trustedVF: - description: TrustedVF enables or disables the “trusted - mode” for the VF. - type: boolean - type: object - propagateUplinkStatus: - description: PropageteUplinkStatus enables or disables - the propagate uplink status on the port. - type: boolean - securityGroups: - description: SecurityGroups is a list of the names, - uuids, filters or any combination these of the security - groups to assign to the instance. - items: - description: SecurityGroupParam specifies an OpenStack - security group. It may be specified by ID or filter, - but not both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query to select - an OpenStack security group. If provided, cannot - be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the security group - to use. If ID is provided, the other filters - cannot be provided. Must be in UUID format. - format: uuid - type: string - type: object - type: array - x-kubernetes-list-type: atomic - tags: - description: |- - Tags applied to the port (and corresponding trunk, if a trunk is configured.) - These tags are applied in addition to the instance's tags, which will also be applied to the port. - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: |- - Trunk specifies whether trunking is enabled at the port level. If not - provided the value is inherited from the machine, or false for a - bastion host. - type: boolean - valueSpecs: - description: |- - Value specs are extra parameters to include in the API request with OpenStack. - This is an extension point for the API, so what they do and if they are supported, - depends on the specific OpenStack implementation. - items: - description: ValueSpec represents a single value_spec - key-value pair. - properties: - key: - description: Key is the key in the key-value pair. - type: string - name: - description: |- - Name is the name of the key-value pair. - This is just for identifying the pair and will not be sent to the OpenStack API. - type: string - value: - description: Value is the value in the key-value - pair. - type: string - required: - - key - - name - - value - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - vnicType: - description: |- - VNICType specifies the type of vNIC which this port should be - attached to. This is used to determine which mechanism driver(s) to - be used to bind the port. The valid values are normal, macvtap, - direct, baremetal, direct-physical, virtio-forwarder, smart-nic and - remote-managed, although these values will not be validated in this - API to ensure compatibility with future neutron changes or custom - implementations. What type of vNIC is actually available depends on - deployments. If not specified, the Neutron default value is used. - type: string - type: object - type: array - providerID: - description: ProviderID is the unique identifier as specified - by the cloud provider. - type: string - rootVolume: - description: The volume metadata to boot from - properties: - availabilityZone: - description: |- - AvailabilityZone is the volume availability zone to create the volume - in. If not specified, the volume will be created without an explicit - availability zone. - properties: - from: - default: Name - description: |- - From specifies where we will obtain the availability zone for the - volume. The options are "Name" and "Machine". If "Name" is specified - then the Name field must also be specified. If "Machine" is specified - the volume will use the value of FailureDomain, if any, from the - associated Machine. - enum: - - Name - - Machine - type: string - name: - description: |- - Name is the name of a volume availability zone to use. It is required - if From is "Name". The volume availability zone name may not contain - spaces. - minLength: 1 - pattern: ^[^ ]+$ - type: string - type: object - x-kubernetes-validations: - - message: name is required when from is 'Name' or default - rule: '!has(self.from) || self.from == ''Name'' ? has(self.name) - : !has(self.name)' - sizeGiB: - description: SizeGiB is the size of the block device in - gibibytes (GiB). - minimum: 1 - type: integer - type: - description: |- - Type is the Cinder volume type of the volume. - If omitted, the default Cinder volume type that is configured in the OpenStack cloud - will be used. - type: string - required: - - sizeGiB - type: object - securityGroups: - description: The names of the security groups to assign to - the instance - items: - description: SecurityGroupParam specifies an OpenStack security - group. It may be specified by ID or filter, but not both. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query to select an OpenStack - security group. If provided, cannot be empty. - minProperties: 1 - properties: - description: - type: string - name: - type: string - notTags: - description: |- - NotTags is a list of tags to filter by. If specified, resources which - contain all of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - notTagsAny: - description: |- - NotTagsAny is a list of tags to filter by. If specified, resources - which contain any of the given tags will be excluded from the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - projectID: - type: string - tags: - description: |- - Tags is a list of tags to filter by. If specified, the resource must - have all of the tags specified to be included in the result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - tagsAny: - description: |- - TagsAny is a list of tags to filter by. If specified, the resource - must have at least one of the tags specified to be included in the - result. - items: - description: |- - NeutronTag represents a tag on a Neutron resource. - It may not be empty and may not contain commas. - minLength: 1 - pattern: ^[^,]+$ - type: string - type: array - x-kubernetes-list-type: set - type: object - id: - description: ID is the ID of the security group to use. - If ID is provided, the other filters cannot be provided. - Must be in UUID format. - format: uuid - type: string - type: object - type: array - serverGroup: - description: The server group to assign the machine to. - maxProperties: 1 - minProperties: 1 - properties: - filter: - description: Filter specifies a query to select an OpenStack - server group. If provided, it cannot be empty. - minProperties: 1 - properties: - name: - description: Name is the name of a server group to - look for. - type: string - type: object - id: - description: ID is the ID of the server group to use. - format: uuid - type: string - type: object - serverMetadata: - description: Metadata mapping. Allows you to create a map - of key value pairs to add to the server instance. - items: - properties: - key: - description: Key is the server metadata key - maxLength: 255 - type: string - value: - description: Value is the server metadata value - maxLength: 255 - type: string - required: - - key - - value - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - sshKeyName: - description: The ssh key to inject in the instance - type: string - tags: - description: |- - Tags which will be added to the machine and all dependent resources - which support them. These are in addition to Tags defined on the - cluster. - Requires Nova api 2.52 minimum! - items: - type: string - type: array - x-kubernetes-list-type: set - trunk: - description: Whether the server instance is created on a trunk - port or not. - type: boolean - required: - - flavor - - image - type: object - required: - - spec - type: object - required: - - template - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: null - storedVersions: null diff --git a/hypershiftoperator/deploy/crds/customresourcedefinition-routes-default.crd.yaml b/hypershiftoperator/deploy/crds/customresourcedefinition-routes-default.crd.yaml deleted file mode 100644 index 615e64e46..000000000 --- a/hypershiftoperator/deploy/crds/customresourcedefinition-routes-default.crd.yaml +++ /dev/null @@ -1,674 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1228 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - release.openshift.io/feature-set: Default - name: routes.route.openshift.io -spec: - group: route.openshift.io - names: - kind: Route - listKind: RouteList - plural: routes - singular: route - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.ingress[0].host - name: Host - type: string - - jsonPath: .status.ingress[0].conditions[?(@.type=="Admitted")].status - name: Admitted - type: string - - jsonPath: .spec.to.name - name: Service - type: string - - jsonPath: .spec.tls.type - name: TLS - type: string - name: v1 - schema: - openAPIV3Schema: - description: "A route allows developers to expose services through an HTTP(S) - aware load balancing and proxy layer via a public DNS entry. The route may - further specify TLS options and a certificate, or specify a public CNAME - that the router should also accept for HTTP and HTTPS traffic. An administrator - typically configures their router to be visible outside the cluster firewall, - and may also add additional security, caching, or traffic controls on the - service content. Routers usually talk directly to the service endpoints. - \n Once a route is created, the `host` field may not be changed. Generally, - routers use the oldest route with a given host when resolving conflicts. - \n Routers are subject to additional customization and may support additional - controls via the annotations field. \n Because administrators may configure - multiple routers, the route status field is used to return information to - clients about the names and states of the route under each router. If a - client chooses a duplicate name, for instance, the route status conditions - are used to indicate the route cannot be chosen. \n To enable HTTP/2 ALPN - on a route it requires a custom (non-wildcard) certificate. This prevents - connection coalescing by clients, notably web browsers. We do not support - HTTP/2 ALPN on routes that use the default certificate because of the risk - of connection re-use/coalescing. Routes that do not have their own custom - certificate will not be HTTP/2 ALPN-enabled on either the frontend or the - backend. \n Compatibility level 1: Stable within a major release for a minimum - of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - allOf: - - anyOf: - - properties: - path: - maxLength: 0 - - properties: - tls: - enum: - - null - - not: - properties: - tls: - properties: - termination: - enum: - - passthrough - - anyOf: - - not: - properties: - host: - maxLength: 0 - - not: - properties: - wildcardPolicy: - enum: - - Subdomain - description: spec is the desired state of the route - properties: - alternateBackends: - description: alternateBackends allows up to 3 additional backends - to be assigned to the route. Only the Service kind is allowed, and - it will be defaulted to Service. Use the weight field in RouteTargetReference - object to specify relative preference. - items: - description: RouteTargetReference specifies the target that resolve - into endpoints. Only the 'Service' kind is allowed. Use 'weight' - field to emphasize one over others. - properties: - kind: - default: Service - description: The kind of target that the route is referring - to. Currently, only 'Service' is allowed - enum: - - Service - - "" - type: string - name: - description: name of the service/target that is being referred - to. e.g. name of the service - minLength: 1 - type: string - weight: - default: 100 - description: weight as an integer between 0 and 256, default - 100, that specifies the target's relative weight against other - target reference objects. 0 suppresses requests to this backend. - format: int32 - maximum: 256 - minimum: 0 - type: integer - required: - - kind - - name - type: object - maxItems: 3 - type: array - x-kubernetes-list-map-keys: - - name - - kind - x-kubernetes-list-type: map - host: - description: host is an alias/DNS that points to the service. Optional. - If not specified a route name will typically be automatically chosen. - Must follow DNS952 subdomain conventions. - maxLength: 253 - pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ - type: string - httpHeaders: - description: httpHeaders defines policy for HTTP headers. - properties: - actions: - description: 'actions specifies options for modifying headers - and their values. Note that this option only applies to cleartext - HTTP connections and to secure HTTP connections for which the - ingress controller terminates encryption (that is, edge-terminated - or reencrypt connections). Headers cannot be modified for TLS - passthrough connections. Setting the HSTS (`Strict-Transport-Security`) - header is not supported via actions. `Strict-Transport-Security` - may only be configured using the "haproxy.router.openshift.io/hsts_header" - route annotation, and only in accordance with the policy specified - in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request - headers, the actions specified in spec.httpHeaders.actions on - the Route will be executed after the actions specified in the - IngressController''s spec.httpHeaders.actions field. In case - of HTTP response headers, the actions specified in spec.httpHeaders.actions - on the IngressController will be executed after the actions - specified in the Route''s spec.httpHeaders.actions field. The - headers set via this API will not appear in access logs. Any - actions defined here are applied after any actions related to - the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, - spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. - The following header names are reserved and may not be modified - via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. - Note that the total size of all net added headers *after* interpolating - dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. Please refer to the documentation - for that API field for more details.' - properties: - request: - description: 'request is a list of HTTP request headers to - modify. Currently, actions may define to either `Set` or - `Delete` headers values. Actions defined here will modify - the request headers of all requests made through a route. - These actions are applied to a specific Route defined within - a cluster i.e. connections made through a route. Currently, - actions may define to either `Set` or `Delete` headers values. - Route actions will be executed after IngressController actions - for request headers. Actions are applied in sequence as - defined in this list. A maximum of 20 request header actions - may be configured. You can use this field to specify HTTP - request headers that should be set or deleted when forwarding - connections from the client to your application. Sample - fetchers allowed are "req.hdr" and "ssl_c_der". Converters - allowed are "lower" and "base64". Example header values: - "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". - Any request header configuration applied directly via a - Route resource using this API will override header configuration - for a header of the same name applied via spec.httpHeaders.actions - on the IngressController or route annotation. Note: This - field cannot be used if your route uses TLS passthrough.' - items: - description: RouteHTTPHeader specifies configuration for - setting or deleting an HTTP header. - properties: - action: - description: action specifies actions to perform on - headers, such as setting or deleting headers. - properties: - set: - description: 'set defines the HTTP header that should - be set: added if it doesn''t exist or replaced - if it does. This field is required when type is - Set and forbidden otherwise.' - properties: - value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. - maxLength: 16384 - minLength: 1 - type: string - required: - - value - type: object - type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. - enum: - - Set - - Delete - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: set is required when type is Set, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) - : !has(self.set)' - name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Cookie, Set-Cookie. It must be no more than - 255 characters in length. Header name must be unique.' - maxLength: 255 - minLength: 1 - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - x-kubernetes-validations: - - message: strict-transport-security header may not - be modified via header actions - rule: self.lowerAscii() != 'strict-transport-security' - - message: proxy header may not be modified via header - actions - rule: self.lowerAscii() != 'proxy' - - message: cookie header may not be modified via header - actions - rule: self.lowerAscii() != 'cookie' - - message: set-cookie header may not be modified via - header actions - rule: self.lowerAscii() != 'set-cookie' - required: - - action - - name - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: Either the header value provided is not in correct - format or the sample fetcher/converter specified is not - allowed. The dynamic header value will be interpreted - as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise must be - a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - Sample fetchers allowed are req.hdr, ssl_c_der. Converters - allowed are lower, base64. - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) - && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) - response: - description: 'response is a list of HTTP response headers - to modify. Currently, actions may define to either `Set` - or `Delete` headers values. Actions defined here will modify - the response headers of all requests made through a route. - These actions are applied to a specific Route defined within - a cluster i.e. connections made through a route. Route actions - will be executed before IngressController actions for response - headers. Actions are applied in sequence as defined in this - list. A maximum of 20 response header actions may be configured. - You can use this field to specify HTTP response headers - that should be set or deleted when forwarding responses - from your application to the client. Sample fetchers allowed - are "res.hdr" and "ssl_c_der". Converters allowed are "lower" - and "base64". Example header values: "%[res.hdr(X-target),lower]", - "%{+Q}[ssl_c_der,base64]". Note: This field cannot be used - if your route uses TLS passthrough.' - items: - description: RouteHTTPHeader specifies configuration for - setting or deleting an HTTP header. - properties: - action: - description: action specifies actions to perform on - headers, such as setting or deleting headers. - properties: - set: - description: 'set defines the HTTP header that should - be set: added if it doesn''t exist or replaced - if it does. This field is required when type is - Set and forbidden otherwise.' - properties: - value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. - maxLength: 16384 - minLength: 1 - type: string - required: - - value - type: object - type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. - enum: - - Set - - Delete - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: set is required when type is Set, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) - : !has(self.set)' - name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Cookie, Set-Cookie. It must be no more than - 255 characters in length. Header name must be unique.' - maxLength: 255 - minLength: 1 - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - x-kubernetes-validations: - - message: strict-transport-security header may not - be modified via header actions - rule: self.lowerAscii() != 'strict-transport-security' - - message: proxy header may not be modified via header - actions - rule: self.lowerAscii() != 'proxy' - - message: cookie header may not be modified via header - actions - rule: self.lowerAscii() != 'cookie' - - message: set-cookie header may not be modified via - header actions - rule: self.lowerAscii() != 'set-cookie' - required: - - action - - name - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: Either the header value provided is not in correct - format or the sample fetcher/converter specified is not - allowed. The dynamic header value will be interpreted - as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise must be - a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - Sample fetchers allowed are res.hdr, ssl_c_der. Converters - allowed are lower, base64. - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) - && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) - type: object - type: object - path: - description: path that the router watches for, to route traffic for - to the service. Optional - pattern: ^/ - type: string - port: - description: If specified, the port to be used by the router. Most - routers will use all endpoints exposed by the service by default - - set this value to instruct routers which port to use. - properties: - targetPort: - allOf: - - not: - enum: - - 0 - - not: - enum: - - "" - anyOf: null - description: The target port on pods selected by the service this - route points to. If this is a string, it will be looked up as - a named port in the target endpoints port list. Required - x-kubernetes-int-or-string: true - required: - - targetPort - type: object - subdomain: - description: "subdomain is a DNS subdomain that is requested within - the ingress controller's domain (as a subdomain). If host is set - this field is ignored. An ingress controller may choose to ignore - this suggested name, in which case the controller will report the - assigned name in the status.ingress array or refuse to admit the - route. If this value is set and the server does not support this - field host will be populated automatically. Otherwise host is left - empty. The field may have multiple parts separated by a dot, but - not all ingress controllers may honor the request. This field may - not be changed after creation except by a user with the update routes/custom-host - permission. \n Example: subdomain `frontend` automatically receives - the router subdomain `apps.mycluster.com` to have a full hostname - `frontend.apps.mycluster.com`." - maxLength: 253 - pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ - type: string - tls: - allOf: - - anyOf: - - properties: - caCertificate: - maxLength: 0 - certificate: - maxLength: 0 - destinationCACertificate: - maxLength: 0 - key: - maxLength: 0 - - not: - properties: - termination: - enum: - - passthrough - - anyOf: - - properties: - destinationCACertificate: - maxLength: 0 - - not: - properties: - termination: - enum: - - edge - description: The tls field provides the ability to configure certificates - and termination for the route. - properties: - caCertificate: - description: caCertificate provides the cert authority certificate - contents - type: string - certificate: - description: certificate provides certificate contents. This should - be a single serving certificate, not a certificate chain. Do - not include a CA certificate. - type: string - destinationCACertificate: - description: destinationCACertificate provides the contents of - the ca certificate of the final destination. When using reencrypt - termination this file should be provided in order to have routers - use it for health checks on the secure connection. If this field - is not specified, the router may provide its own destination - CA and perform hostname validation using the short service name - (service.namespace.svc), which allows infrastructure generated - certificates to automatically verify. - type: string - insecureEdgeTerminationPolicy: - description: "insecureEdgeTerminationPolicy indicates the desired - behavior for insecure connections to a route. While each router - may make its own decisions on which ports to expose, this is - normally port 80. \n If a route does not specify insecureEdgeTerminationPolicy, - then the default behavior is \"None\". \n * Allow - traffic - is sent to the server on the insecure port (edge/reencrypt terminations - only). \n * None - no traffic is allowed on the insecure port - (default). \n * Redirect - clients are redirected to the secure - port." - enum: - - Allow - - None - - Redirect - - "" - type: string - key: - description: key provides key file contents - type: string - termination: - description: "termination indicates termination type. \n * edge - - TLS termination is done by the router and http is used to - communicate with the backend (default) * passthrough - Traffic - is sent straight to the destination without the router providing - TLS termination * reencrypt - TLS termination is done by the - router and https is used to communicate with the backend \n - Note: passthrough termination is incompatible with httpHeader - actions" - enum: - - edge - - reencrypt - - passthrough - type: string - required: - - termination - type: object - x-kubernetes-validations: - - message: 'cannot have both spec.tls.termination: passthrough and - spec.tls.insecureEdgeTerminationPolicy: Allow' - rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) - ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) - : true' - to: - description: to is an object the route should use as the primary backend. - Only the Service kind is allowed, and it will be defaulted to Service. - If the weight field (0-256 default 100) is set to zero, no traffic - will be sent to this backend. - properties: - kind: - default: Service - description: The kind of target that the route is referring to. - Currently, only 'Service' is allowed - enum: - - Service - - "" - type: string - name: - description: name of the service/target that is being referred - to. e.g. name of the service - minLength: 1 - type: string - weight: - default: 100 - description: weight as an integer between 0 and 256, default 100, - that specifies the target's relative weight against other target - reference objects. 0 suppresses requests to this backend. - format: int32 - maximum: 256 - minimum: 0 - type: integer - required: - - kind - - name - type: object - wildcardPolicy: - default: None - description: Wildcard policy if any for the route. Currently only - 'Subdomain' or 'None' is allowed. - enum: - - None - - Subdomain - - "" - type: string - required: - - to - type: object - x-kubernetes-validations: - - message: header actions are not permitted when tls termination is passthrough. - rule: '!has(self.tls) || self.tls.termination != ''passthrough'' || - !has(self.httpHeaders)' - status: - description: status is the current state of the route - properties: - ingress: - description: ingress describes the places where the route may be exposed. - The list of ingress points may contain duplicate Host or RouterName - values. Routes are considered live once they are `Ready` - items: - description: RouteIngress holds information about the places where - a route is exposed. - properties: - conditions: - description: Conditions is the state of the route, may be empty. - items: - description: RouteIngressCondition contains details for the - current condition of this route on a particular router. - properties: - lastTransitionTime: - description: RFC 3339 date and time when this condition - last transitioned - format: date-time - type: string - message: - description: Human readable message indicating details - about last transition. - type: string - reason: - description: (brief) reason for the condition's last transition, - and is usually a machine and human readable constant - type: string - status: - description: Status is the status of the condition. Can - be True, False, Unknown. - type: string - type: - description: Type is the type of the condition. Currently - only Admitted or UnservableInFutureVersions. - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - host: - description: Host is the host string under which the route is - exposed; this value is required - type: string - routerCanonicalHostname: - description: CanonicalHostname is the external host name for - the router that can be used as a CNAME for the host requested - for this route. This value is optional and may not be set - in all cases. - type: string - routerName: - description: Name is a name chosen by the router to identify - itself; this value is required - type: string - wildcardPolicy: - description: Wildcard policy is the wildcard policy that was - allowed where this route is exposed. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/hypershiftoperator/deploy/crds/kustomization.yml b/hypershiftoperator/deploy/crds/kustomization.yml deleted file mode 100644 index a1d45f367..000000000 --- a/hypershiftoperator/deploy/crds/kustomization.yml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - customresourcedefinition-hostedclusters.hypershift.openshift.io.yaml - - customresourcedefinition-routes-default.crd.yaml - - customresourcedefinition-machinepools.cluster.x-k8s.io.yaml - - customresourcedefinition-openstackmachinetemplates.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-ibmpowervsmachines.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-azuremanagedmachinepools.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-agentmachines.capi-provider.agent-install.openshift.io.yaml - - customresourcedefinition-awsmachinetemplates.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-awsclusterstaticidentities.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-azuremachines.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-openstackfloatingippools.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-awsmachines.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-certificaterevocationrequests.certificates.hypershift.openshift.io.yaml - - customresourcedefinition-clusters.cluster.x-k8s.io.yaml - - customresourcedefinition-machines.cluster.x-k8s.io.yaml - - customresourcedefinition-ibmvpcclustertemplates.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-clustersizingconfigurations.scheduling.hypershift.openshift.io.yaml - - customresourcedefinition-ibmpowervsclusters.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-monitoring.coreos.com_servicemonitors.yaml - - customresourcedefinition-clusterresourcesetbindings.addons.cluster.x-k8s.io.yaml - - customresourcedefinition-azureclusters.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-ipaddressclaims.ipam.cluster.x-k8s.io.yaml - - customresourcedefinition-azuremachinetemplates.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-kubevirtmachinetemplates.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-machinesets.cluster.x-k8s.io.yaml - - customresourcedefinition-awsclusters.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-machinedeployments.cluster.x-k8s.io.yaml - - customresourcedefinition-ibmpowervsmachinetemplates.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-kubevirtmachines.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-ibmvpcclusters.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-openstackclusters.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-ibmpowervsimages.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-agentclusters.capi-provider.agent-install.openshift.io.yaml - - customresourcedefinition-azureclusteridentities.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-nodepools.hypershift.openshift.io.yaml - - customresourcedefinition-agentmachinetemplates.capi-provider.agent-install.openshift.io.yaml - - customresourcedefinition-ibmpowervsclustertemplates.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-machinehealthchecks.cluster.x-k8s.io.yaml - - customresourcedefinition-monitoring.coreos.com_podmonitors.yaml - - customresourcedefinition-clusterresourcesets.addons.cluster.x-k8s.io.yaml - - customresourcedefinition-ipaddresses.ipam.cluster.x-k8s.io.yaml - - customresourcedefinition-awsendpointservices.hypershift.openshift.io.yaml - - customresourcedefinition-azureclustertemplates.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-awsclusterroleidentities.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-certificatesigningrequestapprovals.certificates.hypershift.openshift.io.yaml - - customresourcedefinition-kubevirtclustertemplates.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-openstackmachines.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-kubevirtclusters.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-monitoring.coreos.com_prometheusrules.yaml - - customresourcedefinition-awsclustertemplates.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-ibmvpcmachines.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-awsclustercontrolleridentities.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-openstackclustertemplates.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-ibmvpcmachinetemplates.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-hostedcontrolplanes.hypershift.openshift.io.yaml - - customresourcedefinition-awsmachinepools.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-azuremanagedclusters.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-clusterclasses.cluster.x-k8s.io.yaml - - customresourcedefinition-azuremanagedclustertemplates.infrastructure.cluster.x-k8s.io.yaml - - customresourcedefinition-certificatesigningrequestapprovals.hypershift.openshift.io.yaml diff --git a/hypershiftoperator/deploy/helm/Chart.yaml b/hypershiftoperator/deploy/helm/Chart.yaml new file mode 100644 index 000000000..e374f0101 --- /dev/null +++ b/hypershiftoperator/deploy/helm/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +description: A Helm chart to install the Hypershift Operator and deps for ARO +name: aor-hcp-hypershift-operator +type: application +version: 0.1.0 + +dependencies: +- name: "external-dns" + version: "0.14.2" diff --git a/hypershiftoperator/deploy/helm/charts/external-dns/Chart.yaml b/hypershiftoperator/deploy/helm/charts/external-dns/Chart.yaml new file mode 100644 index 000000000..47486a6c5 --- /dev/null +++ b/hypershiftoperator/deploy/helm/charts/external-dns/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +description: A Helm chart for External DNS +name: external-dns +type: application +version: 0.14.2 diff --git a/hypershiftoperator/deploy/base/clusterrole-external-dns.yaml b/hypershiftoperator/deploy/helm/charts/external-dns/templates/clusterrole-external-dns.yaml similarity index 93% rename from hypershiftoperator/deploy/base/clusterrole-external-dns.yaml rename to hypershiftoperator/deploy/helm/charts/external-dns/templates/clusterrole-external-dns.yaml index 89747fe0b..f4d30e382 100644 --- a/hypershiftoperator/deploy/base/clusterrole-external-dns.yaml +++ b/hypershiftoperator/deploy/helm/charts/external-dns/templates/clusterrole-external-dns.yaml @@ -1,25 +1,25 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: external-dns -rules: -- apiGroups: - - route.openshift.io - resources: - - '*' - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - endpoints - - services - - nodes - - pods - verbs: - - get - - list +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: external-dns +rules: +- apiGroups: + - route.openshift.io + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - endpoints + - services + - nodes + - pods + verbs: + - get + - list - watch diff --git a/hypershiftoperator/deploy/base/clusterrolebinding-external-dns.yaml b/hypershiftoperator/deploy/helm/charts/external-dns/templates/clusterrolebinding-external-dns.yaml similarity index 96% rename from hypershiftoperator/deploy/base/clusterrolebinding-external-dns.yaml rename to hypershiftoperator/deploy/helm/charts/external-dns/templates/clusterrolebinding-external-dns.yaml index 9b736ccb3..f2cee3164 100644 --- a/hypershiftoperator/deploy/base/clusterrolebinding-external-dns.yaml +++ b/hypershiftoperator/deploy/helm/charts/external-dns/templates/clusterrolebinding-external-dns.yaml @@ -1,13 +1,13 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - creationTimestamp: null - name: external-dns -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: external-dns -subjects: -- kind: ServiceAccount - name: external-dns +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + name: external-dns +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: external-dns +subjects: +- kind: ServiceAccount + name: external-dns namespace: hypershift diff --git a/hypershiftoperator/deploy/base/deployment-external-dns.yaml b/hypershiftoperator/deploy/helm/charts/external-dns/templates/deployment-external-dns.yaml similarity index 83% rename from hypershiftoperator/deploy/base/deployment-external-dns.yaml rename to hypershiftoperator/deploy/helm/charts/external-dns/templates/deployment-external-dns.yaml index fad296525..aafb78b85 100644 --- a/hypershiftoperator/deploy/base/deployment-external-dns.yaml +++ b/hypershiftoperator/deploy/helm/charts/external-dns/templates/deployment-external-dns.yaml @@ -1,70 +1,69 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - name: external-dns - namespace: hypershift -spec: - replicas: 1 - selector: - matchLabels: - name: external-dns - strategy: {} - template: - metadata: - creationTimestamp: null - labels: - app: external-dns - hypershift.openshift.io/operator-component: external-dns - name: external-dns - spec: - containers: - - args: - - --source=service - - --source=openshift-route - - --domain-filter=$(DOMAIN) - - --provider=azure - - --registry=txt - - --txt-suffix=-external-dns - - --txt-owner-id=$(TXT_OWNER_ID) - - --label-filter=hypershift.openshift.io/route-visibility!=private - - --interval=1m - - --txt-cache-interval=1h - - --azure-config-file=/etc/provider/credentials - command: - - /external-dns - image: arohcpdev.azurecr.io/external-dns/external-dns:v0.14.2 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 7979 - scheme: HTTP - initialDelaySeconds: 60 - periodSeconds: 60 - successThreshold: 1 - timeoutSeconds: 5 - name: external-dns - ports: - - containerPort: 7979 - name: metrics - resources: - requests: - cpu: 5m - memory: 20Mi - securityContext: - privileged: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /etc/provider - name: credentials - imagePullSecrets: - - name: pull-secret - priorityClassName: hypershift-operator - serviceAccountName: external-dns - volumes: - - name: credentials - secret: - secretName: external-dns-azure +apiVersion: apps/v1 +kind: Deployment +metadata: + creationTimestamp: null + name: external-dns + namespace: '{{ .Release.Namespace }}' +spec: + replicas: 1 + selector: + matchLabels: + name: external-dns + strategy: {} + template: + metadata: + creationTimestamp: null + labels: + app: external-dns + hypershift.openshift.io/operator-component: external-dns + name: external-dns + azure.workload.identity/use: "true" + spec: + containers: + - args: + - --source=service + - --source=openshift-route + - --domain-filter={{ .Values.domain }} + - --provider=azure + - --registry=txt + - --txt-suffix=-external-dns + - --txt-owner-id={{ .Values.txtOwnerId }} + - --label-filter=hypershift.openshift.io/route-visibility!=private + - --interval=1m + - --txt-cache-interval=1h + - --azure-config-file=/etc/provider/credentials + command: + - /ko-app/external-dns + image: "{{ .Values.image }}:{{ .Values.imagetag }}" + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 7979 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 60 + successThreshold: 1 + timeoutSeconds: 5 + name: external-dns + ports: + - containerPort: 7979 + name: metrics + resources: + requests: + cpu: 5m + memory: 20Mi + securityContext: + privileged: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /etc/provider + name: credentials + priorityClassName: hypershift-operator + serviceAccountName: external-dns + volumes: + - name: credentials + secret: + secretName: external-dns-azure status: {} diff --git a/hypershiftoperator/deploy/base/podmonitor-external-dns.yaml b/hypershiftoperator/deploy/helm/charts/external-dns/templates/podmonitor-external-dns.yaml similarity index 88% rename from hypershiftoperator/deploy/base/podmonitor-external-dns.yaml rename to hypershiftoperator/deploy/helm/charts/external-dns/templates/podmonitor-external-dns.yaml index efdfc5bff..a781b2c24 100644 --- a/hypershiftoperator/deploy/base/podmonitor-external-dns.yaml +++ b/hypershiftoperator/deploy/helm/charts/external-dns/templates/podmonitor-external-dns.yaml @@ -1,17 +1,17 @@ -apiVersion: azmonitoring.coreos.com/v1 -kind: PodMonitor -metadata: - creationTimestamp: null - name: external-dns - namespace: hypershift -spec: - jobLabel: component - namespaceSelector: {} - podMetricsEndpoints: - - bearerTokenSecret: - key: "" - interval: 30s - port: metrics - selector: - matchLabels: +apiVersion: azmonitoring.coreos.com/v1 +kind: PodMonitor +metadata: + creationTimestamp: null + name: external-dns + namespace: '{{ .Release.Namespace }}' +spec: + jobLabel: component + namespaceSelector: {} + podMetricsEndpoints: + - bearerTokenSecret: + key: "" + interval: 30s + port: metrics + selector: + matchLabels: name: external-dns diff --git a/hypershiftoperator/deploy/helm/charts/external-dns/templates/secret-external-dns-azure.yaml b/hypershiftoperator/deploy/helm/charts/external-dns/templates/secret-external-dns-azure.yaml new file mode 100644 index 000000000..a31bd3418 --- /dev/null +++ b/hypershiftoperator/deploy/helm/charts/external-dns/templates/secret-external-dns-azure.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Secret +metadata: + name: external-dns-azure + namespace: '{{ .Release.Namespace }}' +type: Opaque +stringData: + credentials: | + { + "tenantId": "{{ .Values.credentials.tenantId }}", + "subscriptionId": "{{ .Values.credentials.subscriptionId }}", + "resourceGroup": "{{ .Values.credentials.resourceGroup }}", + "useWorkloadIdentityExtension": true, + "userAssignedIdentityID": "{{ .Values.credentials.userAssignedIdentityID }}" + } diff --git a/hypershiftoperator/deploy/helm/charts/external-dns/templates/serviceaccount-external-dns.yaml b/hypershiftoperator/deploy/helm/charts/external-dns/templates/serviceaccount-external-dns.yaml new file mode 100644 index 000000000..ea988fa76 --- /dev/null +++ b/hypershiftoperator/deploy/helm/charts/external-dns/templates/serviceaccount-external-dns.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + creationTimestamp: null + name: external-dns + namespace: '{{ .Release.Namespace }}' + annotations: + azure.workload.identity/client-id: '{{ .Values.credentials.userAssignedIdentityID }}' diff --git a/hypershiftoperator/deploy/helm/charts/external-dns/values.yaml b/hypershiftoperator/deploy/helm/charts/external-dns/values.yaml new file mode 100644 index 000000000..7c7800952 --- /dev/null +++ b/hypershiftoperator/deploy/helm/charts/external-dns/values.yaml @@ -0,0 +1,9 @@ +image: "" +imagetag: "" +txtOwnerId: "" +domain: "" +credentials: + tenantId: "" + subscriptionId: "" + resourceGroup: "" + userAssignedIdentityID: "" diff --git a/hypershiftoperator/deploy/helm/templates/installer.clusterrolebinding.yaml b/hypershiftoperator/deploy/helm/templates/installer.clusterrolebinding.yaml new file mode 100644 index 000000000..7db2139f6 --- /dev/null +++ b/hypershiftoperator/deploy/helm/templates/installer.clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + name: hypershift-installer-cluster-role +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: hypershift-installer + namespace: '{{ .Release.Namespace }}' diff --git a/hypershiftoperator/deploy/helm/templates/installer.job.yaml b/hypershiftoperator/deploy/helm/templates/installer.job.yaml new file mode 100644 index 000000000..df9c9107e --- /dev/null +++ b/hypershiftoperator/deploy/helm/templates/installer.job.yaml @@ -0,0 +1,31 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: install-hypershift + namespace: '{{ .Release.Namespace }}' + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + # set deadline to 30min + activeDeadlineSeconds: 1800 + backoffLimit: 1 + template: + spec: + containers: + - name: install + image: "{{ .Values.image }}:{{ .Values.imagetag }}" + command: + - /bin/sh + - -c + - | + hypershift install \ + --enable-conversion-webhook=false \ + --managed-service ARO-HCP \ + --aro-hcp-key-vault-users-client-id {{ .Values.azureKeyVaultClientId }} \ + --registry-overrides "{{ .Values.registryOverrides }}" \ + --hypershift-image {{ .Values.image }}:{{ .Values.imagetag }} \ + {{ .Values.additionalArgs }} + restartPolicy: Never + serviceAccountName: hypershift-installer diff --git a/hypershiftoperator/deploy/helm/templates/installer.serviceaccount.yaml b/hypershiftoperator/deploy/helm/templates/installer.serviceaccount.yaml new file mode 100644 index 000000000..fa00eb972 --- /dev/null +++ b/hypershiftoperator/deploy/helm/templates/installer.serviceaccount.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + creationTimestamp: null + name: hypershift-installer + namespace: '{{ .Release.Namespace }}' diff --git a/hypershiftoperator/deploy/overlays/dev/pull-secret.yaml b/hypershiftoperator/deploy/helm/templates/pull-secret.secret.yaml similarity index 71% rename from hypershiftoperator/deploy/overlays/dev/pull-secret.yaml rename to hypershiftoperator/deploy/helm/templates/pull-secret.secret.yaml index ad60c007c..a79267900 100644 --- a/hypershiftoperator/deploy/overlays/dev/pull-secret.yaml +++ b/hypershiftoperator/deploy/helm/templates/pull-secret.secret.yaml @@ -1,9 +1,8 @@ apiVersion: v1 +data: + .dockerconfigjson: e30K kind: Secret metadata: - creationTimestamp: null name: pull-secret - namespace: hypershift + namespace: '{{ .Release.Namespace }}' type: kubernetes.io/dockerconfigjson -data: - .dockerconfigjson: e30K diff --git a/hypershiftoperator/deploy/helm/values.yaml b/hypershiftoperator/deploy/helm/values.yaml new file mode 100644 index 000000000..0d3eb84fe --- /dev/null +++ b/hypershiftoperator/deploy/helm/values.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +version: 0.1.0 +description: A Helm chart to manage Hypershift Operator and dependencies for ARO HCP +name: aro-hcp-hypershift-operator + +image: "" +imagetag: "" +registryOverrides: "" +azureKeyVaultClientId: "" +additionalArgs: "" + +external-dns: + image: "" + imagetag: "" + txtOwnerId: "" + domain: "" + credentials: + tenantId: "" + subscriptionId: "" + resourceGroup: "" + userAssignedIdentityID: "" diff --git a/hypershiftoperator/deploy/overlays/dev/kustomization.yml b/hypershiftoperator/deploy/overlays/dev/kustomization.yml deleted file mode 100644 index 5a6ceb360..000000000 --- a/hypershiftoperator/deploy/overlays/dev/kustomization.yml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- ../../base -- pull-secret.yaml -patches: -- target: - version: v1 - kind: ServiceAccount - name: external-dns - path: patch-serviceaccount-external-dns.json -- target: - group: apps - version: v1 - kind: Deployment - name: external-dns - path: patch-deployment-external-dns.json -- target: - group: apps - version: v1 - kind: Deployment - name: operator - path: patch-deployment-operator.json -secretGenerator: -- name: external-dns-azure - namespace: hypershift - type: Opaque - files: - - credentials=edo-azure-credentials.json - - domain=domain.txt - - txt_owner_id=txt_owner_id.txt diff --git a/hypershiftoperator/deploy/overlays/dev/patch-deployment-external-dns.json b/hypershiftoperator/deploy/overlays/dev/patch-deployment-external-dns.json deleted file mode 100644 index 83661df6d..000000000 --- a/hypershiftoperator/deploy/overlays/dev/patch-deployment-external-dns.json +++ /dev/null @@ -1,40 +0,0 @@ -[ - { - "op": "add", - "path": "/spec/template/metadata/labels/azure.workload.identity~1use", - "value": "true" - }, - { - "op": "replace", - "path": "/spec/template/spec/containers/0/command/0", - "value": "/ko-app/external-dns" - }, - { - "op": "add", - "path": "/spec/template/spec/containers/0/env", - "value": [ - { - "name": "DOMAIN", - "valueFrom": { - "secretKeyRef": { - "key": "domain", - "name": "external-dns-azure" - } - } - }, - { - "name": "TXT_OWNER_ID", - "valueFrom": { - "secretKeyRef": { - "key": "txt_owner_id", - "name": "external-dns-azure" - } - } - } - ] - }, - { - "op": "remove", - "path": "/spec/template/spec/imagePullSecrets" - } -] diff --git a/hypershiftoperator/deploy/overlays/dev/patch-deployment-operator.json b/hypershiftoperator/deploy/overlays/dev/patch-deployment-operator.json deleted file mode 100644 index ea1536b9e..000000000 --- a/hypershiftoperator/deploy/overlays/dev/patch-deployment-operator.json +++ /dev/null @@ -1,13 +0,0 @@ - -[ - { - "op": "add", - "path": "/spec/template/spec/containers/0/args/-", - "value": "--registry-overrides" - }, - { - "op": "add", - "path": "/spec/template/spec/containers/0/args/-", - "value": "quay.io/openshift-release-dev/ocp-v4.0-art-dev=arohcpdev.azurecr.io/openshift/release,quay.io/openshift-release-dev/ocp-release=arohcpdev.azurecr.io/openshift/release-images,registry.redhat.io/ubi8=arohcpdev.azurecr.io/ubi8,registry.access.redhat.com/ubi8=arohcpdev.azurecr.io/ubi8,registry.redhat.io/redhat=arohcpdev.azurecr.io/redhat" - } -]