From 28e62a8ec3b884d18cbe639bbd8c3d3bdc6daf87 Mon Sep 17 00:00:00 2001 From: David Hurta Date: Thu, 16 Apr 2026 17:15:05 +0200 Subject: [PATCH 1/2] chore(deps): Bump general openshift dependencies The API update is needed for the new TLS adherence API and other efforts. Other general openshift packages are updated as well for periodic maintenance. We might as well update those while we are at it. Generated by: ``` $ go get github.com/openshift/api@master $ go get github.com/openshift/client-go@master $ go get github.com/openshift/library-go@master $ go mod tidy $ go mod vendor $ git add -A go.* vendor ``` using: ``` $ go version go version go1.25.0 linux/amd64 ``` --- go.mod | 6 +- go.sum | 12 +- .../github.com/openshift/api/.coderabbit.yaml | 1 + .../github.com/openshift/api/.golangci.yaml | 6 + vendor/github.com/openshift/api/AGENTS.md | 14 + vendor/github.com/openshift/api/Makefile | 2 +- .../types_compatibilityrequirement.go | 4 +- .../openshift/api/config/v1/types.go | 5 + .../api/config/v1/types_apiserver.go | 63 + .../api/config/v1/types_authentication.go | 64 +- .../api/config/v1/types_cluster_version.go | 26 + .../openshift/api/config/v1/types_dns.go | 9 +- .../api/config/v1/types_infrastructure.go | 9 +- ...1_clusterversions-CustomNoUpgrade.crd.yaml | 17 + ...usterversions-DevPreviewNoUpgrade.crd.yaml | 17 + ...tor_01_apiservers-CustomNoUpgrade.crd.yaml | 39 + ...01_apiservers-DevPreviewNoUpgrade.crd.yaml | 39 + ...1_apiservers-TechPreviewNoUpgrade.crd.yaml | 39 + ...1_authentications-CustomNoUpgrade.crd.yaml | 69 +- ...erator_01_authentications-Default.crd.yaml | 30 +- ...thentications-DevPreviewNoUpgrade.crd.yaml | 69 +- ...g-operator_01_authentications-OKD.crd.yaml | 30 +- ...hentications-TechPreviewNoUpgrade.crd.yaml | 69 +- ...operator_01_dnses-CustomNoUpgrade.crd.yaml | 198 + ..._config-operator_01_dnses-Default.crd.yaml | 198 + ...ator_01_dnses-DevPreviewNoUpgrade.crd.yaml | 198 + ..._10_config-operator_01_dnses-OKD.crd.yaml} | 11 +- ...tor_01_dnses-TechPreviewNoUpgrade.crd.yaml | 198 + ...1_infrastructures-CustomNoUpgrade.crd.yaml | 2 + ...erator_01_infrastructures-Default.crd.yaml | 117 + ...frastructures-DevPreviewNoUpgrade.crd.yaml | 2 + ...g-operator_01_infrastructures-OKD.crd.yaml | 117 + ...rastructures-TechPreviewNoUpgrade.crd.yaml | 2 + .../api/config/v1/zz_generated.deepcopy.go | 1 + ..._generated.featuregated-crd-manifests.yaml | 8 +- .../v1/zz_generated.swagger_doc_generated.go | 20 +- .../openshift/api/config/v1alpha1/register.go | 6 +- .../v1alpha1/types_cluster_image_policy.go | 80 - .../v1alpha1/types_cluster_monitoring.go | 1450 +++++- .../api/config/v1alpha1/types_image_policy.go | 289 -- .../api/config/v1alpha1/types_pki.go | 274 ++ .../config/v1alpha1/zz_generated.deepcopy.go | 1034 +++-- ..._generated.featuregated-crd-manifests.yaml | 61 +- .../zz_generated.swagger_doc_generated.go | 577 ++- .../openshift/api/envtest-releases.yaml | 39 + .../github.com/openshift/api/etcd/install.go | 3 +- .../github.com/openshift/api/etcd/v1/Makefile | 3 + .../github.com/openshift/api/etcd/v1/doc.go | 6 + .../openshift/api/etcd/v1/register.go | 39 + .../api/etcd/v1/types_pacemakercluster.go | 737 ++++ .../api/etcd/v1/zz_generated.deepcopy.go | 210 + ..._generated.featuregated-crd-manifests.yaml | 23 + .../v1/zz_generated.swagger_doc_generated.go | 89 + .../etcd/v1alpha1/types_pacemakercluster.go | 5 +- .../zz_generated.swagger_doc_generated.go | 2 +- vendor/github.com/openshift/api/features.md | 38 +- .../openshift/api/features/features.go | 195 +- .../api/features/legacyfeaturegates.go | 2 - .../operator/v1/types_csi_cluster_driver.go | 10 +- .../api/operator/v1/types_ingress.go | 43 + .../operator/v1/types_machineconfiguration.go | 8 +- .../api/operator/v1/types_network.go | 115 + .../api/operator/v1/zz_generated.deepcopy.go | 34 + ..._generated.featuregated-crd-manifests.yaml | 10 +- .../v1/zz_generated.swagger_doc_generated.go | 26 +- .../api/operator/v1alpha1/types_clusterapi.go | 62 +- ...000_30_cluster-api_01_clusterapis.crd.yaml | 71 + .../v1alpha1/zz_generated.deepcopy.go | 47 +- .../zz_generated.swagger_doc_generated.go | 35 +- .../openshift/api/quota/v1/generated.proto | 2 +- .../openshift/api/quota/v1/types.go | 2 +- ..._generated.featuregated-crd-manifests.yaml | 4 +- .../config/v1/apiserverspec.go | 43 + .../config/v1/awsdnsspec.go | 5 + .../config/v1/infrastructurestatus.go | 2 + .../config/v1/prefixedclaimmapping.go | 11 +- .../config/v1/tokenclaimmapping.go | 23 +- .../applyconfigurations/config/v1/update.go | 21 + .../config/v1/usernameclaimmapping.go | 25 +- .../v1alpha1/additionalalertmanagerconfig.go | 119 + .../v1alpha1/alertmanagercustomconfig.go | 8 +- .../config/v1alpha1/authorizationconfig.go | 44 + .../config/v1alpha1/basicauth.go | 38 + .../config/v1alpha1/certificateconfig.go | 29 + .../config/v1alpha1/clusterimagepolicy.go | 277 -- .../config/v1alpha1/clusterimagepolicyspec.go | 53 - .../v1alpha1/clusterimagepolicystatus.go | 33 - .../config/v1alpha1/clustermonitoringspec.go | 63 + .../config/v1alpha1/containerresource.go | 7 + .../config/v1alpha1/custompkipolicy.go | 51 + .../v1alpha1/defaultcertificateconfig.go | 30 + .../config/v1alpha1/dropequalactionconfig.go | 29 + .../config/v1alpha1/ecdsakeyconfig.go | 40 + .../config/v1alpha1/hashmodactionconfig.go | 40 + ...imagepolicyfulciocawithrekorrootoftrust.go | 52 - .../v1alpha1/imagepolicypkirootoftrust.go | 51 - .../imagepolicypublickeyrootoftrust.go | 42 - .../config/v1alpha1/imagepolicyspec.go | 53 - .../config/v1alpha1/imagepolicystatus.go | 33 - .../imagesigstoreverificationpolicy.go | 36 - .../config/v1alpha1/keepequalactionconfig.go | 29 + .../config/v1alpha1/keyconfig.go | 59 + .../config/v1alpha1/label.go | 39 + .../config/v1alpha1/labelmapactionconfig.go | 30 + .../config/v1alpha1/lowercaseactionconfig.go | 29 + .../config/v1alpha1/metadataconfig.go | 42 + .../config/v1alpha1/metadataconfigcustom.go | 29 + .../config/v1alpha1/metricsserverconfig.go | 2 +- .../config/v1alpha1/oauth2.go | 82 + .../config/v1alpha1/oauth2endpointparam.go | 39 + .../v1alpha1/openshiftstatemetricsconfig.go | 117 + .../v1alpha1/{imagepolicy.go => pki.go} | 111 +- .../v1alpha1/pkicertificatemanagement.go | 65 + .../config/v1alpha1/pkicertificatesubject.go | 39 - .../config/v1alpha1/pkiprofile.go | 68 + .../config/v1alpha1/pkispec.go | 28 + .../config/v1alpha1/policyfulciosubject.go | 38 - .../config/v1alpha1/policyidentity.go | 57 - .../v1alpha1/policymatchexactrepository.go | 29 - .../v1alpha1/policymatchremapidentity.go | 45 - .../config/v1alpha1/policyrootoftrust.go | 65 - .../config/v1alpha1/prometheusconfig.go | 282 ++ ...rometheusoperatoradmissionwebhookconfig.go | 2 +- .../v1alpha1/prometheusoperatorconfig.go | 2 +- .../v1alpha1/prometheusremotewriteheader.go | 40 + .../config/v1alpha1/queueconfig.go | 129 + .../config/v1alpha1/relabelactionconfig.go | 135 + .../config/v1alpha1/relabelconfig.go | 89 + .../v1alpha1/remotewriteauthorization.go | 100 + .../config/v1alpha1/remotewritespec.go | 175 + .../config/v1alpha1/replaceactionconfig.go | 41 + .../config/v1alpha1/retention.go | 46 + .../config/v1alpha1/rsakeyconfig.go | 27 + .../config/v1alpha1/secretkeyselector.go | 40 + .../config/v1alpha1/sigv4.go | 78 + .../config/v1alpha1/telemeterclientconfig.go | 118 + .../config/v1alpha1/thanosquerierconfig.go | 117 + .../config/v1alpha1/tlsconfig.go | 81 + .../config/v1alpha1/uppercaseactionconfig.go | 29 + .../applyconfigurations/internal/internal.go | 2575 ++++++----- .../config/applyconfigurations/utils.go | 110 +- .../config/v1alpha1/clusterimagepolicy.go | 58 - .../typed/config/v1alpha1/config_client.go | 15 +- .../v1alpha1/fake/fake_clusterimagepolicy.go | 37 - .../v1alpha1/fake/fake_config_client.go | 12 +- .../config/v1alpha1/fake/fake_imagepolicy.go | 37 - .../typed/config/v1alpha1/fake/fake_pki.go | 33 + .../config/v1alpha1/generated_expansion.go | 6 +- .../typed/config/v1alpha1/imagepolicy.go | 58 - .../versioned/typed/config/v1alpha1/pki.go | 54 + .../config/v1alpha1/clusterimagepolicy.go | 85 - .../config/v1alpha1/interface.go | 21 +- .../v1alpha1/{imagepolicy.go => pki.go} | 43 +- .../informers/externalversions/generic.go | 6 +- .../config/v1alpha1/clusterimagepolicy.go | 32 - .../config/v1alpha1/expansion_generated.go | 16 +- .../listers/config/v1alpha1/imagepolicy.go | 54 - .../config/listers/config/v1alpha1/pki.go | 32 + .../applyconfigurations/internal/internal.go | 350 +- .../applyconfigurations/internal/internal.go | 3872 +++++++++-------- .../operator/v1/awscsidriverconfigspec.go | 6 + .../operator/v1/bgpmanagedconfig.go | 46 + .../v1/ingresscontrollertuningoptions.go | 35 + .../operator/v1/nooverlayconfig.go | 50 + .../operator/v1/ovnkubernetesconfig.go | 45 + .../v1alpha1/clusterapiinstallercomponent.go | 25 +- .../clusterapiinstallercomponentsource.go | 43 + .../v1alpha1/clusterapiinstallerrevision.go | 18 + ...piinstallerrevisionmanifestsubstitution.go | 43 + .../operator/v1alpha1/clusterapistatus.go | 11 + .../operator/applyconfigurations/utils.go | 8 + .../applyconfigurations/internal/internal.go | 290 +- .../library-go/pkg/crypto/cert_config.go | 225 + .../openshift/library-go/pkg/crypto/keygen.go | 118 + .../library-go/pkg/crypto/options.go | 49 + .../library-go/pkg/crypto/tls_adherence.go | 23 + .../client_cert_rotation_controller.go | 6 +- .../pkg/operator/certrotation/signer.go | 80 +- .../pkg/operator/certrotation/target.go | 164 +- .../pkg/operator/v1helpers/helpers.go | 11 + .../openshift/library-go/pkg/pki/profile.go | 114 + .../openshift/library-go/pkg/pki/provider.go | 75 + .../openshift/library-go/pkg/pki/resolve.go | 77 + .../openshift/library-go/pkg/pki/types.go | 23 + vendor/modules.txt | 8 +- 185 files changed, 14381 insertions(+), 5891 deletions(-) create mode 100644 vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-CustomNoUpgrade.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-Default.crd.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-DevPreviewNoUpgrade.crd.yaml rename vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/{0000_10_config-operator_01_dnses.crd.yaml => 0000_10_config-operator_01_dnses-OKD.crd.yaml} (91%) create mode 100644 vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go create mode 100644 vendor/github.com/openshift/api/config/v1alpha1/types_pki.go create mode 100644 vendor/github.com/openshift/api/etcd/v1/Makefile create mode 100644 vendor/github.com/openshift/api/etcd/v1/doc.go create mode 100644 vendor/github.com/openshift/api/etcd/v1/register.go create mode 100644 vendor/github.com/openshift/api/etcd/v1/types_pacemakercluster.go create mode 100644 vendor/github.com/openshift/api/etcd/v1/zz_generated.deepcopy.go create mode 100644 vendor/github.com/openshift/api/etcd/v1/zz_generated.featuregated-crd-manifests.yaml create mode 100644 vendor/github.com/openshift/api/etcd/v1/zz_generated.swagger_doc_generated.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/additionalalertmanagerconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/authorizationconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/basicauth.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/certificateconfig.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clusterimagepolicy.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clusterimagepolicyspec.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clusterimagepolicystatus.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/custompkipolicy.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/defaultcertificateconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/dropequalactionconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/ecdsakeyconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/hashmodactionconfig.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicyfulciocawithrekorrootoftrust.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicypkirootoftrust.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicypublickeyrootoftrust.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicyspec.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicystatus.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagesigstoreverificationpolicy.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/keepequalactionconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/keyconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/label.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/labelmapactionconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/lowercaseactionconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/metadataconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/metadataconfigcustom.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/oauth2.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/oauth2endpointparam.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/openshiftstatemetricsconfig.go rename vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/{imagepolicy.go => pki.go} (65%) create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkicertificatemanagement.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkicertificatesubject.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkiprofile.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkispec.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policyfulciosubject.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policyidentity.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policymatchexactrepository.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policymatchremapidentity.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policyrootoftrust.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusremotewriteheader.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/queueconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/relabelactionconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/relabelconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/remotewriteauthorization.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/remotewritespec.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/replaceactionconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/retention.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/rsakeyconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/secretkeyselector.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/sigv4.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/telemeterclientconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/thanosquerierconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/tlsconfig.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/uppercaseactionconfig.go delete mode 100644 vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/clusterimagepolicy.go delete mode 100644 vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_clusterimagepolicy.go delete mode 100644 vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_imagepolicy.go create mode 100644 vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_pki.go delete mode 100644 vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/imagepolicy.go create mode 100644 vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/pki.go delete mode 100644 vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/clusterimagepolicy.go rename vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/{imagepolicy.go => pki.go} (51%) delete mode 100644 vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/clusterimagepolicy.go delete mode 100644 vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/imagepolicy.go create mode 100644 vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/pki.go create mode 100644 vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/bgpmanagedconfig.go create mode 100644 vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/nooverlayconfig.go create mode 100644 vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallercomponentsource.go create mode 100644 vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallerrevisionmanifestsubstitution.go create mode 100644 vendor/github.com/openshift/library-go/pkg/crypto/cert_config.go create mode 100644 vendor/github.com/openshift/library-go/pkg/crypto/keygen.go create mode 100644 vendor/github.com/openshift/library-go/pkg/crypto/options.go create mode 100644 vendor/github.com/openshift/library-go/pkg/crypto/tls_adherence.go create mode 100644 vendor/github.com/openshift/library-go/pkg/pki/profile.go create mode 100644 vendor/github.com/openshift/library-go/pkg/pki/provider.go create mode 100644 vendor/github.com/openshift/library-go/pkg/pki/resolve.go create mode 100644 vendor/github.com/openshift/library-go/pkg/pki/types.go diff --git a/go.mod b/go.mod index 14e1b82497..c5fee91d74 100644 --- a/go.mod +++ b/go.mod @@ -11,9 +11,9 @@ require ( github.com/onsi/ginkgo/v2 v2.27.2 github.com/onsi/gomega v1.38.2 github.com/openshift-eng/openshift-tests-extension v0.0.0-20250220212757-b9c4d98a0c45 - github.com/openshift/api v0.0.0-20260302174620-dcac36b908db - github.com/openshift/client-go v0.0.0-20260302182750-20813ce71ca6 - github.com/openshift/library-go v0.0.0-20260303171201-5d9eb6295ff6 + github.com/openshift/api v0.0.0-20260416105050-3c6b218b8a80 + github.com/openshift/client-go v0.0.0-20260416131737-a19e91702ab5 + github.com/openshift/library-go v0.0.0-20260413093329-d2db42c961e1 github.com/operator-framework/api v0.17.1 github.com/operator-framework/operator-lifecycle-manager v0.22.0 github.com/pkg/errors v0.9.1 diff --git a/go.sum b/go.sum index 87876ad318..1b29cef539 100644 --- a/go.sum +++ b/go.sum @@ -104,12 +104,12 @@ github.com/onsi/gomega v1.38.2 h1:eZCjf2xjZAqe+LeWvKb5weQ+NcPwX84kqJ0cZNxok2A= github.com/onsi/gomega v1.38.2/go.mod h1:W2MJcYxRGV63b418Ai34Ud0hEdTVXq9NW9+Sx6uXf3k= github.com/openshift-eng/openshift-tests-extension v0.0.0-20250220212757-b9c4d98a0c45 h1:hXpbYtP3iTh8oy/RKwKkcMziwchY3fIk95ciczf7cOA= github.com/openshift-eng/openshift-tests-extension v0.0.0-20250220212757-b9c4d98a0c45/go.mod h1:6gkP5f2HL0meusT0Aim8icAspcD1cG055xxBZ9yC68M= -github.com/openshift/api v0.0.0-20260302174620-dcac36b908db h1:MOQ5JSIlbP4apwTrEdNpApT6PsnB0/1S6y9aKODp5Ks= -github.com/openshift/api v0.0.0-20260302174620-dcac36b908db/go.mod h1:pyVjK0nZ4sRs4fuQVQ4rubsJdahI1PB94LnQ8sGdvxo= -github.com/openshift/client-go v0.0.0-20260302182750-20813ce71ca6 h1:wJv4Ia+R4OxoaJcTUyvMtBc5rWFvfTiEA8d5f1MBPqI= -github.com/openshift/client-go v0.0.0-20260302182750-20813ce71ca6/go.mod h1:3lkVff575BlbDUUhMsrD1IyvfkZ+oKUB7iZuVy1m0W0= -github.com/openshift/library-go v0.0.0-20260303171201-5d9eb6295ff6 h1:xjqy0OolrFdJ+ofI/aD0+2k9+MSk5anP5dXifFt539Q= -github.com/openshift/library-go v0.0.0-20260303171201-5d9eb6295ff6/go.mod h1:D797O/ssKTNglbrGchjIguFq+DbyRYdeds5w4/VTrKM= +github.com/openshift/api v0.0.0-20260416105050-3c6b218b8a80 h1:r0S/yoZAI0iWo1JvoIijaIgWGWf/izg4WiV7Wrtz16k= +github.com/openshift/api v0.0.0-20260416105050-3c6b218b8a80/go.mod h1:pyVjK0nZ4sRs4fuQVQ4rubsJdahI1PB94LnQ8sGdvxo= +github.com/openshift/client-go v0.0.0-20260416131737-a19e91702ab5 h1:R5gdIA+R7MONtwKIEfZ7WM0k9ELv6GM2AbYApaCRNrA= +github.com/openshift/client-go v0.0.0-20260416131737-a19e91702ab5/go.mod h1:u56GmXEMF6bvws8ipkT1ZRNJH52RF5sZ/yRP+6PwkH4= +github.com/openshift/library-go v0.0.0-20260413093329-d2db42c961e1 h1:NdVGxmPGwWoMlhSmTxMMgp2SszLtAH3nJ6AMGBpXclY= +github.com/openshift/library-go v0.0.0-20260413093329-d2db42c961e1/go.mod h1:3bi4pLpYRdVd1aEhsHfRTJkwxwPLfRZ+ZePn3RmJd2k= github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20241205171354-8006f302fd12 h1:AKx/w1qpS8We43bsRgf8Nll3CGlDHpr/WAXvuedTNZI= github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20241205171354-8006f302fd12/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= github.com/operator-framework/api v0.17.1 h1:J/6+Xj4IEV8C7hcirqUFwOiZAU3PbnJhWvB0/bB51c4= diff --git a/vendor/github.com/openshift/api/.coderabbit.yaml b/vendor/github.com/openshift/api/.coderabbit.yaml index a3ee2d122e..4f015d3cb0 100644 --- a/vendor/github.com/openshift/api/.coderabbit.yaml +++ b/vendor/github.com/openshift/api/.coderabbit.yaml @@ -1,3 +1,4 @@ +inheritance: true language: en-US reviews: profile: chill diff --git a/vendor/github.com/openshift/api/.golangci.yaml b/vendor/github.com/openshift/api/.golangci.yaml index 608fb0ed2e..53c9b4009e 100644 --- a/vendor/github.com/openshift/api/.golangci.yaml +++ b/vendor/github.com/openshift/api/.golangci.yaml @@ -111,6 +111,12 @@ linters: # Silence norefs lint for `Ref` field in ClusterAPI as it refers to an OCI image reference, not a kube object reference. path: operator/v1alpha1/types_clusterapi.go text: "noreferences: naming convention \"no-references\": field ClusterAPIInstallerComponentImage.Ref: field names should not contain reference-related words" + - linters: + - kubeapilinter + # PacemakerCluster intentionally marks Conditions as required with XValidation rules + # to enforce specific condition types are always present. + path: etcd/v1/types_pacemakercluster.go + text: "conditions: Conditions field in (PacemakerClusterStatus|PacemakerClusterNodeStatus|PacemakerClusterFencingAgentStatus|PacemakerClusterResourceStatus) is missing the following markers: optional" - linters: - kubeapilinter path: features|payload-command/*.go diff --git a/vendor/github.com/openshift/api/AGENTS.md b/vendor/github.com/openshift/api/AGENTS.md index 991ed62579..b937472273 100644 --- a/vendor/github.com/openshift/api/AGENTS.md +++ b/vendor/github.com/openshift/api/AGENTS.md @@ -125,6 +125,20 @@ Uses `podman` by default, set `RUNTIME=docker` or `USE_DOCKER=1` to use Docker i ## Custom Claude Code Commands +### Generate Tests +``` +/generate-tests +``` +Generates comprehensive `.testsuite.yaml` integration test files for OpenShift API type definitions: +- Reads Go types, validation markers, CRD manifests, and CEL rules +- Generates test suites for each CRD variant in `zz_generated.featuregated-crd-manifests/` + +Examples: +``` +/generate-tests config/v1/types_infrastructure.go +/generate-tests operator/v1 +``` + ### API Review ``` /api-review diff --git a/vendor/github.com/openshift/api/Makefile b/vendor/github.com/openshift/api/Makefile index 9b32b58e43..ac20137fad 100644 --- a/vendor/github.com/openshift/api/Makefile +++ b/vendor/github.com/openshift/api/Makefile @@ -4,7 +4,7 @@ all: build update: update-non-codegen update-codegen RUNTIME ?= podman -RUNTIME_IMAGE_NAME ?= registry.ci.openshift.org/openshift/release:rhel-9-release-golang-1.24-openshift-4.20 +RUNTIME_IMAGE_NAME ?= registry.ci.openshift.org/openshift/release:rhel-9-release-golang-1.25-openshift-4.22 EXCLUDE_DIRS := _output/ dependencymagnet/ hack/ third_party/ tls/ tools/ vendor/ tests/ GO_PACKAGES :=$(addsuffix ...,$(addprefix ./,$(filter-out $(EXCLUDE_DIRS), $(wildcard */)))) diff --git a/vendor/github.com/openshift/api/apiextensions/v1alpha1/types_compatibilityrequirement.go b/vendor/github.com/openshift/api/apiextensions/v1alpha1/types_compatibilityrequirement.go index ef1a10b5f5..b8dfcc7ac8 100644 --- a/vendor/github.com/openshift/api/apiextensions/v1alpha1/types_compatibilityrequirement.go +++ b/vendor/github.com/openshift/api/apiextensions/v1alpha1/types_compatibilityrequirement.go @@ -222,13 +222,13 @@ type ObjectSchemaValidation struct { // filtered by namespace. // +kubebuilder:validation:XValidation:rule="size(self.matchLabels) > 0 || size(self.matchExpressions) > 0",message="must have at least one of matchLabels or matchExpressions when specified" // +optional - NamespaceSelector metav1.LabelSelector `json:"namespaceSelector,omitempty"` + NamespaceSelector metav1.LabelSelector `json:"namespaceSelector,omitempty,omitzero"` // objectSelector defines a label selector for objects. If defined, only // objects with matching labels will be subject to validation. When not // specified, objects for validation will not be filtered by label. // +kubebuilder:validation:XValidation:rule="size(self.matchLabels) > 0 || size(self.matchExpressions) > 0",message="must have at least one of matchLabels or matchExpressions when specified" // +optional - ObjectSelector metav1.LabelSelector `json:"objectSelector,omitempty"` + ObjectSelector metav1.LabelSelector `json:"objectSelector,omitempty,omitzero"` // matchConditions defines the matchConditions field of the resulting ValidatingWebhookConfiguration. // When present, must contain between 1 and 64 match conditions. diff --git a/vendor/github.com/openshift/api/config/v1/types.go b/vendor/github.com/openshift/api/config/v1/types.go index 3e17ca0ccb..e7106ef7ab 100644 --- a/vendor/github.com/openshift/api/config/v1/types.go +++ b/vendor/github.com/openshift/api/config/v1/types.go @@ -284,7 +284,12 @@ type ClientConnectionOverrides struct { } // GenericControllerConfig provides information to configure a controller +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 type GenericControllerConfig struct { + metav1.TypeMeta `json:",inline"` + // servingInfo is the HTTP serving information for the controller's endpoints ServingInfo HTTPServingInfo `json:"servingInfo"` diff --git a/vendor/github.com/openshift/api/config/v1/types_apiserver.go b/vendor/github.com/openshift/api/config/v1/types_apiserver.go index 31d8881858..b8a4399dbc 100644 --- a/vendor/github.com/openshift/api/config/v1/types_apiserver.go +++ b/vendor/github.com/openshift/api/config/v1/types_apiserver.go @@ -34,6 +34,7 @@ type APIServer struct { Status APIServerStatus `json:"status"` } +// +openshift:validation:FeatureGateAwareXValidation:featureGate=TLSAdherence,rule="has(oldSelf.tlsAdherence) ? has(self.tlsAdherence) : true",message="tlsAdherence may not be removed once set" type APIServerSpec struct { // servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates // will be used for serving secure traffic. @@ -62,6 +63,39 @@ type APIServerSpec struct { // The current default is the Intermediate profile. // +optional TLSSecurityProfile *TLSSecurityProfile `json:"tlsSecurityProfile,omitempty"` + // tlsAdherence controls if components in the cluster adhere to the TLS security profile + // configured on this APIServer resource. + // + // Valid values are "LegacyAdheringComponentsOnly" and "StrictAllComponents". + // + // When set to "LegacyAdheringComponentsOnly", components that already honor the + // cluster-wide TLS profile continue to do so. Components that do not already honor + // it continue to use their individual TLS configurations. + // + // When set to "StrictAllComponents", all components must honor the configured TLS + // profile unless they have a component-specific TLS configuration that overrides + // it. This mode is recommended for security-conscious deployments and is required + // for certain compliance frameworks. + // + // Note: Some components such as Kubelet and IngressController have their own + // dedicated TLS configuration mechanisms via KubeletConfig and IngressController + // CRs respectively. When these component-specific TLS configurations are set, + // they take precedence over the cluster-wide tlsSecurityProfile. When not set, + // these components fall back to the cluster-wide default. + // + // Components that encounter an unknown value for tlsAdherence should treat it + // as "StrictAllComponents" and log a warning to ensure forward compatibility + // while defaulting to the more secure behavior. + // + // This field is optional. + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default is LegacyAdheringComponentsOnly. + // + // Once set, this field may be changed to a different value, but may not be removed. + // +openshift:enable:FeatureGate=TLSAdherence + // +optional + TLSAdherence TLSAdherencePolicy `json:"tlsAdherence,omitempty"` // audit specifies the settings for audit configuration to be applied to all OpenShift-provided // API servers in the cluster. // +optional @@ -237,6 +271,35 @@ const ( type APIServerStatus struct { } +// TLSAdherencePolicy defines which components adhere to the TLS security profile. +// Implementors should use the ShouldHonorClusterTLSProfile helper function from library-go +// rather than checking these values directly. +// +kubebuilder:validation:Enum=LegacyAdheringComponentsOnly;StrictAllComponents +type TLSAdherencePolicy string + +const ( + // TLSAdherencePolicyNoOpinion represents an empty/unset value for tlsAdherence. + // This value cannot be explicitly set and is only present when the field is omitted. + // When the field is omitted, the cluster defaults to LegacyAdheringComponentsOnly + // behavior. Components should treat this the same as LegacyAdheringComponentsOnly. + TLSAdherencePolicyNoOpinion TLSAdherencePolicy = "" + + // TLSAdherencePolicyLegacyAdheringComponentsOnly maintains backward-compatible behavior. + // Components that already honor the cluster-wide TLS profile (such as kube-apiserver, + // openshift-apiserver, oauth-apiserver, and others) continue to do so. Components that do + // not already honor it continue to use their individual TLS configurations (e.g., + // IngressController.spec.tlsSecurityProfile, KubeletConfig.spec.tlsSecurityProfile, + // or component defaults). No additional components are required to start honoring the + // cluster-wide profile in this mode. + TLSAdherencePolicyLegacyAdheringComponentsOnly TLSAdherencePolicy = "LegacyAdheringComponentsOnly" + + // TLSAdherencePolicyStrictAllComponents means all components must honor the configured TLS + // profile unless they have a component-specific TLS configuration that overrides it. + // This mode is recommended for security-conscious deployments and is required + // for certain compliance frameworks. + TLSAdherencePolicyStrictAllComponents TLSAdherencePolicy = "StrictAllComponents" +) + // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). diff --git a/vendor/github.com/openshift/api/config/v1/types_authentication.go b/vendor/github.com/openshift/api/config/v1/types_authentication.go index e7433281f4..75e57c3709 100644 --- a/vendor/github.com/openshift/api/config/v1/types_authentication.go +++ b/vendor/github.com/openshift/api/config/v1/types_authentication.go @@ -350,11 +350,35 @@ type TokenClaimMappings struct { } // TokenClaimMapping allows specifying a JWT token claim to be used when mapping claims from an authentication token to cluster identities. +// +openshift:validation:FeatureGateAwareXValidation:featureGate="",rule="has(self.claim)",message="claim is required" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDC,rule="has(self.claim)",message="claim is required" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDCWithUIDAndExtraClaimMappings,rule="has(self.claim)",message="claim is required" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDCWithUpstreamParity,rule="(size(self.?claim.orValue(\"\")) > 0) ? !has(self.expression) : true",message="expression must not be set if claim is specified and is not an empty string" type TokenClaimMapping struct { - // claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. + // claim is an optional field for specifying the JWT token claim that is used in the mapping. + // The value of this claim will be assigned to the field in which this mapping is associated. + // claim must not exceed 256 characters in length. + // When set to the empty string `""`, this means that no named claim should be used for the group mapping. + // claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. // - // +required + // +optional + // +kubebuilder:validation:MaxLength=256 Claim string `json:"claim"` + + // expression is an optional CEL expression used to derive + // group values from JWT claims. + // + // CEL expressions have access to the token claims through a CEL variable, 'claims'. + // + // expression must be at least 1 character and must not exceed 1024 characters in length . + // + // When specified, claim must not be set or be explicitly set to the empty string (`""`). + // + // +optional + // +openshift:enable:FeatureGate=ExternalOIDCWithUpstreamParity + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1024 + Expression string `json:"expression,omitempty"` } // TokenClaimOrExpressionMapping allows specifying either a JWT token claim or CEL expression to be used when mapping claims from an authentication token to cluster identities. @@ -590,26 +614,46 @@ type OIDCClientReference struct { // +kubebuilder:validation:XValidation:rule="has(self.prefixPolicy) && self.prefixPolicy == 'Prefix' ? (has(self.prefix) && size(self.prefix.prefixString) > 0) : !has(self.prefix)",message="prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise" // +union +// +openshift:validation:FeatureGateAwareXValidation:featureGate="",rule="has(self.claim)",message="claim is required" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDC,rule="has(self.claim)",message="claim is required" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDCWithUIDAndExtraClaimMappings,rule="has(self.claim)",message="claim is required" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDCWithUpstreamParity,rule="has(self.claim) ? !has(self.expression) : has(self.expression)",message="precisely one of claim or expression must be set" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDCWithUpstreamParity,rule="has(self.expression) && size(self.expression) > 0 ? !has(self.prefixPolicy) || self.prefixPolicy != 'Prefix' : true",message="prefixPolicy must not be set to 'Prefix' when expression is set" type UsernameClaimMapping struct { - // claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. + // claim is an optional field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. + // claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. + // When the ExternalOIDCWithUpstreamParity feature gate is enabled, claim must not be set when expression is set. // // claim must not be an empty string ("") and must not exceed 256 characters. // - // +required + // +optional // +kubebuilder:validation:MinLength:=1 // +kubebuilder:validation:MaxLength:=256 - Claim string `json:"claim"` + Claim string `json:"claim,omitempty"` + + // expression is an optional CEL expression used to derive + // the username from JWT claims. + // + // CEL expressions have access to the token claims + // through a CEL variable, 'claims'. + // + // expression must be at least 1 character and must not exceed 1024 characters in length. + // expression must not be set when claim is set. + // + // +optional + // +openshift:enable:FeatureGate=ExternalOIDCWithUpstreamParity + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1024 + Expression string `json:"expression,omitempty"` // prefixPolicy is an optional field that configures how a prefix should be applied to the value of the JWT claim specified in the 'claim' field. // // Allowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string). // // When set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim. - // // The prefix field must be set when prefixPolicy is 'Prefix'. - // + // Must not be set to 'Prefix' when expression is set. // When set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim. - // // When omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. // Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'. // @@ -665,12 +709,14 @@ type UsernamePrefix struct { // PrefixedClaimMapping configures a claim mapping // that allows for an optional prefix. +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDCWithUpstreamParity,rule="has(self.expression) && size(self.expression) > 0 ? (!has(self.prefix) || size(self.prefix) == 0) : true",message="prefix must not be set to a non-empty value when expression is set" type PrefixedClaimMapping struct { TokenClaimMapping `json:",inline"` // prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes. // - // When omitted (""), no prefix is applied to the cluster identity attribute. + // When omitted or set to an empty string (""), no prefix is applied to the cluster identity attribute. + // Must not be set to a non-empty value when expression is set. // // Example: if `prefix` is set to "myoidc:" and the `claim` in JWT contains an array of strings "a", "b" and "c", the mapping will result in an array of string "myoidc:a", "myoidc:b" and "myoidc:c". // diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go index 5f36f693de..f8d45114a8 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -283,6 +283,16 @@ type UpdateHistory struct { // ClusterID is string RFC4122 uuid. type ClusterID string +// UpdateMode defines how an update should be processed. +// +enum +// +kubebuilder:validation:Enum=Preflight +type UpdateMode string + +const ( + // UpdateModePreflight allows an update to be checked for compatibility without committing to updating the cluster. + UpdateModePreflight UpdateMode = "Preflight" +) + // ClusterVersionArchitecture enumerates valid cluster architectures. // +kubebuilder:validation:Enum="Multi";"" type ClusterVersionArchitecture string @@ -760,6 +770,22 @@ type Update struct { // +listMapKey=name // +optional AcceptRisks []AcceptRisk `json:"acceptRisks,omitempty"` + + // mode determines how an update should be processed. + // The only valid value is "Preflight". + // When omitted, the cluster performs a normal update by applying the specified version or image to the cluster. + // This is the standard update behavior. + // When set to "Preflight", the cluster runs compatibility checks against the target release without + // performing an actual update. Compatibility results, including any detected risks, are reported + // in status.conditionalUpdates and status.conditionalUpdateRisks alongside risks from the update + // recommendation service. + // This allows administrators to assess update readiness and address issues before committing to the update. + // Preflight mode is particularly useful for skip-level updates where upgrade compatibility needs to be + // verified across multiple minor versions. + // When mode is set to "Preflight", the same rules for version, image, and architecture apply as for normal updates. + // +openshift:enable:FeatureGate=ClusterUpdatePreflight + // +optional + Mode UpdateMode `json:"mode,omitempty"` } // AcceptRisk represents a risk that is considered acceptable. diff --git a/vendor/github.com/openshift/api/config/v1/types_dns.go b/vendor/github.com/openshift/api/config/v1/types_dns.go index 06eb75ccf7..efbdc3ae54 100644 --- a/vendor/github.com/openshift/api/config/v1/types_dns.go +++ b/vendor/github.com/openshift/api/config/v1/types_dns.go @@ -134,7 +134,14 @@ type AWSDNSSpec struct { // privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing // operations on the cluster's private hosted zone specified in the cluster DNS config. // When left empty, no role should be assumed. - // +kubebuilder:validation:Pattern:=`^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$` + // + // The ARN must follow the format: arn::iam:::role/, where: + // is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc), + // is a 12-digit numeric identifier for the AWS account, + // is the IAM role name. + // + // +openshift:validation:FeatureGateAwareXValidation:featureGate="",rule=`matches(self, '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role/.*$')`,message=`privateZoneIAMRole must be a valid AWS IAM role ARN in the format: arn::iam:::role/` + // +openshift:validation:FeatureGateAwareXValidation:featureGate=AWSEuropeanSovereignCloudInstall,rule=`matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role/.*$')`,message=`privateZoneIAMRole must be a valid AWS IAM role ARN in the format: arn::iam:::role/` // +optional PrivateZoneIAMRole string `json:"privateZoneIAMRole"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index 369ba1e7a0..c579be3a11 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -102,11 +102,11 @@ type InfrastructureStatus struct { // and the operators should not configure the operand for highly-available operation // The 'External' mode indicates that the control plane is hosted externally to the cluster and that // its components are not visible within the cluster. + // The 'HighlyAvailableArbiter' mode indicates that the control plane will consist of 2 control-plane nodes + // that run conventional services and 1 smaller sized arbiter node that runs a bare minimum of services to maintain quorum. // +kubebuilder:default=HighlyAvailable - // +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=HighlyAvailable;SingleReplica;External - // +openshift:validation:FeatureGateAwareEnum:featureGate=HighlyAvailableArbiter,enum=HighlyAvailable;HighlyAvailableArbiter;SingleReplica;External - // +openshift:validation:FeatureGateAwareEnum:featureGate=DualReplica,enum=HighlyAvailable;SingleReplica;DualReplica;External - // +openshift:validation:FeatureGateAwareEnum:requiredFeatureGate=HighlyAvailableArbiter;DualReplica,enum=HighlyAvailable;HighlyAvailableArbiter;SingleReplica;DualReplica;External + // +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=HighlyAvailable;HighlyAvailableArbiter;SingleReplica;External + // +openshift:validation:FeatureGateAwareEnum:featureGate=DualReplica,enum=HighlyAvailable;HighlyAvailableArbiter;SingleReplica;DualReplica;External // +optional ControlPlaneTopology TopologyMode `json:"controlPlaneTopology"` @@ -787,7 +787,6 @@ type GCPPlatformStatus struct { // // +default={"dnsType": "PlatformDefault"} // +kubebuilder:default={"dnsType": "PlatformDefault"} - // +openshift:enable:FeatureGate=GCPClusterHostedDNSInstall // +optional // +nullable CloudLoadBalancerConfig *CloudLoadBalancerConfig `json:"cloudLoadBalancerConfig,omitempty"` diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-CustomNoUpgrade.crd.yaml index c89d45ddcd..0deb9ba086 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-CustomNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-CustomNoUpgrade.crd.yaml @@ -218,6 +218,23 @@ spec: When image is set, architecture cannot be specified. If both version and image are set, the version extracted from the referenced image must match the specified version. type: string + mode: + description: |- + mode determines how an update should be processed. + The only valid value is "Preflight". + When omitted, the cluster performs a normal update by applying the specified version or image to the cluster. + This is the standard update behavior. + When set to "Preflight", the cluster runs compatibility checks against the target release without + performing an actual update. Compatibility results, including any detected risks, are reported + in status.conditionalUpdates and status.conditionalUpdateRisks alongside risks from the update + recommendation service. + This allows administrators to assess update readiness and address issues before committing to the update. + Preflight mode is particularly useful for skip-level updates where upgrade compatibility needs to be + verified across multiple minor versions. + When mode is set to "Preflight", the same rules for version, image, and architecture apply as for normal updates. + enum: + - Preflight + type: string version: description: |- version is a semantic version identifying the update version. diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml index f24b2a16a1..70a09d3ff0 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml @@ -218,6 +218,23 @@ spec: When image is set, architecture cannot be specified. If both version and image are set, the version extracted from the referenced image must match the specified version. type: string + mode: + description: |- + mode determines how an update should be processed. + The only valid value is "Preflight". + When omitted, the cluster performs a normal update by applying the specified version or image to the cluster. + This is the standard update behavior. + When set to "Preflight", the cluster runs compatibility checks against the target release without + performing an actual update. Compatibility results, including any detected risks, are reported + in status.conditionalUpdates and status.conditionalUpdateRisks alongside risks from the update + recommendation service. + This allows administrators to assess update readiness and address issues before committing to the update. + Preflight mode is particularly useful for skip-level updates where upgrade compatibility needs to be + verified across multiple minor versions. + When mode is set to "Preflight", the same rules for version, image, and architecture apply as for normal updates. + enum: + - Preflight + type: string version: description: |- version is a semantic version identifying the update version. diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml index 2e45da09e5..d2ba7fc325 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml @@ -292,6 +292,42 @@ spec: type: array x-kubernetes-list-type: atomic type: object + tlsAdherence: + description: |- + tlsAdherence controls if components in the cluster adhere to the TLS security profile + configured on this APIServer resource. + + Valid values are "LegacyAdheringComponentsOnly" and "StrictAllComponents". + + When set to "LegacyAdheringComponentsOnly", components that already honor the + cluster-wide TLS profile continue to do so. Components that do not already honor + it continue to use their individual TLS configurations. + + When set to "StrictAllComponents", all components must honor the configured TLS + profile unless they have a component-specific TLS configuration that overrides + it. This mode is recommended for security-conscious deployments and is required + for certain compliance frameworks. + + Note: Some components such as Kubelet and IngressController have their own + dedicated TLS configuration mechanisms via KubeletConfig and IngressController + CRs respectively. When these component-specific TLS configurations are set, + they take precedence over the cluster-wide tlsSecurityProfile. When not set, + these components fall back to the cluster-wide default. + + Components that encounter an unknown value for tlsAdherence should treat it + as "StrictAllComponents" and log a warning to ensure forward compatibility + while defaulting to the more secure behavior. + + This field is optional. + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default is LegacyAdheringComponentsOnly. + + Once set, this field may be changed to a different value, but may not be removed. + enum: + - LegacyAdheringComponentsOnly + - StrictAllComponents + type: string tlsSecurityProfile: description: |- tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. @@ -427,6 +463,9 @@ spec: type: string type: object type: object + x-kubernetes-validations: + - message: tlsAdherence may not be removed once set + rule: 'has(oldSelf.tlsAdherence) ? has(self.tlsAdherence) : true' status: description: status holds observed values from the cluster. They may not be overridden. diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml index 23c4381442..cabbd04bb7 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml @@ -292,6 +292,42 @@ spec: type: array x-kubernetes-list-type: atomic type: object + tlsAdherence: + description: |- + tlsAdherence controls if components in the cluster adhere to the TLS security profile + configured on this APIServer resource. + + Valid values are "LegacyAdheringComponentsOnly" and "StrictAllComponents". + + When set to "LegacyAdheringComponentsOnly", components that already honor the + cluster-wide TLS profile continue to do so. Components that do not already honor + it continue to use their individual TLS configurations. + + When set to "StrictAllComponents", all components must honor the configured TLS + profile unless they have a component-specific TLS configuration that overrides + it. This mode is recommended for security-conscious deployments and is required + for certain compliance frameworks. + + Note: Some components such as Kubelet and IngressController have their own + dedicated TLS configuration mechanisms via KubeletConfig and IngressController + CRs respectively. When these component-specific TLS configurations are set, + they take precedence over the cluster-wide tlsSecurityProfile. When not set, + these components fall back to the cluster-wide default. + + Components that encounter an unknown value for tlsAdherence should treat it + as "StrictAllComponents" and log a warning to ensure forward compatibility + while defaulting to the more secure behavior. + + This field is optional. + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default is LegacyAdheringComponentsOnly. + + Once set, this field may be changed to a different value, but may not be removed. + enum: + - LegacyAdheringComponentsOnly + - StrictAllComponents + type: string tlsSecurityProfile: description: |- tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. @@ -427,6 +463,9 @@ spec: type: string type: object type: object + x-kubernetes-validations: + - message: tlsAdherence may not be removed once set + rule: 'has(oldSelf.tlsAdherence) ? has(self.tlsAdherence) : true' status: description: status holds observed values from the cluster. They may not be overridden. diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml index 1d75d68e5a..b21c31dd43 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml @@ -224,6 +224,42 @@ spec: type: array x-kubernetes-list-type: atomic type: object + tlsAdherence: + description: |- + tlsAdherence controls if components in the cluster adhere to the TLS security profile + configured on this APIServer resource. + + Valid values are "LegacyAdheringComponentsOnly" and "StrictAllComponents". + + When set to "LegacyAdheringComponentsOnly", components that already honor the + cluster-wide TLS profile continue to do so. Components that do not already honor + it continue to use their individual TLS configurations. + + When set to "StrictAllComponents", all components must honor the configured TLS + profile unless they have a component-specific TLS configuration that overrides + it. This mode is recommended for security-conscious deployments and is required + for certain compliance frameworks. + + Note: Some components such as Kubelet and IngressController have their own + dedicated TLS configuration mechanisms via KubeletConfig and IngressController + CRs respectively. When these component-specific TLS configurations are set, + they take precedence over the cluster-wide tlsSecurityProfile. When not set, + these components fall back to the cluster-wide default. + + Components that encounter an unknown value for tlsAdherence should treat it + as "StrictAllComponents" and log a warning to ensure forward compatibility + while defaulting to the more secure behavior. + + This field is optional. + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default is LegacyAdheringComponentsOnly. + + Once set, this field may be changed to a different value, but may not be removed. + enum: + - LegacyAdheringComponentsOnly + - StrictAllComponents + type: string tlsSecurityProfile: description: |- tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. @@ -359,6 +395,9 @@ spec: type: string type: object type: object + x-kubernetes-validations: + - message: tlsAdherence may not be removed once set + rule: 'has(oldSelf.tlsAdherence) ? has(self.tlsAdherence) : true' status: description: status holds observed values from the cluster. They may not be overridden. diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml index e3c2202ea6..cd737e2727 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-CustomNoUpgrade.crd.yaml @@ -187,21 +187,47 @@ spec: For example - '"example"' and '"exampleOne", "exampleTwo", "exampleThree"' are valid claim values. properties: claim: - description: claim is a required field that configures - the JWT token claim whose value is assigned to the - cluster identity field associated with this mapping. + description: |- + claim is an optional field for specifying the JWT token claim that is used in the mapping. + The value of this claim will be assigned to the field in which this mapping is associated. + claim must not exceed 256 characters in length. + When set to the empty string `""`, this means that no named claim should be used for the group mapping. + claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. + maxLength: 256 + type: string + expression: + description: |- + expression is an optional CEL expression used to derive + group values from JWT claims. + + CEL expressions have access to the token claims through a CEL variable, 'claims'. + + expression must be at least 1 character and must not exceed 1024 characters in length . + + When specified, claim must not be set or be explicitly set to the empty string (`""`). + maxLength: 1024 + minLength: 1 type: string prefix: description: |- prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes. - When omitted (""), no prefix is applied to the cluster identity attribute. + When omitted or set to an empty string (""), no prefix is applied to the cluster identity attribute. + Must not be set to a non-empty value when expression is set. Example: if `prefix` is set to "myoidc:" and the `claim` in JWT contains an array of strings "a", "b" and "c", the mapping will result in an array of string "myoidc:a", "myoidc:b" and "myoidc:c". type: string - required: - - claim type: object + x-kubernetes-validations: + - message: prefix must not be set to a non-empty value when + expression is set + rule: 'has(self.expression) && size(self.expression) > + 0 ? (!has(self.prefix) || size(self.prefix) == 0) : + true' + - message: expression must not be set if claim is specified + and is not an empty string + rule: '(size(self.?claim.orValue("")) > 0) ? !has(self.expression) + : true' uid: description: |- uid is an optional field for configuring the claim mapping used to construct the uid for the cluster identity. @@ -252,12 +278,27 @@ spec: properties: claim: description: |- - claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. + claim is an optional field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. + claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. + When the ExternalOIDCWithUpstreamParity feature gate is enabled, claim must not be set when expression is set. claim must not be an empty string ("") and must not exceed 256 characters. maxLength: 256 minLength: 1 type: string + expression: + description: |- + expression is an optional CEL expression used to derive + the username from JWT claims. + + CEL expressions have access to the token claims + through a CEL variable, 'claims'. + + expression must be at least 1 character and must not exceed 1024 characters in length. + expression must not be set when claim is set. + maxLength: 1024 + minLength: 1 + type: string prefix: description: |- prefix configures the prefix that should be prepended to the value of the JWT claim. @@ -281,11 +322,9 @@ spec: Allowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string). When set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim. - The prefix field must be set when prefixPolicy is 'Prefix'. - + Must not be set to 'Prefix' when expression is set. When set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim. - When omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'. @@ -301,10 +340,16 @@ spec: - NoPrefix - Prefix type: string - required: - - claim type: object x-kubernetes-validations: + - message: precisely one of claim or expression must be + set + rule: 'has(self.claim) ? !has(self.expression) : has(self.expression)' + - message: prefixPolicy must not be set to 'Prefix' when + expression is set + rule: 'has(self.expression) && size(self.expression) > + 0 ? !has(self.prefixPolicy) || self.prefixPolicy != + ''Prefix'' : true' - message: prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise rule: 'has(self.prefixPolicy) && self.prefixPolicy == diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-Default.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-Default.crd.yaml index 64b6502323..5e6be8db9f 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-Default.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-Default.crd.yaml @@ -187,21 +187,27 @@ spec: For example - '"example"' and '"exampleOne", "exampleTwo", "exampleThree"' are valid claim values. properties: claim: - description: claim is a required field that configures - the JWT token claim whose value is assigned to the - cluster identity field associated with this mapping. + description: |- + claim is an optional field for specifying the JWT token claim that is used in the mapping. + The value of this claim will be assigned to the field in which this mapping is associated. + claim must not exceed 256 characters in length. + When set to the empty string `""`, this means that no named claim should be used for the group mapping. + claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. + maxLength: 256 type: string prefix: description: |- prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes. - When omitted (""), no prefix is applied to the cluster identity attribute. + When omitted or set to an empty string (""), no prefix is applied to the cluster identity attribute. + Must not be set to a non-empty value when expression is set. Example: if `prefix` is set to "myoidc:" and the `claim` in JWT contains an array of strings "a", "b" and "c", the mapping will result in an array of string "myoidc:a", "myoidc:b" and "myoidc:c". type: string - required: - - claim type: object + x-kubernetes-validations: + - message: claim is required + rule: has(self.claim) uid: description: |- uid is an optional field for configuring the claim mapping used to construct the uid for the cluster identity. @@ -252,7 +258,9 @@ spec: properties: claim: description: |- - claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. + claim is an optional field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. + claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. + When the ExternalOIDCWithUpstreamParity feature gate is enabled, claim must not be set when expression is set. claim must not be an empty string ("") and must not exceed 256 characters. maxLength: 256 @@ -281,11 +289,9 @@ spec: Allowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string). When set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim. - The prefix field must be set when prefixPolicy is 'Prefix'. - + Must not be set to 'Prefix' when expression is set. When set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim. - When omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'. @@ -301,10 +307,10 @@ spec: - NoPrefix - Prefix type: string - required: - - claim type: object x-kubernetes-validations: + - message: claim is required + rule: has(self.claim) - message: prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise rule: 'has(self.prefixPolicy) && self.prefixPolicy == diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml index 2f4c3180dc..bf116984ff 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-DevPreviewNoUpgrade.crd.yaml @@ -187,21 +187,47 @@ spec: For example - '"example"' and '"exampleOne", "exampleTwo", "exampleThree"' are valid claim values. properties: claim: - description: claim is a required field that configures - the JWT token claim whose value is assigned to the - cluster identity field associated with this mapping. + description: |- + claim is an optional field for specifying the JWT token claim that is used in the mapping. + The value of this claim will be assigned to the field in which this mapping is associated. + claim must not exceed 256 characters in length. + When set to the empty string `""`, this means that no named claim should be used for the group mapping. + claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. + maxLength: 256 + type: string + expression: + description: |- + expression is an optional CEL expression used to derive + group values from JWT claims. + + CEL expressions have access to the token claims through a CEL variable, 'claims'. + + expression must be at least 1 character and must not exceed 1024 characters in length . + + When specified, claim must not be set or be explicitly set to the empty string (`""`). + maxLength: 1024 + minLength: 1 type: string prefix: description: |- prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes. - When omitted (""), no prefix is applied to the cluster identity attribute. + When omitted or set to an empty string (""), no prefix is applied to the cluster identity attribute. + Must not be set to a non-empty value when expression is set. Example: if `prefix` is set to "myoidc:" and the `claim` in JWT contains an array of strings "a", "b" and "c", the mapping will result in an array of string "myoidc:a", "myoidc:b" and "myoidc:c". type: string - required: - - claim type: object + x-kubernetes-validations: + - message: prefix must not be set to a non-empty value when + expression is set + rule: 'has(self.expression) && size(self.expression) > + 0 ? (!has(self.prefix) || size(self.prefix) == 0) : + true' + - message: expression must not be set if claim is specified + and is not an empty string + rule: '(size(self.?claim.orValue("")) > 0) ? !has(self.expression) + : true' uid: description: |- uid is an optional field for configuring the claim mapping used to construct the uid for the cluster identity. @@ -252,12 +278,27 @@ spec: properties: claim: description: |- - claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. + claim is an optional field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. + claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. + When the ExternalOIDCWithUpstreamParity feature gate is enabled, claim must not be set when expression is set. claim must not be an empty string ("") and must not exceed 256 characters. maxLength: 256 minLength: 1 type: string + expression: + description: |- + expression is an optional CEL expression used to derive + the username from JWT claims. + + CEL expressions have access to the token claims + through a CEL variable, 'claims'. + + expression must be at least 1 character and must not exceed 1024 characters in length. + expression must not be set when claim is set. + maxLength: 1024 + minLength: 1 + type: string prefix: description: |- prefix configures the prefix that should be prepended to the value of the JWT claim. @@ -281,11 +322,9 @@ spec: Allowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string). When set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim. - The prefix field must be set when prefixPolicy is 'Prefix'. - + Must not be set to 'Prefix' when expression is set. When set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim. - When omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'. @@ -301,10 +340,16 @@ spec: - NoPrefix - Prefix type: string - required: - - claim type: object x-kubernetes-validations: + - message: precisely one of claim or expression must be + set + rule: 'has(self.claim) ? !has(self.expression) : has(self.expression)' + - message: prefixPolicy must not be set to 'Prefix' when + expression is set + rule: 'has(self.expression) && size(self.expression) > + 0 ? !has(self.prefixPolicy) || self.prefixPolicy != + ''Prefix'' : true' - message: prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise rule: 'has(self.prefixPolicy) && self.prefixPolicy == diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-OKD.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-OKD.crd.yaml index 2aff1f514b..dcfe61e693 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-OKD.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-OKD.crd.yaml @@ -187,21 +187,27 @@ spec: For example - '"example"' and '"exampleOne", "exampleTwo", "exampleThree"' are valid claim values. properties: claim: - description: claim is a required field that configures - the JWT token claim whose value is assigned to the - cluster identity field associated with this mapping. + description: |- + claim is an optional field for specifying the JWT token claim that is used in the mapping. + The value of this claim will be assigned to the field in which this mapping is associated. + claim must not exceed 256 characters in length. + When set to the empty string `""`, this means that no named claim should be used for the group mapping. + claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. + maxLength: 256 type: string prefix: description: |- prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes. - When omitted (""), no prefix is applied to the cluster identity attribute. + When omitted or set to an empty string (""), no prefix is applied to the cluster identity attribute. + Must not be set to a non-empty value when expression is set. Example: if `prefix` is set to "myoidc:" and the `claim` in JWT contains an array of strings "a", "b" and "c", the mapping will result in an array of string "myoidc:a", "myoidc:b" and "myoidc:c". type: string - required: - - claim type: object + x-kubernetes-validations: + - message: claim is required + rule: has(self.claim) uid: description: |- uid is an optional field for configuring the claim mapping used to construct the uid for the cluster identity. @@ -252,7 +258,9 @@ spec: properties: claim: description: |- - claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. + claim is an optional field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. + claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. + When the ExternalOIDCWithUpstreamParity feature gate is enabled, claim must not be set when expression is set. claim must not be an empty string ("") and must not exceed 256 characters. maxLength: 256 @@ -281,11 +289,9 @@ spec: Allowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string). When set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim. - The prefix field must be set when prefixPolicy is 'Prefix'. - + Must not be set to 'Prefix' when expression is set. When set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim. - When omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'. @@ -301,10 +307,10 @@ spec: - NoPrefix - Prefix type: string - required: - - claim type: object x-kubernetes-validations: + - message: claim is required + rule: has(self.claim) - message: prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise rule: 'has(self.prefixPolicy) && self.prefixPolicy == diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml index 11281f286c..de0dd293a8 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_authentications-TechPreviewNoUpgrade.crd.yaml @@ -187,21 +187,47 @@ spec: For example - '"example"' and '"exampleOne", "exampleTwo", "exampleThree"' are valid claim values. properties: claim: - description: claim is a required field that configures - the JWT token claim whose value is assigned to the - cluster identity field associated with this mapping. + description: |- + claim is an optional field for specifying the JWT token claim that is used in the mapping. + The value of this claim will be assigned to the field in which this mapping is associated. + claim must not exceed 256 characters in length. + When set to the empty string `""`, this means that no named claim should be used for the group mapping. + claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. + maxLength: 256 + type: string + expression: + description: |- + expression is an optional CEL expression used to derive + group values from JWT claims. + + CEL expressions have access to the token claims through a CEL variable, 'claims'. + + expression must be at least 1 character and must not exceed 1024 characters in length . + + When specified, claim must not be set or be explicitly set to the empty string (`""`). + maxLength: 1024 + minLength: 1 type: string prefix: description: |- prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes. - When omitted (""), no prefix is applied to the cluster identity attribute. + When omitted or set to an empty string (""), no prefix is applied to the cluster identity attribute. + Must not be set to a non-empty value when expression is set. Example: if `prefix` is set to "myoidc:" and the `claim` in JWT contains an array of strings "a", "b" and "c", the mapping will result in an array of string "myoidc:a", "myoidc:b" and "myoidc:c". type: string - required: - - claim type: object + x-kubernetes-validations: + - message: prefix must not be set to a non-empty value when + expression is set + rule: 'has(self.expression) && size(self.expression) > + 0 ? (!has(self.prefix) || size(self.prefix) == 0) : + true' + - message: expression must not be set if claim is specified + and is not an empty string + rule: '(size(self.?claim.orValue("")) > 0) ? !has(self.expression) + : true' uid: description: |- uid is an optional field for configuring the claim mapping used to construct the uid for the cluster identity. @@ -252,12 +278,27 @@ spec: properties: claim: description: |- - claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. + claim is an optional field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. + claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. + When the ExternalOIDCWithUpstreamParity feature gate is enabled, claim must not be set when expression is set. claim must not be an empty string ("") and must not exceed 256 characters. maxLength: 256 minLength: 1 type: string + expression: + description: |- + expression is an optional CEL expression used to derive + the username from JWT claims. + + CEL expressions have access to the token claims + through a CEL variable, 'claims'. + + expression must be at least 1 character and must not exceed 1024 characters in length. + expression must not be set when claim is set. + maxLength: 1024 + minLength: 1 + type: string prefix: description: |- prefix configures the prefix that should be prepended to the value of the JWT claim. @@ -281,11 +322,9 @@ spec: Allowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string). When set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim. - The prefix field must be set when prefixPolicy is 'Prefix'. - + Must not be set to 'Prefix' when expression is set. When set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim. - When omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'. @@ -301,10 +340,16 @@ spec: - NoPrefix - Prefix type: string - required: - - claim type: object x-kubernetes-validations: + - message: precisely one of claim or expression must be + set + rule: 'has(self.claim) ? !has(self.expression) : has(self.expression)' + - message: prefixPolicy must not be set to 'Prefix' when + expression is set + rule: 'has(self.expression) && size(self.expression) > + 0 ? !has(self.prefixPolicy) || self.prefixPolicy != + ''Prefix'' : true' - message: prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise rule: 'has(self.prefixPolicy) && self.prefixPolicy == diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-CustomNoUpgrade.crd.yaml new file mode 100644 index 0000000000..05d56f63cf --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-CustomNoUpgrade.crd.yaml @@ -0,0 +1,198 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/bootstrap-required: "true" + release.openshift.io/feature-set: CustomNoUpgrade + name: dnses.config.openshift.io +spec: + group: config.openshift.io + names: + kind: DNS + listKind: DNSList + plural: dnses + singular: dns + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + DNS holds cluster-wide information about DNS. The canonical name is `cluster` + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + baseDomain: + description: |- + baseDomain is the base domain of the cluster. All managed DNS records will + be sub-domains of this base. + + For example, given the base domain `openshift.example.com`, an API server + DNS record may be created for `cluster-api.openshift.example.com`. + + Once set, this field cannot be changed. + type: string + platform: + description: |- + platform holds configuration specific to the underlying + infrastructure provider for DNS. + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + properties: + aws: + description: aws contains DNS configuration specific to the Amazon + Web Services cloud provider. + properties: + privateZoneIAMRole: + description: |- + privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing + operations on the cluster's private hosted zone specified in the cluster DNS config. + When left empty, no role should be assumed. + + The ARN must follow the format: arn::iam:::role/, where: + is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc), + is a 12-digit numeric identifier for the AWS account, + is the IAM role name. + type: string + x-kubernetes-validations: + - message: 'privateZoneIAMRole must be a valid AWS IAM role + ARN in the format: arn::iam:::role/' + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role/.*$') + type: object + type: + description: |- + type is the underlying infrastructure provider for the cluster. + Allowed values: "", "AWS". + + Individual components may not support all platforms, + and must handle unrecognized platforms with best-effort defaults. + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + type: string + x-kubernetes-validations: + - message: allowed values are '' and 'AWS' + rule: self in ['','AWS'] + required: + - type + type: object + x-kubernetes-validations: + - message: aws configuration is required when platform is AWS, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''AWS'' ? has(self.aws) : + !has(self.aws)' + privateZone: + description: |- + privateZone is the location where all the DNS records that are only available internally + to the cluster exist. + + If this field is nil, no private records should be created. + + Once set, this field cannot be changed. + properties: + id: + description: |- + id is the identifier that can be used to find the DNS hosted zone. + + on AWS zone can be fetched using `ID` as id in [1] + on Azure zone can be fetched using `ID` as a pre-determined name in [2], + on GCP zone can be fetched using `ID` as a pre-determined name in [3]. + + [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options + [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show + [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get + type: string + tags: + additionalProperties: + type: string + description: |- + tags can be used to query the DNS hosted zone. + + on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, + + [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options + type: object + type: object + publicZone: + description: |- + publicZone is the location where all the DNS records that are publicly accessible to + the internet exist. + + If this field is nil, no public records should be created. + + Once set, this field cannot be changed. + properties: + id: + description: |- + id is the identifier that can be used to find the DNS hosted zone. + + on AWS zone can be fetched using `ID` as id in [1] + on Azure zone can be fetched using `ID` as a pre-determined name in [2], + on GCP zone can be fetched using `ID` as a pre-determined name in [3]. + + [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options + [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show + [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get + type: string + tags: + additionalProperties: + type: string + description: |- + tags can be used to query the DNS hosted zone. + + on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, + + [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options + type: object + type: object + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-Default.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-Default.crd.yaml new file mode 100644 index 0000000000..93954dcc36 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-Default.crd.yaml @@ -0,0 +1,198 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/bootstrap-required: "true" + release.openshift.io/feature-set: Default + name: dnses.config.openshift.io +spec: + group: config.openshift.io + names: + kind: DNS + listKind: DNSList + plural: dnses + singular: dns + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + DNS holds cluster-wide information about DNS. The canonical name is `cluster` + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + baseDomain: + description: |- + baseDomain is the base domain of the cluster. All managed DNS records will + be sub-domains of this base. + + For example, given the base domain `openshift.example.com`, an API server + DNS record may be created for `cluster-api.openshift.example.com`. + + Once set, this field cannot be changed. + type: string + platform: + description: |- + platform holds configuration specific to the underlying + infrastructure provider for DNS. + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + properties: + aws: + description: aws contains DNS configuration specific to the Amazon + Web Services cloud provider. + properties: + privateZoneIAMRole: + description: |- + privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing + operations on the cluster's private hosted zone specified in the cluster DNS config. + When left empty, no role should be assumed. + + The ARN must follow the format: arn::iam:::role/, where: + is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc), + is a 12-digit numeric identifier for the AWS account, + is the IAM role name. + type: string + x-kubernetes-validations: + - message: 'privateZoneIAMRole must be a valid AWS IAM role + ARN in the format: arn::iam:::role/' + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role/.*$') + type: object + type: + description: |- + type is the underlying infrastructure provider for the cluster. + Allowed values: "", "AWS". + + Individual components may not support all platforms, + and must handle unrecognized platforms with best-effort defaults. + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + type: string + x-kubernetes-validations: + - message: allowed values are '' and 'AWS' + rule: self in ['','AWS'] + required: + - type + type: object + x-kubernetes-validations: + - message: aws configuration is required when platform is AWS, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''AWS'' ? has(self.aws) : + !has(self.aws)' + privateZone: + description: |- + privateZone is the location where all the DNS records that are only available internally + to the cluster exist. + + If this field is nil, no private records should be created. + + Once set, this field cannot be changed. + properties: + id: + description: |- + id is the identifier that can be used to find the DNS hosted zone. + + on AWS zone can be fetched using `ID` as id in [1] + on Azure zone can be fetched using `ID` as a pre-determined name in [2], + on GCP zone can be fetched using `ID` as a pre-determined name in [3]. + + [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options + [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show + [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get + type: string + tags: + additionalProperties: + type: string + description: |- + tags can be used to query the DNS hosted zone. + + on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, + + [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options + type: object + type: object + publicZone: + description: |- + publicZone is the location where all the DNS records that are publicly accessible to + the internet exist. + + If this field is nil, no public records should be created. + + Once set, this field cannot be changed. + properties: + id: + description: |- + id is the identifier that can be used to find the DNS hosted zone. + + on AWS zone can be fetched using `ID` as id in [1] + on Azure zone can be fetched using `ID` as a pre-determined name in [2], + on GCP zone can be fetched using `ID` as a pre-determined name in [3]. + + [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options + [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show + [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get + type: string + tags: + additionalProperties: + type: string + description: |- + tags can be used to query the DNS hosted zone. + + on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, + + [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options + type: object + type: object + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 0000000000..f2d9157713 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,198 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/bootstrap-required: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: dnses.config.openshift.io +spec: + group: config.openshift.io + names: + kind: DNS + listKind: DNSList + plural: dnses + singular: dns + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + DNS holds cluster-wide information about DNS. The canonical name is `cluster` + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + baseDomain: + description: |- + baseDomain is the base domain of the cluster. All managed DNS records will + be sub-domains of this base. + + For example, given the base domain `openshift.example.com`, an API server + DNS record may be created for `cluster-api.openshift.example.com`. + + Once set, this field cannot be changed. + type: string + platform: + description: |- + platform holds configuration specific to the underlying + infrastructure provider for DNS. + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + properties: + aws: + description: aws contains DNS configuration specific to the Amazon + Web Services cloud provider. + properties: + privateZoneIAMRole: + description: |- + privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing + operations on the cluster's private hosted zone specified in the cluster DNS config. + When left empty, no role should be assumed. + + The ARN must follow the format: arn::iam:::role/, where: + is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc), + is a 12-digit numeric identifier for the AWS account, + is the IAM role name. + type: string + x-kubernetes-validations: + - message: 'privateZoneIAMRole must be a valid AWS IAM role + ARN in the format: arn::iam:::role/' + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role/.*$') + type: object + type: + description: |- + type is the underlying infrastructure provider for the cluster. + Allowed values: "", "AWS". + + Individual components may not support all platforms, + and must handle unrecognized platforms with best-effort defaults. + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + type: string + x-kubernetes-validations: + - message: allowed values are '' and 'AWS' + rule: self in ['','AWS'] + required: + - type + type: object + x-kubernetes-validations: + - message: aws configuration is required when platform is AWS, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''AWS'' ? has(self.aws) : + !has(self.aws)' + privateZone: + description: |- + privateZone is the location where all the DNS records that are only available internally + to the cluster exist. + + If this field is nil, no private records should be created. + + Once set, this field cannot be changed. + properties: + id: + description: |- + id is the identifier that can be used to find the DNS hosted zone. + + on AWS zone can be fetched using `ID` as id in [1] + on Azure zone can be fetched using `ID` as a pre-determined name in [2], + on GCP zone can be fetched using `ID` as a pre-determined name in [3]. + + [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options + [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show + [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get + type: string + tags: + additionalProperties: + type: string + description: |- + tags can be used to query the DNS hosted zone. + + on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, + + [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options + type: object + type: object + publicZone: + description: |- + publicZone is the location where all the DNS records that are publicly accessible to + the internet exist. + + If this field is nil, no public records should be created. + + Once set, this field cannot be changed. + properties: + id: + description: |- + id is the identifier that can be used to find the DNS hosted zone. + + on AWS zone can be fetched using `ID` as id in [1] + on Azure zone can be fetched using `ID` as a pre-determined name in [2], + on GCP zone can be fetched using `ID` as a pre-determined name in [3]. + + [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options + [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show + [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get + type: string + tags: + additionalProperties: + type: string + description: |- + tags can be used to query the DNS hosted zone. + + on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, + + [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options + type: object + type: object + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-OKD.crd.yaml similarity index 91% rename from vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses.crd.yaml rename to vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-OKD.crd.yaml index 06fb0be0b2..0631512bca 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-OKD.crd.yaml @@ -7,6 +7,7 @@ metadata: include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" release.openshift.io/bootstrap-required: "true" + release.openshift.io/feature-set: OKD name: dnses.config.openshift.io spec: group: config.openshift.io @@ -71,8 +72,16 @@ spec: privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ + + The ARN must follow the format: arn::iam:::role/, where: + is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc), + is a 12-digit numeric identifier for the AWS account, + is the IAM role name. type: string + x-kubernetes-validations: + - message: 'privateZoneIAMRole must be a valid AWS IAM role + ARN in the format: arn::iam:::role/' + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role/.*$') type: object type: description: |- diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 0000000000..ce4e9b77f0 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,198 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/bootstrap-required: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + name: dnses.config.openshift.io +spec: + group: config.openshift.io + names: + kind: DNS + listKind: DNSList + plural: dnses + singular: dns + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + DNS holds cluster-wide information about DNS. The canonical name is `cluster` + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + baseDomain: + description: |- + baseDomain is the base domain of the cluster. All managed DNS records will + be sub-domains of this base. + + For example, given the base domain `openshift.example.com`, an API server + DNS record may be created for `cluster-api.openshift.example.com`. + + Once set, this field cannot be changed. + type: string + platform: + description: |- + platform holds configuration specific to the underlying + infrastructure provider for DNS. + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + properties: + aws: + description: aws contains DNS configuration specific to the Amazon + Web Services cloud provider. + properties: + privateZoneIAMRole: + description: |- + privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing + operations on the cluster's private hosted zone specified in the cluster DNS config. + When left empty, no role should be assumed. + + The ARN must follow the format: arn::iam:::role/, where: + is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc), + is a 12-digit numeric identifier for the AWS account, + is the IAM role name. + type: string + x-kubernetes-validations: + - message: 'privateZoneIAMRole must be a valid AWS IAM role + ARN in the format: arn::iam:::role/' + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role/.*$') + type: object + type: + description: |- + type is the underlying infrastructure provider for the cluster. + Allowed values: "", "AWS". + + Individual components may not support all platforms, + and must handle unrecognized platforms with best-effort defaults. + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + type: string + x-kubernetes-validations: + - message: allowed values are '' and 'AWS' + rule: self in ['','AWS'] + required: + - type + type: object + x-kubernetes-validations: + - message: aws configuration is required when platform is AWS, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''AWS'' ? has(self.aws) : + !has(self.aws)' + privateZone: + description: |- + privateZone is the location where all the DNS records that are only available internally + to the cluster exist. + + If this field is nil, no private records should be created. + + Once set, this field cannot be changed. + properties: + id: + description: |- + id is the identifier that can be used to find the DNS hosted zone. + + on AWS zone can be fetched using `ID` as id in [1] + on Azure zone can be fetched using `ID` as a pre-determined name in [2], + on GCP zone can be fetched using `ID` as a pre-determined name in [3]. + + [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options + [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show + [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get + type: string + tags: + additionalProperties: + type: string + description: |- + tags can be used to query the DNS hosted zone. + + on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, + + [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options + type: object + type: object + publicZone: + description: |- + publicZone is the location where all the DNS records that are publicly accessible to + the internet exist. + + If this field is nil, no public records should be created. + + Once set, this field cannot be changed. + properties: + id: + description: |- + id is the identifier that can be used to find the DNS hosted zone. + + on AWS zone can be fetched using `ID` as id in [1] + on Azure zone can be fetched using `ID` as a pre-determined name in [2], + on GCP zone can be fetched using `ID` as a pre-determined name in [3]. + + [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options + [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show + [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get + type: string + tags: + additionalProperties: + type: string + description: |- + tags can be used to query the DNS hosted zone. + + on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, + + [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options + type: object + type: object + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-CustomNoUpgrade.crd.yaml index 9086d4a572..69e9d1108a 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-CustomNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-CustomNoUpgrade.crd.yaml @@ -1127,6 +1127,8 @@ spec: and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster. + The 'HighlyAvailableArbiter' mode indicates that the control plane will consist of 2 control-plane nodes + that run conventional services and 1 smaller sized arbiter node that runs a bare minimum of services to maintain quorum. enum: - HighlyAvailable - HighlyAvailableArbiter diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml index 803c48a1e2..8d94616b35 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml @@ -828,6 +828,17 @@ spec: - topology - zone type: object + x-kubernetes-validations: + - message: when zoneAffinity type is HostGroup, regionAffinity + type must be ComputeCluster + rule: 'has(self.zoneAffinity) && self.zoneAffinity.type + == ''HostGroup'' ? has(self.regionAffinity) && self.regionAffinity.type + == ''ComputeCluster'' : true' + - message: when zoneAffinity type is ComputeCluster, regionAffinity + type must be Datacenter + rule: 'has(self.zoneAffinity) && self.zoneAffinity.type + == ''ComputeCluster'' ? has(self.regionAffinity) && + self.regionAffinity.type == ''Datacenter'' : true' type: array x-kubernetes-list-map-keys: - name @@ -1050,10 +1061,13 @@ spec: and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster. + The 'HighlyAvailableArbiter' mode indicates that the control plane will consist of 2 control-plane nodes + that run conventional services and 1 smaller sized arbiter node that runs a bare minimum of services to maintain quorum. enum: - HighlyAvailable - HighlyAvailableArbiter - SingleReplica + - DualReplica - External type: string cpuPartitioning: @@ -1259,6 +1273,109 @@ spec: description: armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack. type: string + cloudLoadBalancerConfig: + default: + dnsType: PlatformDefault + description: |- + cloudLoadBalancerConfig holds configuration related to DNS and cloud + load balancers. It allows configuration of in-cluster DNS as an alternative + to the platform default DNS implementation. + When using the ClusterHosted DNS type, Load Balancer IP addresses + must be provided for the API and internal API load balancers as well as the + ingress load balancer. + properties: + clusterHosted: + description: |- + clusterHosted holds the IP addresses of API, API-Int and Ingress Load + Balancers on Cloud Platforms. The DNS solution hosted within the cluster + use these IP addresses to provide resolution for API, API-Int and Ingress + services. + properties: + apiIntLoadBalancerIPs: + description: |- + apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service. + These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses. + Entries in the apiIntLoadBalancerIPs must be unique. + A maximum of 16 IP addresses are permitted. + format: ip + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 16 + type: array + x-kubernetes-list-type: set + apiLoadBalancerIPs: + description: |- + apiLoadBalancerIPs holds Load Balancer IPs for the API service. + These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses. + Could be empty for private clusters. + Entries in the apiLoadBalancerIPs must be unique. + A maximum of 16 IP addresses are permitted. + format: ip + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 16 + type: array + x-kubernetes-list-type: set + ingressLoadBalancerIPs: + description: |- + ingressLoadBalancerIPs holds IPs for Ingress Load Balancers. + These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses. + Entries in the ingressLoadBalancerIPs must be unique. + A maximum of 16 IP addresses are permitted. + format: ip + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 16 + type: array + x-kubernetes-list-type: set + type: object + dnsType: + default: PlatformDefault + description: |- + dnsType indicates the type of DNS solution in use within the cluster. Its default value of + `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform. + It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode, + the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed. + The cluster's use of the cloud's Load Balancers is unaffected by this setting. + The value is immutable after it has been set at install time. + Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS. + Enabling this functionality allows the user to start their own DNS solution outside the cluster after + installation is complete. The customer would be responsible for configuring this custom DNS solution, + and it can be run in addition to the in-cluster DNS solution. + enum: + - ClusterHosted + - PlatformDefault + type: string + x-kubernetes-validations: + - message: dnsType is immutable + rule: oldSelf == '' || self == oldSelf + type: object + x-kubernetes-validations: + - message: clusterHosted is permitted only when dnsType is + ClusterHosted + rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted'' + ? !has(self.clusterHosted) : true' cloudName: description: |- cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml index de1a68c90a..7d1ecbc19b 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-DevPreviewNoUpgrade.crd.yaml @@ -1127,6 +1127,8 @@ spec: and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster. + The 'HighlyAvailableArbiter' mode indicates that the control plane will consist of 2 control-plane nodes + that run conventional services and 1 smaller sized arbiter node that runs a bare minimum of services to maintain quorum. enum: - HighlyAvailable - HighlyAvailableArbiter diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml index 245bc3ea63..b107d7e44c 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml @@ -828,6 +828,17 @@ spec: - topology - zone type: object + x-kubernetes-validations: + - message: when zoneAffinity type is HostGroup, regionAffinity + type must be ComputeCluster + rule: 'has(self.zoneAffinity) && self.zoneAffinity.type + == ''HostGroup'' ? has(self.regionAffinity) && self.regionAffinity.type + == ''ComputeCluster'' : true' + - message: when zoneAffinity type is ComputeCluster, regionAffinity + type must be Datacenter + rule: 'has(self.zoneAffinity) && self.zoneAffinity.type + == ''ComputeCluster'' ? has(self.regionAffinity) && + self.regionAffinity.type == ''Datacenter'' : true' type: array x-kubernetes-list-map-keys: - name @@ -1050,10 +1061,13 @@ spec: and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster. + The 'HighlyAvailableArbiter' mode indicates that the control plane will consist of 2 control-plane nodes + that run conventional services and 1 smaller sized arbiter node that runs a bare minimum of services to maintain quorum. enum: - HighlyAvailable - HighlyAvailableArbiter - SingleReplica + - DualReplica - External type: string cpuPartitioning: @@ -1259,6 +1273,109 @@ spec: description: armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack. type: string + cloudLoadBalancerConfig: + default: + dnsType: PlatformDefault + description: |- + cloudLoadBalancerConfig holds configuration related to DNS and cloud + load balancers. It allows configuration of in-cluster DNS as an alternative + to the platform default DNS implementation. + When using the ClusterHosted DNS type, Load Balancer IP addresses + must be provided for the API and internal API load balancers as well as the + ingress load balancer. + properties: + clusterHosted: + description: |- + clusterHosted holds the IP addresses of API, API-Int and Ingress Load + Balancers on Cloud Platforms. The DNS solution hosted within the cluster + use these IP addresses to provide resolution for API, API-Int and Ingress + services. + properties: + apiIntLoadBalancerIPs: + description: |- + apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service. + These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses. + Entries in the apiIntLoadBalancerIPs must be unique. + A maximum of 16 IP addresses are permitted. + format: ip + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 16 + type: array + x-kubernetes-list-type: set + apiLoadBalancerIPs: + description: |- + apiLoadBalancerIPs holds Load Balancer IPs for the API service. + These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses. + Could be empty for private clusters. + Entries in the apiLoadBalancerIPs must be unique. + A maximum of 16 IP addresses are permitted. + format: ip + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 16 + type: array + x-kubernetes-list-type: set + ingressLoadBalancerIPs: + description: |- + ingressLoadBalancerIPs holds IPs for Ingress Load Balancers. + These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses. + Entries in the ingressLoadBalancerIPs must be unique. + A maximum of 16 IP addresses are permitted. + format: ip + items: + description: IP is an IP address (for example, "10.0.0.0" + or "fd00::"). + maxLength: 39 + minLength: 1 + type: string + x-kubernetes-validations: + - message: value must be a valid IP address + rule: isIP(self) + maxItems: 16 + type: array + x-kubernetes-list-type: set + type: object + dnsType: + default: PlatformDefault + description: |- + dnsType indicates the type of DNS solution in use within the cluster. Its default value of + `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform. + It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode, + the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed. + The cluster's use of the cloud's Load Balancers is unaffected by this setting. + The value is immutable after it has been set at install time. + Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS. + Enabling this functionality allows the user to start their own DNS solution outside the cluster after + installation is complete. The customer would be responsible for configuring this custom DNS solution, + and it can be run in addition to the in-cluster DNS solution. + enum: + - ClusterHosted + - PlatformDefault + type: string + x-kubernetes-validations: + - message: dnsType is immutable + rule: oldSelf == '' || self == oldSelf + type: object + x-kubernetes-validations: + - message: clusterHosted is permitted only when dnsType is + ClusterHosted + rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted'' + ? !has(self.clusterHosted) : true' cloudName: description: |- cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml index c45b7d6e83..02f367409b 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-TechPreviewNoUpgrade.crd.yaml @@ -1127,6 +1127,8 @@ spec: and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster. + The 'HighlyAvailableArbiter' mode indicates that the control plane will consist of 2 control-plane nodes + that run conventional services and 1 smaller sized arbiter node that runs a bare minimum of services to maintain quorum. enum: - HighlyAvailable - HighlyAvailableArbiter diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index 30b85b78e9..a604d2f634 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -2560,6 +2560,7 @@ func (in *GenericAPIServerConfig) DeepCopy() *GenericAPIServerConfig { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GenericControllerConfig) DeepCopyInto(out *GenericControllerConfig) { *out = *in + out.TypeMeta = in.TypeMeta in.ServingInfo.DeepCopyInto(&out.ServingInfo) out.LeaderElection = in.LeaderElection out.Authentication = in.Authentication diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml index eb7c485e03..84c1443d44 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml @@ -8,6 +8,7 @@ apiservers.config.openshift.io: FeatureGates: - KMSEncryption - KMSEncryptionProvider + - TLSAdherence FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" @@ -144,6 +145,7 @@ clusterversions.config.openshift.io: Category: "" FeatureGates: - ClusterUpdateAcceptRisks + - ClusterUpdatePreflight - ImageStreamImportMode - SignatureStores FilenameOperatorName: cluster-version-operator @@ -204,7 +206,8 @@ dnses.config.openshift.io: CRDName: dnses.config.openshift.io Capability: "" Category: "" - FeatureGates: [] + FeatureGates: + - AWSEuropeanSovereignCloudInstall FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" @@ -370,9 +373,6 @@ infrastructures.config.openshift.io: - AzureDualStackInstall - DualReplica - DyanmicServiceEndpointIBMCloud - - GCPClusterHostedDNSInstall - - HighlyAvailableArbiter - - HighlyAvailableArbiter+DualReplica - NutanixMultiSubnets - OnPremDNSRecords - VSphereHostVMGroupZonal diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index 69fb37c523..4a5346dba8 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -137,7 +137,7 @@ func (GenericAPIServerConfig) SwaggerDoc() map[string]string { } var map_GenericControllerConfig = map[string]string{ - "": "GenericControllerConfig provides information to configure a controller", + "": "GenericControllerConfig provides information to configure a controller\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "servingInfo": "servingInfo is the HTTP serving information for the controller's endpoints", "leaderElection": "leaderElection provides information to elect a leader. Only override this if you have a specific need", "authentication": "authentication allows configuration of authentication for the endpoints", @@ -319,6 +319,7 @@ var map_APIServerSpec = map[string]string{ "additionalCORSAllowedOrigins": "additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth server from JavaScript applications. The values are regular expressions that correspond to the Golang regular expression language.", "encryption": "encryption allows the configuration of encryption of resources at the datastore layer.", "tlsSecurityProfile": "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers.\n\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is the Intermediate profile.", + "tlsAdherence": "tlsAdherence controls if components in the cluster adhere to the TLS security profile configured on this APIServer resource.\n\nValid values are \"LegacyAdheringComponentsOnly\" and \"StrictAllComponents\".\n\nWhen set to \"LegacyAdheringComponentsOnly\", components that already honor the cluster-wide TLS profile continue to do so. Components that do not already honor it continue to use their individual TLS configurations.\n\nWhen set to \"StrictAllComponents\", all components must honor the configured TLS profile unless they have a component-specific TLS configuration that overrides it. This mode is recommended for security-conscious deployments and is required for certain compliance frameworks.\n\nNote: Some components such as Kubelet and IngressController have their own dedicated TLS configuration mechanisms via KubeletConfig and IngressController CRs respectively. When these component-specific TLS configurations are set, they take precedence over the cluster-wide tlsSecurityProfile. When not set, these components fall back to the cluster-wide default.\n\nComponents that encounter an unknown value for tlsAdherence should treat it as \"StrictAllComponents\" and log a warning to ensure forward compatibility while defaulting to the more secure behavior.\n\nThis field is optional. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is LegacyAdheringComponentsOnly.\n\nOnce set, this field may be changed to a different value, but may not be removed.", "audit": "audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster.", } @@ -458,7 +459,7 @@ func (OIDCProvider) SwaggerDoc() map[string]string { var map_PrefixedClaimMapping = map[string]string{ "": "PrefixedClaimMapping configures a claim mapping that allows for an optional prefix.", - "prefix": "prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes.\n\nWhen omitted (\"\"), no prefix is applied to the cluster identity attribute.\n\nExample: if `prefix` is set to \"myoidc:\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\".", + "prefix": "prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes.\n\nWhen omitted or set to an empty string (\"\"), no prefix is applied to the cluster identity attribute. Must not be set to a non-empty value when expression is set.\n\nExample: if `prefix` is set to \"myoidc:\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\".", } func (PrefixedClaimMapping) SwaggerDoc() map[string]string { @@ -466,8 +467,9 @@ func (PrefixedClaimMapping) SwaggerDoc() map[string]string { } var map_TokenClaimMapping = map[string]string{ - "": "TokenClaimMapping allows specifying a JWT token claim to be used when mapping claims from an authentication token to cluster identities.", - "claim": "claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping.", + "": "TokenClaimMapping allows specifying a JWT token claim to be used when mapping claims from an authentication token to cluster identities.", + "claim": "claim is an optional field for specifying the JWT token claim that is used in the mapping. The value of this claim will be assigned to the field in which this mapping is associated. claim must not exceed 256 characters in length. When set to the empty string `\"\"`, this means that no named claim should be used for the group mapping. claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled.", + "expression": "expression is an optional CEL expression used to derive group values from JWT claims.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length .\n\nWhen specified, claim must not be set or be explicitly set to the empty string (`\"\"`).", } func (TokenClaimMapping) SwaggerDoc() map[string]string { @@ -546,8 +548,9 @@ func (TokenUserValidationRule) SwaggerDoc() map[string]string { } var map_UsernameClaimMapping = map[string]string{ - "claim": "claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping.\n\nclaim must not be an empty string (\"\") and must not exceed 256 characters.", - "prefixPolicy": "prefixPolicy is an optional field that configures how a prefix should be applied to the value of the JWT claim specified in the 'claim' field.\n\nAllowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string).\n\nWhen set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim.\n\nThe prefix field must be set when prefixPolicy is 'Prefix'.\n\nWhen set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim.\n\nWhen omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'.\n\nAs an example, consider the following scenario:\n\n `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`,\n the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\",\n and `claim` is set to:\n - \"username\": the mapped value will be \"https://myoidc.tld#userA\"\n - \"email\": the mapped value will be \"userA@myoidc.tld\"", + "claim": "claim is an optional field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. When the ExternalOIDCWithUpstreamParity feature gate is enabled, claim must not be set when expression is set.\n\nclaim must not be an empty string (\"\") and must not exceed 256 characters.", + "expression": "expression is an optional CEL expression used to derive the username from JWT claims.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length. expression must not be set when claim is set.", + "prefixPolicy": "prefixPolicy is an optional field that configures how a prefix should be applied to the value of the JWT claim specified in the 'claim' field.\n\nAllowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string).\n\nWhen set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim. The prefix field must be set when prefixPolicy is 'Prefix'. Must not be set to 'Prefix' when expression is set. When set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim. When omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'.\n\nAs an example, consider the following scenario:\n\n `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`,\n the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\",\n and `claim` is set to:\n - \"username\": the mapped value will be \"https://myoidc.tld#userA\"\n - \"email\": the mapped value will be \"userA@myoidc.tld\"", "prefix": "prefix configures the prefix that should be prepended to the value of the JWT claim.\n\nprefix must be set when prefixPolicy is set to 'Prefix' and must be unset otherwise.", } @@ -915,6 +918,7 @@ var map_Update = map[string]string{ "image": "image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. When image is set, architecture cannot be specified. If both version and image are set, the version extracted from the referenced image must match the specified version.", "force": "force allows an administrator to update to an image that has failed verification or upgradeable checks that are designed to keep your cluster safe. Only use this if: * you are testing unsigned release images in short-lived test clusters or * you are working around a known bug in the cluster-version\n operator and you have verified the authenticity of the provided\n image yourself.\nThe provided image will run with full administrative access to the cluster. Do not use this flag with images that come from unknown or potentially malicious sources.", "acceptRisks": "acceptRisks is an optional set of names of conditional update risks that are considered acceptable. A conditional update is performed only if all of its risks are acceptable. This list may contain entries that apply to current, previous or future updates. The entries therefore may not map directly to a risk in .status.conditionalUpdateRisks. acceptRisks must not contain more than 1000 entries. Entries in this list must be unique.", + "mode": "mode determines how an update should be processed. The only valid value is \"Preflight\". When omitted, the cluster performs a normal update by applying the specified version or image to the cluster. This is the standard update behavior. When set to \"Preflight\", the cluster runs compatibility checks against the target release without performing an actual update. Compatibility results, including any detected risks, are reported in status.conditionalUpdates and status.conditionalUpdateRisks alongside risks from the update recommendation service. This allows administrators to assess update readiness and address issues before committing to the update. Preflight mode is particularly useful for skip-level updates where upgrade compatibility needs to be verified across multiple minor versions. When mode is set to \"Preflight\", the same rules for version, image, and architecture apply as for normal updates.", } func (Update) SwaggerDoc() map[string]string { @@ -984,7 +988,7 @@ func (ConsoleStatus) SwaggerDoc() map[string]string { var map_AWSDNSSpec = map[string]string{ "": "AWSDNSSpec contains DNS configuration specific to the Amazon Web Services cloud provider.", - "privateZoneIAMRole": "privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed.", + "privateZoneIAMRole": "privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed.\n\nThe ARN must follow the format: arn::iam:::role/, where: is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc), is a 12-digit numeric identifier for the AWS account, is the IAM role name.", } func (AWSDNSSpec) SwaggerDoc() map[string]string { @@ -1750,7 +1754,7 @@ var map_InfrastructureStatus = map[string]string{ "etcdDiscoveryDomain": "etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.", "apiServerURL": "apiServerURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerURL can be used by components like the web console to tell users where to find the Kubernetes API.", "apiServerInternalURI": "apiServerInternalURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components like kubelets, to contact the Kubernetes API server using the infrastructure provider rather than Kubernetes networking.", - "controlPlaneTopology": "controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster.", + "controlPlaneTopology": "controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster. The 'HighlyAvailableArbiter' mode indicates that the control plane will consist of 2 control-plane nodes that run conventional services and 1 smaller sized arbiter node that runs a bare minimum of services to maintain quorum.", "infrastructureTopology": "infrastructureTopology expresses the expectations for infrastructure services that do not run on control plane nodes, usually indicated by a node selector for a `role` value other than `master`. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation NOTE: External topology mode is not applicable for this field.", "cpuPartitioning": "cpuPartitioning expresses if CPU partitioning is a currently enabled feature in the cluster. CPU Partitioning means that this cluster can support partitioning workloads to specific CPU Sets. Valid values are \"None\" and \"AllNodes\". When omitted, the default value is \"None\". The default value of \"None\" indicates that no nodes will be setup with CPU partitioning. The \"AllNodes\" value indicates that all nodes have been setup with CPU partitioning, and can then be further configured via the PerformanceProfile API.", } diff --git a/vendor/github.com/openshift/api/config/v1alpha1/register.go b/vendor/github.com/openshift/api/config/v1alpha1/register.go index c909624950..1d84b71079 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/register.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/register.go @@ -36,12 +36,10 @@ func addKnownTypes(scheme *runtime.Scheme) error { &InsightsDataGatherList{}, &Backup{}, &BackupList{}, - &ImagePolicy{}, - &ImagePolicyList{}, - &ClusterImagePolicy{}, - &ClusterImagePolicyList{}, &CRIOCredentialProviderConfig{}, &CRIOCredentialProviderConfigList{}, + &PKI{}, + &PKIList{}, ) metav1.AddToGroupVersion(scheme, GroupVersion) return nil diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go deleted file mode 100644 index e8d7603d7b..0000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go +++ /dev/null @@ -1,80 +0,0 @@ -package v1alpha1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ClusterImagePolicy holds cluster-wide configuration for image signature verification -// -// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. -// +kubebuilder:object:root=true -// +kubebuilder:resource:path=clusterimagepolicies,scope=Cluster -// +kubebuilder:subresource:status -// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1457 -// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 -// +openshift:enable:FeatureGate=SigstoreImageVerification -// +openshift:compatibility-gen:level=4 -type ClusterImagePolicy struct { - metav1.TypeMeta `json:",inline"` - - // metadata is the standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - metav1.ObjectMeta `json:"metadata,omitempty"` - - // spec contains the configuration for the cluster image policy. - // +required - Spec ClusterImagePolicySpec `json:"spec"` - // status contains the observed state of the resource. - // +optional - Status ClusterImagePolicyStatus `json:"status,omitempty"` -} - -// CLusterImagePolicySpec is the specification of the ClusterImagePolicy custom resource. -type ClusterImagePolicySpec struct { - // scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the "Docker Registry HTTP API V2". - // Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). - // More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository - // namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). - // Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. - // If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. - // In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories - // quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. - // If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. - // For additional details about the format, please refer to the document explaining the docker transport field, - // which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker - // +required - // +kubebuilder:validation:MaxItems=256 - // +listType=set - Scopes []ImageScope `json:"scopes"` - // policy contains configuration to allow scopes to be verified, and defines how - // images not matching the verification policy will be treated. - // +required - Policy ImageSigstoreVerificationPolicy `json:"policy"` -} - -// +k8s:deepcopy-gen=true -type ClusterImagePolicyStatus struct { - // conditions provide details on the status of this API Resource. - // +listType=map - // +listMapKey=type - // +optional - Conditions []metav1.Condition `json:"conditions,omitempty"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ClusterImagePolicyList is a list of ClusterImagePolicy resources -// -// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. -// +openshift:compatibility-gen:level=4 -type ClusterImagePolicyList struct { - metav1.TypeMeta `json:",inline"` - - // metadata is the standard list's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - metav1.ListMeta `json:"metadata"` - - Items []ClusterImagePolicy `json:"items"` -} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go index e72f537f99..08eaca29f3 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go @@ -89,6 +89,19 @@ type ClusterMonitoringSpec struct { // The current default value is `DefaultConfig`. // +optional AlertmanagerConfig AlertmanagerConfig `json:"alertmanagerConfig,omitempty,omitzero"` + // prometheusConfig provides configuration options for the default platform Prometheus instance + // that runs in the `openshift-monitoring` namespace. This configuration applies only to the + // platform Prometheus instance; user-workload Prometheus instances are configured separately. + // + // This field allows you to customize how the platform Prometheus is deployed and operated, including: + // - Pod scheduling (node selectors, tolerations, topology spread constraints) + // - Resource allocation (CPU, memory requests/limits) + // - Retention policies (how long metrics are stored) + // - External integrations (remote write, additional alertmanagers) + // + // This field is optional. When omitted, the platform chooses reasonable defaults, which may change over time. + // +optional + PrometheusConfig PrometheusConfig `json:"prometheusConfig,omitempty,omitzero"` // metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. // Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. @@ -107,6 +120,101 @@ type ClusterMonitoringSpec struct { // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. // +optional PrometheusOperatorAdmissionWebhookConfig PrometheusOperatorAdmissionWebhookConfig `json:"prometheusOperatorAdmissionWebhookConfig,omitempty,omitzero"` + // openShiftStateMetricsConfig is an optional field that can be used to configure the openshift-state-metrics + // agent that runs in the openshift-monitoring namespace. The openshift-state-metrics agent generates metrics + // about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // +optional + OpenShiftStateMetricsConfig OpenShiftStateMetricsConfig `json:"openShiftStateMetricsConfig,omitempty,omitzero"` + // telemeterClientConfig is an optional field that can be used to configure the Telemeter Client + // component that runs in the openshift-monitoring namespace. The Telemeter Client collects + // selected monitoring metrics and forwards them to Red Hat for telemetry purposes. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // When set, at least one field must be specified within telemeterClientConfig. + // +optional + TelemeterClientConfig TelemeterClientConfig `json:"telemeterClientConfig,omitempty,omitzero"` + // thanosQuerierConfig is an optional field that can be used to configure the Thanos Querier + // component that runs in the openshift-monitoring namespace. The Thanos Querier provides + // a global query view by aggregating and deduplicating metrics from multiple Prometheus instances. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The current default deploys the Thanos Querier on linux nodes with 5m CPU and 12Mi memory + // requests, and no custom tolerations or topology spread constraints. + // When set, at least one field must be specified within thanosQuerierConfig. + // +optional + ThanosQuerierConfig ThanosQuerierConfig `json:"thanosQuerierConfig,omitempty,omitzero"` +} + +// OpenShiftStateMetricsConfig provides configuration options for the openshift-state-metrics agent +// that runs in the `openshift-monitoring` namespace. The openshift-state-metrics agent generates +// metrics about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments. +// +kubebuilder:validation:MinProperties=1 +type OpenShiftStateMetricsConfig struct { + // nodeSelector defines the nodes on which the Pods are scheduled. + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries. + // +optional + // +kubebuilder:validation:MinProperties=1 + // +kubebuilder:validation:MaxProperties=10 + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // resources defines the compute resource requests and limits for the openshift-state-metrics container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // This field is optional. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // This is a simplified API that maps to Kubernetes ResourceRequirements. + // The current default values are: + // resources: + // - name: cpu + // request: 1m + // limit: null + // - name: memory + // request: 32Mi + // limit: null + // Maximum length for this list is 5. + // Minimum length for this list is 1. + // Each resource name must be unique within this list. + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=5 + // +kubebuilder:validation:MinItems=1 + Resources []ContainerResource `json:"resources,omitempty"` + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Defaults are empty/unset. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=atomic + // +optional + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // topologySpreadConstraints defines rules for how openshift-state-metrics Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Default is empty list. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + // +optional + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` } // UserDefinedMonitoring config for user-defined projects. @@ -196,13 +304,13 @@ type AlertmanagerCustomConfig struct { // - name: memory // request: 40Mi // limit: null - // Maximum length for this list is 10. + // Maximum length for this list is 5. // Minimum length for this list is 1. // Each resource name must be unique within this list. // +optional // +listType=map // +listMapKey=name - // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MaxItems=5 // +kubebuilder:validation:MinItems=1 Resources []ContainerResource `json:"resources,omitempty"` // secrets defines a list of secrets that need to be mounted into the Alertmanager. @@ -258,14 +366,12 @@ type AlertmanagerCustomConfig struct { // +listMapKey=whenUnsatisfiable // +optional TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` - // volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to - // configure the persistent volume claim, including storage class, volume - // size, and name. + // volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to + // configure the persistent volume claim, including storage class and volume size. // If omitted, the Pod uses ephemeral storage and alert data will not persist // across restarts. - // This field is optional. // +optional - VolumeClaimTemplate *v1.PersistentVolumeClaim `json:"volumeClaimTemplate,omitempty"` + VolumeClaimTemplate *v1.PersistentVolumeClaim `json:"volumeClaimTemplate,omitempty,omitzero"` } // AlertManagerDeployMode defines the deployment state of the platform Alertmanager instance. @@ -286,22 +392,29 @@ const ( AlertManagerDeployModeCustomConfig AlertManagerDeployMode = "CustomConfig" ) -// logLevel defines the verbosity of logs emitted by Alertmanager. +// LogLevel defines the verbosity of logs emitted by Alertmanager. // Valid values are Error, Warn, Info and Debug. // +kubebuilder:validation:Enum=Error;Warn;Info;Debug type LogLevel string const ( - // Error only errors will be logged. + // LogLevelError only errors will be logged. LogLevelError LogLevel = "Error" - // Warn, both warnings and errors will be logged. + // LogLevelWarn, both warnings and errors will be logged. LogLevelWarn LogLevel = "Warn" - // Info, general information, warnings, and errors will all be logged. + // LogLevelInfo, general information, warnings, and errors will all be logged. LogLevelInfo LogLevel = "Info" - // Debug, detailed debugging information will be logged. + // LogLevelDebug, detailed debugging information will be logged. LogLevelDebug LogLevel = "Debug" ) +// MaxItems on []ContainerResource fields is kept at 5 to stay within the +// Kubernetes CRD CEL validation cost budget (StaticEstimatedCRDCostLimit). +// The quantity() CEL function has a high fixed estimated cost per invocation, +// and the limit-vs-request comparison rule is costed per maxItems per location. +// With multiple structs in ClusterMonitoringSpec embedding []ContainerResource, +// maxItems > 5 causes the total estimated rule cost to exceed the budget. + // ContainerResource defines a single resource requirement for a container. // +kubebuilder:validation:XValidation:rule="has(self.request) || has(self.limit)",message="at least one of request or limit must be set" // +kubebuilder:validation:XValidation:rule="!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) >= 0",message="limit must be greater than or equal to request" @@ -318,11 +431,12 @@ type ContainerResource struct { // request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). // This field is optional. // When limit is specified, request cannot be greater than limit. + // The value must be greater than 0 when specified. // +optional // +kubebuilder:validation:XIntOrString // +kubebuilder:validation:MaxLength=20 // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:XValidation:rule="isQuantity(self) && quantity(self).isGreaterThan(quantity('0'))",message="request must be a positive, non-zero quantity" + // +kubebuilder:validation:XValidation:rule="quantity(self).isGreaterThan(quantity('0'))",message="request must be a positive, non-zero quantity" Request resource.Quantity `json:"request,omitempty"` // limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). @@ -333,7 +447,7 @@ type ContainerResource struct { // +kubebuilder:validation:XIntOrString // +kubebuilder:validation:MaxLength=20 // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:XValidation:rule="isQuantity(self) && quantity(self).isGreaterThan(quantity('0'))",message="limit must be a positive, non-zero quantity" + // +kubebuilder:validation:XValidation:rule="quantity(self).isGreaterThan(quantity('0'))",message="limit must be a positive, non-zero quantity" Limit resource.Quantity `json:"limit,omitempty"` } @@ -401,13 +515,13 @@ type MetricsServerConfig struct { // - name: memory // request: 40Mi // limit: null - // Maximum length for this list is 10. + // Maximum length for this list is 5. // Minimum length for this list is 1. // Each resource name must be unique within this list. // +optional // +listType=map // +listMapKey=name - // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MaxItems=5 // +kubebuilder:validation:MinItems=1 Resources []ContainerResource `json:"resources,omitempty"` // topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed @@ -472,13 +586,13 @@ type PrometheusOperatorConfig struct { // - name: memory // request: 40Mi // limit: null - // Maximum length for this list is 10. + // Maximum length for this list is 5. // Minimum length for this list is 1. // Each resource name must be unique within this list. // +optional // +listType=map // +listMapKey=name - // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MaxItems=5 // +kubebuilder:validation:MinItems=1 Resources []ContainerResource `json:"resources,omitempty"` // tolerations defines tolerations for the pods. @@ -536,13 +650,13 @@ type PrometheusOperatorAdmissionWebhookConfig struct { // - name: memory // request: 30Mi // limit: null - // Maximum length for this list is 10. + // Maximum length for this list is 5. // Minimum length for this list is 1. // Each resource name must be unique within this list. // +optional // +listType=map // +listMapKey=name - // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MaxItems=5 // +kubebuilder:validation:MinItems=1 Resources []ContainerResource `json:"resources,omitempty"` // topologySpreadConstraints defines rules for how admission webhook Pods should be distributed @@ -566,34 +680,1286 @@ type PrometheusOperatorAdmissionWebhookConfig struct { TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` } -// AuditProfile defines the audit log level for the Metrics Server. -// +kubebuilder:validation:Enum=None;Metadata;Request;RequestResponse -type AuditProfile string +// PrometheusConfig provides configuration options for the Prometheus instance. +// Use this configuration to control +// Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations. +// +kubebuilder:validation:MinProperties=1 +type PrometheusConfig struct { + // additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from + // the Prometheus component. This is useful for organizations that need to: + // - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks) + // - Route different types of alerts to different teams or systems + // - Integrate with existing enterprise alerting infrastructure + // - Maintain separate alert routing for compliance or organizational requirements + // When omitted, no additional Alertmanager instances are configured (default behavior). + // When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + // Entries must have unique names (name is the list key). + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +listType=map + // +listMapKey=name + AdditionalAlertmanagerConfigs []AdditionalAlertmanagerConfig `json:"additionalAlertmanagerConfigs,omitempty"` + // enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. + // If a scraped target's body response is larger than the limit, the scrape will fail. + // This helps protect Prometheus from targets that return excessively large responses. + // The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). + // When omitted, the Cluster Monitoring Operator automatically calculates an appropriate + // limit based on cluster capacity. Set an explicit value to override the automatic calculation. + // Minimum value is 10240 (10kB). + // Maximum value is 1073741824 (1GB). + // +kubebuilder:validation:Minimum=10240 + // +kubebuilder:validation:Maximum=1073741824 + // +optional + EnforcedBodySizeLimitBytes int64 `json:"enforcedBodySizeLimitBytes,omitempty"` + // externalLabels defines labels to be attached to time series and alerts + // when communicating with external systems such as federation, remote storage, + // and Alertmanager. These labels are not stored with metrics on disk; they are + // only added when data leaves Prometheus (e.g., during federation queries, + // remote write, or alert notifications). + // At least 1 label must be specified when set, with a maximum of 50 labels allowed. + // Each label key must be unique within this list. + // When omitted, no external labels are applied. + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=50 + // +listType=map + // +listMapKey=key + ExternalLabels []Label `json:"externalLabels,omitempty"` + // logLevel defines the verbosity of logs emitted by Prometheus. + // This field allows users to control the amount and severity of logs generated, which can be useful + // for debugging issues or reducing noise in production environments. + // Allowed values are Error, Warn, Info, and Debug. + // When set to Error, only errors will be logged. + // When set to Warn, both warnings and errors will be logged. + // When set to Info, general information, warnings, and errors will all be logged. + // When set to Debug, detailed debugging information will be logged. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + // The current default value is `Info`. + // +optional + LogLevel LogLevel `json:"logLevel,omitempty"` + // nodeSelector defines the nodes on which the Pods are scheduled. + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // When specified, nodeSelector must contain at least one key-value pair (minimum of 1) + // and must not contain more than 10 entries. + // +optional + // +kubebuilder:validation:MinProperties=1 + // +kubebuilder:validation:MaxProperties=10 + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // queryLogFile specifies the file to which PromQL queries are logged. + // This setting can be either a filename, in which + // case the queries are saved to an `emptyDir` volume + // at `/var/log/prometheus`, or a full path to a location where + // an `emptyDir` volume will be mounted and the queries saved. + // Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but + // writing to any other `/dev/` path is not supported. Relative paths are + // also not supported. + // By default, PromQL queries are not logged. + // Must be an absolute path starting with `/` or a simple filename without path separators. + // Must not contain consecutive slashes, end with a slash, or include '..' path traversal. + // Must contain only alphanumeric characters, '.', '_', '-', or '/'. + // Must be between 1 and 255 characters in length. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9._/-]+$')",message="must contain only alphanumeric characters, '.', '_', '-', or '/'" + // +kubebuilder:validation:XValidation:rule="self.startsWith('/') || !self.contains('/')",message="must be an absolute path starting with '/' or a simple filename without '/'" + // +kubebuilder:validation:XValidation:rule="!self.startsWith('/dev/') || self in ['/dev/stdout', '/dev/stderr', '/dev/null']",message="only /dev/stdout, /dev/stderr, and /dev/null are allowed as /dev/ paths" + // +kubebuilder:validation:XValidation:rule="!self.contains('//') && !self.endsWith('/') && !self.contains('..')",message="must not contain '//', end with '/', or contain '..'" + QueryLogFile string `json:"queryLogFile,omitempty"` + // remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. + // Remote write allows Prometheus to send metrics it collects to external long-term storage systems. + // When omitted, no remote write endpoints are configured. + // When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + // Entries must have unique names (name is the list key). + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +listType=map + // +listMapKey=name + // +optional + RemoteWrite []RemoteWriteSpec `json:"remoteWrite,omitempty"` + // resources defines the compute resource requests and limits for the Prometheus container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // This field is optional. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // This is a simplified API that maps to Kubernetes ResourceRequirements. + // The current default values are: + // resources: + // - name: cpu + // request: 4m + // limit: null + // - name: memory + // request: 40Mi + // limit: null + // Maximum length for this list is 5. + // Minimum length for this list is 1. + // Each resource name must be unique within this list. + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=5 + // +kubebuilder:validation:MinItems=1 + Resources []ContainerResource `json:"resources,omitempty"` + // retention configures how long Prometheus retains metrics data and how much storage it can use. + // When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit). + // +optional + Retention Retention `json:"retention,omitempty,omitzero"` + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Defaults are empty/unset. + // Maximum length for this list is 10 + // Minimum length for this list is 1 + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=atomic + // +optional + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // topologySpreadConstraints defines rules for how Prometheus Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Default is empty list. + // Maximum length for this list is 10. + // Minimum length for this list is 1 + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + // +optional + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` + // collectionProfile defines the metrics collection profile that Prometheus uses to collect + // metrics from the platform components. Supported values are `Full` or + // `Minimal`. In the `Full` profile (default), Prometheus collects all + // metrics that are exposed by the platform components. In the `Minimal` + // profile, Prometheus only collects metrics necessary for the default + // platform alerts, recording rules, telemetry and console dashboards. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is `Full`. + // +optional + CollectionProfile CollectionProfile `json:"collectionProfile,omitempty"` + // volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to + // configure the persistent volume claim, including storage class and volume size. + // If omitted, the Pod uses ephemeral storage and Prometheus data will not persist + // across restarts. + // +optional + VolumeClaimTemplate *v1.PersistentVolumeClaim `json:"volumeClaimTemplate,omitempty,omitzero"` +} + +// AlertmanagerScheme defines the URL scheme to use when communicating with Alertmanager instances. +// +kubebuilder:validation:Enum=HTTP;HTTPS +type AlertmanagerScheme string const ( - // AuditProfileNone disables audit logging - AuditProfileNone AuditProfile = "None" - // AuditProfileMetadata logs request metadata (requesting user, timestamp, resource, verb, etc.) but not request or response body - AuditProfileMetadata AuditProfile = "Metadata" - // AuditProfileRequest logs event metadata and request body but not response body - AuditProfileRequest AuditProfile = "Request" - // AuditProfileRequestResponse logs event metadata, request and response bodies - AuditProfileRequestResponse AuditProfile = "RequestResponse" + AlertmanagerSchemeHTTP AlertmanagerScheme = "HTTP" + AlertmanagerSchemeHTTPS AlertmanagerScheme = "HTTPS" ) -// VerbosityLevel defines the verbosity of log messages for Metrics Server. -// +kubebuilder:validation:Enum=Errors;Info;Trace;TraceAll -type VerbosityLevel string +// AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. +// The `AdditionalAlertmanagerConfig` resource defines settings for how a +// component communicates with additional Alertmanager instances. +type AdditionalAlertmanagerConfig struct { + // name is a unique identifier for this Alertmanager configuration entry. + // The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, + // hyphens, or periods, and must start and end with an alphanumeric character. + // Minimum length is 1 character (empty string is invalid). + // Maximum length is 253 characters. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." + // +required + Name string `json:"name,omitempty"` + // authorization configures the authentication method for Alertmanager connections. + // Supports bearer token authentication. When omitted, no authentication is used. + // +optional + Authorization AuthorizationConfig `json:"authorization,omitempty,omitzero"` + // pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. + // For example, if your Alertmanager is behind a reverse proxy at "/alertmanager/", + // set this to "/alertmanager" so requests go to "/alertmanager/api/v1/alerts" instead of "/api/v1/alerts". + // This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. + // When no prefix is needed, omit this field; do not set it to "/" as that would produce paths with double slashes (e.g. "//api/v1/alerts"). + // Must start with "/", must not end with "/", and must not be exactly "/". + // Must not contain query strings ("?") or fragments ("#"). + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:MinLength=2 + // +kubebuilder:validation:XValidation:rule="self.startsWith('/')",message="pathPrefix must start with '/'" + // +kubebuilder:validation:XValidation:rule="!self.endsWith('/')",message="pathPrefix must not end with '/'" + // +kubebuilder:validation:XValidation:rule="self != '/'",message="pathPrefix must not be '/' (would produce double slashes in request path); omit for no prefix" + // +kubebuilder:validation:XValidation:rule="!self.contains('?') && !self.contains('#')",message="pathPrefix must not contain '?' or '#'" + // +optional + PathPrefix string `json:"pathPrefix,omitempty"` + // scheme defines the URL scheme to use when communicating with Alertmanager + // instances. + // Possible values are `HTTP` or `HTTPS`. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The current default value is `HTTP`. + // +optional + Scheme AlertmanagerScheme `json:"scheme,omitempty"` + // staticConfigs is a list of statically configured Alertmanager endpoints in the form + // of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address + // (in brackets) followed by a colon and a valid port number (1-65535). + // Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" + // At least one endpoint must be specified (minimum 1, maximum 10 endpoints). + // Each entry must be unique and non-empty (empty string is invalid). + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:items:MinLength=1 + // +kubebuilder:validation:items:MaxLength=255 + // +kubebuilder:validation:items:XValidation:rule="isURL('http://' + self) && size(url('http://' + self).getHostname()) > 0 && size(url('http://' + self).getPort()) > 0 && int(url('http://' + self).getPort()) >= 1 && int(url('http://' + self).getPort()) <= 65535",message="must be a valid 'host:port' where host is a DNS name, IPv4, or IPv6 address (in brackets), and port is 1-65535" + // +listType=set + // +required + StaticConfigs []string `json:"staticConfigs,omitempty"` + // timeoutSeconds defines the timeout in seconds for requests to Alertmanager. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Currently the default is 10 seconds. + // Minimum value is 1 second. + // Maximum value is 600 seconds (10 minutes). + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=600 + // +optional + TimeoutSeconds int32 `json:"timeoutSeconds,omitempty"` + // tlsConfig defines the TLS settings to use for Alertmanager connections. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // +optional + TLSConfig TLSConfig `json:"tlsConfig,omitempty,omitzero"` +} + +// Label represents a key/value pair for external labels. +type Label struct { + // key is the name of the label. + // Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MaxLength=128 + // +kubebuilder:validation:MinLength=1 + Key string `json:"key,omitempty"` + // value is the value of the label. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MaxLength=128 + // +kubebuilder:validation:MinLength=1 + Value string `json:"value,omitempty"` +} + +// RemoteWriteSpec represents configuration for remote write endpoints. +type RemoteWriteSpec struct { + // url is the URL of the remote write endpoint. + // Must be a valid URL with http or https scheme and a non-empty hostname. + // Query parameters, fragments, and user information (e.g. user:password@host) are not allowed. + // Empty string is invalid. Must be between 1 and 2048 characters in length. + // +required + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="isURL(self)",message="must be a valid URL" + // +kubebuilder:validation:XValidation:rule="!isURL(self) || url(self).getScheme() == 'http' || url(self).getScheme() == 'https'",message="must use http or https scheme" + // +kubebuilder:validation:XValidation:rule="!isURL(self) || size(url(self).getHostname()) > 0",message="must have a non-empty hostname" + // +kubebuilder:validation:XValidation:rule="!isURL(self) || url(self).getQuery().size() == 0",message="query parameters are not allowed" + // +kubebuilder:validation:XValidation:rule="!self.matches('.*#.*')",message="fragments are not allowed" + // +kubebuilder:validation:XValidation:rule="!self.matches('.*@.*')",message="user information (e.g. user:password@host) is not allowed" + URL string `json:"url,omitempty"` + // name is a required identifier for this remote write configuration (name is the list key for the remoteWrite list). + // This name is used in metrics and logging to differentiate remote write queues. + // Must contain only alphanumeric characters, hyphens, and underscores. + // Must be between 1 and 63 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9_-]+$')",message="must contain only alphanumeric characters, hyphens, and underscores" + Name string `json:"name,omitempty"` + // authorization defines the authorization method for the remote write endpoint. + // When omitted, no authorization is performed. + // When set, type must be one of BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, or ServiceAccount; the corresponding nested config must be set (ServiceAccount has no config). + // +optional + AuthorizationConfig RemoteWriteAuthorization `json:"authorization,omitzero"` + // headers specifies the custom HTTP headers to be sent along with each remote write request. + // Sending custom headers makes the configuration of a proxy in between optional and helps the + // receiver recognize the given source better. + // Clients MAY allow users to send custom HTTP headers; they MUST NOT allow users to configure + // them in such a way as to send reserved headers. Headers set by Prometheus cannot be overwritten. + // When omitted, no custom headers are sent. + // Maximum of 50 headers can be specified. Each header name must be unique. + // Each header name must contain only alphanumeric characters, hyphens, and underscores, and must not be a reserved Prometheus header (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). + // +optional + // +kubebuilder:validation:MinItems=0 + // +kubebuilder:validation:MaxItems=50 + // +kubebuilder:validation:items:XValidation:rule="self.name.matches('^[a-zA-Z0-9_-]+$')",message="header name must contain only alphanumeric characters, hyphens, and underscores" + // +kubebuilder:validation:items:XValidation:rule="!self.name.matches('(?i)^(host|authorization|content-encoding|content-type|x-prometheus-remote-write-version|user-agent|connection|keep-alive|proxy-authenticate|proxy-authorization|www-authenticate)$')",message="header name must not be a reserved Prometheus header (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate)" + // +listType=map + // +listMapKey=name + Headers []PrometheusRemoteWriteHeader `json:"headers,omitempty"` + // metadataConfig configures the sending of series metadata to remote storage. + // When omitted, no metadata is sent. + // When set to sendPolicy: Default, metadata is sent using platform-chosen defaults (e.g. send interval 30 seconds). + // When set to sendPolicy: Custom, metadata is sent using the settings in the custom field (e.g. custom.sendIntervalSeconds). + // +optional + MetadataConfig MetadataConfig `json:"metadataConfig,omitempty,omitzero"` + // proxyUrl defines an optional proxy URL. + // If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. + // The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. + // When omitted, no proxy is used. + // Must be a valid URL with http or https scheme. + // Must be between 1 and 2048 characters in length. + // +optional + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="isURL(self) && (url(self).getScheme() == 'http' || url(self).getScheme() == 'https')",message="must be a valid URL with http or https scheme" + ProxyURL string `json:"proxyUrl,omitempty"` + // queueConfig allows tuning configuration for remote write queue parameters. + // When omitted, default queue configuration is used. + // +optional + QueueConfig QueueConfig `json:"queueConfig,omitempty,omitzero"` + // remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Minimum value is 1 second. + // Maximum value is 600 seconds (10 minutes). + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=600 + RemoteTimeoutSeconds int32 `json:"remoteTimeoutSeconds,omitempty"` + // exemplarsMode controls whether exemplars are sent via remote write. + // Valid values are "Send", "DoNotSend" and omitted. + // When set to "Send", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. + // Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. + // When omitted or set to "DoNotSend", exemplars are not sent. + // +optional + ExemplarsMode ExemplarsMode `json:"exemplarsMode,omitempty"` + // tlsConfig defines TLS authentication settings for the remote write endpoint. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // +optional + TLSConfig TLSConfig `json:"tlsConfig,omitempty,omitzero"` + // writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. + // When omitted, no relabeling is performed and all metrics are sent as-is. + // Minimum of 1 and maximum of 10 relabeling rules can be specified. + // Each rule must have a unique name. + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +listType=map + // +listMapKey=name + WriteRelabelConfigs []RelabelConfig `json:"writeRelabelConfigs,omitempty"` +} + +// PrometheusRemoteWriteHeader defines a custom HTTP header for remote write requests. +// The header name must not be one of the reserved headers set by Prometheus (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). +// Header names must contain only case-insensitive alphanumeric characters, hyphens (-), and underscores (_); other characters (e.g. emoji) are rejected by validation. +// Validation is enforced on the Headers field in RemoteWriteSpec. +type PrometheusRemoteWriteHeader struct { + // name is the HTTP header name. Must not be a reserved header (see type documentation). + // Must contain only alphanumeric characters, hyphens, and underscores; invalid characters are rejected. Must be between 1 and 256 characters. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + Name string `json:"name,omitempty"` + // value is the HTTP header value. Must be at most 4096 characters. + // +required + // +kubebuilder:validation:MinLength=0 + // +kubebuilder:validation:MaxLength=4096 + Value *string `json:"value,omitempty"` +} + +// BasicAuth defines basic authentication settings for the remote write endpoint URL. +type BasicAuth struct { + // username defines the secret reference containing the username for basic authentication. + // The secret must exist in the openshift-monitoring namespace. + // +required + Username SecretKeySelector `json:"username,omitzero,omitempty"` + // password defines the secret reference containing the password for basic authentication. + // The secret must exist in the openshift-monitoring namespace. + // +required + Password SecretKeySelector `json:"password,omitzero,omitempty"` +} + +// RemoteWriteAuthorizationType defines the authorization method for remote write endpoints. +// +kubebuilder:validation:Enum=BearerToken;BasicAuth;OAuth2;SigV4;SafeAuthorization;ServiceAccount +type RemoteWriteAuthorizationType string const ( - // VerbosityLevelErrors means only critical messages and errors are logged. - VerbosityLevelErrors VerbosityLevel = "Errors" - // VerbosityLevelInfo means basic informational messages are logged. - VerbosityLevelInfo VerbosityLevel = "Info" - // VerbosityLevelTrace means extended information useful for general debugging is logged. - VerbosityLevelTrace VerbosityLevel = "Trace" - // VerbosityLevelTraceAll means detailed information about metric scraping operations is logged. - VerbosityLevelTraceAll VerbosityLevel = "TraceAll" + // RemoteWriteAuthorizationTypeBearerToken indicates bearer token from a secret. + RemoteWriteAuthorizationTypeBearerToken RemoteWriteAuthorizationType = "BearerToken" + // RemoteWriteAuthorizationTypeBasicAuth indicates HTTP basic authentication. + RemoteWriteAuthorizationTypeBasicAuth RemoteWriteAuthorizationType = "BasicAuth" + // RemoteWriteAuthorizationTypeOAuth2 indicates OAuth2 client credentials. + RemoteWriteAuthorizationTypeOAuth2 RemoteWriteAuthorizationType = "OAuth2" + // RemoteWriteAuthorizationTypeSigV4 indicates AWS Signature Version 4. + RemoteWriteAuthorizationTypeSigV4 RemoteWriteAuthorizationType = "SigV4" + // RemoteWriteAuthorizationTypeSafeAuthorization indicates authorization from a secret (Prometheus SafeAuthorization pattern). + // The secret key contains the credentials (e.g. a Bearer token). Use the safeAuthorization field. + RemoteWriteAuthorizationTypeSafeAuthorization RemoteWriteAuthorizationType = "SafeAuthorization" + // RemoteWriteAuthorizationTypeServiceAccount indicates use of the pod's service account token for machine identity. + // No additional field is required; the operator configures the token path. + RemoteWriteAuthorizationTypeServiceAccount RemoteWriteAuthorizationType = "ServiceAccount" +) + +// RemoteWriteAuthorization defines the authorization method for a remote write endpoint. +// Exactly one of the nested configs must be set according to the type discriminator. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'BearerToken' ? has(self.bearerToken) : !has(self.bearerToken)",message="bearerToken is required when type is BearerToken, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'BasicAuth' ? has(self.basicAuth) : !has(self.basicAuth)",message="basicAuth is required when type is BasicAuth, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'OAuth2' ? has(self.oauth2) : !has(self.oauth2)",message="oauth2 is required when type is OAuth2, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'SigV4' ? has(self.sigv4) : !has(self.sigv4)",message="sigv4 is required when type is SigV4, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'SafeAuthorization' ? has(self.safeAuthorization) : !has(self.safeAuthorization)",message="safeAuthorization is required when type is SafeAuthorization, and forbidden otherwise" +// +union +type RemoteWriteAuthorization struct { + // type specifies the authorization method to use. + // Allowed values are BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, ServiceAccount. + // + // When set to BearerToken, the bearer token is read from a Secret referenced by the bearerToken field. + // + // When set to BasicAuth, HTTP basic authentication is used; the basicAuth field (username and password from Secrets) must be set. + // + // When set to OAuth2, OAuth2 client credentials flow is used; the oauth2 field (clientId, clientSecret, tokenUrl) must be set. + // + // When set to SigV4, AWS Signature Version 4 is used for authentication; the sigv4 field must be set. + // + // When set to SafeAuthorization, credentials are read from a single Secret key (Prometheus SafeAuthorization pattern). The secret key typically contains a Bearer token. Use the safeAuthorization field. + // + // When set to ServiceAccount, the pod's service account token is used for machine identity. No additional field is required; the operator configures the token path. + // +unionDiscriminator + // +required + Type RemoteWriteAuthorizationType `json:"type,omitempty"` + // safeAuthorization defines the secret reference containing the credentials for authentication (e.g. Bearer token). + // Required when type is "SafeAuthorization", and forbidden otherwise. Maps to Prometheus SafeAuthorization. The secret must exist in the openshift-monitoring namespace. + // +unionMember + // +optional + SafeAuthorization *v1.SecretKeySelector `json:"safeAuthorization,omitempty"` + // bearerToken defines the secret reference containing the bearer token. + // Required when type is "BearerToken", and forbidden otherwise. + // +unionMember + // +optional + BearerToken SecretKeySelector `json:"bearerToken,omitempty,omitzero"` + // basicAuth defines HTTP basic authentication credentials. + // Required when type is "BasicAuth", and forbidden otherwise. + // +unionMember + // +optional + BasicAuth BasicAuth `json:"basicAuth,omitempty,omitzero"` + // oauth2 defines OAuth2 client credentials authentication. + // Required when type is "OAuth2", and forbidden otherwise. + // +unionMember + // +optional + OAuth2 OAuth2 `json:"oauth2,omitempty,omitzero"` + // sigv4 defines AWS Signature Version 4 authentication. + // Required when type is "SigV4", and forbidden otherwise. + // +unionMember + // +optional + Sigv4 Sigv4 `json:"sigv4,omitempty,omitzero"` +} + +// MetadataConfigSendPolicy defines whether to send metadata with platform defaults or with custom settings. +// +kubebuilder:validation:Enum=Default;Custom +type MetadataConfigSendPolicy string + +const ( + // MetadataConfigSendPolicyDefault indicates metadata is sent using platform-chosen defaults (e.g. send interval 30 seconds). + MetadataConfigSendPolicyDefault MetadataConfigSendPolicy = "Default" + // MetadataConfigSendPolicyCustom indicates metadata is sent using the settings in the custom field. + MetadataConfigSendPolicyCustom MetadataConfigSendPolicy = "Custom" +) + +// MetadataConfig defines whether and how to send series metadata to remote write storage. +// +kubebuilder:validation:XValidation:rule="self.sendPolicy == 'Default' ? self.custom.sendIntervalSeconds == 0 : true",message="custom is forbidden when sendPolicy is Default" +type MetadataConfig struct { + // sendPolicy specifies whether to send metadata and how it is configured. + // Default: send metadata using platform-chosen defaults (e.g. send interval 30 seconds). + // Custom: send metadata using the settings in the custom field. + // +required + SendPolicy MetadataConfigSendPolicy `json:"sendPolicy,omitempty"` + // custom defines custom metadata send settings. Required when sendPolicy is Custom (must have at least one property), and forbidden when sendPolicy is Default. + // +optional + Custom MetadataConfigCustom `json:"custom,omitempty,omitzero"` +} + +// MetadataConfigCustom defines custom settings for sending series metadata when sendPolicy is Custom. +// At least one property must be set when sendPolicy is Custom (e.g. sendIntervalSeconds). +// +kubebuilder:validation:MinProperties=1 +type MetadataConfigCustom struct { + // sendIntervalSeconds is the interval in seconds at which metadata is sent. + // When omitted, the platform chooses a reasonable default (e.g. 30 seconds). + // Minimum value is 1 second. Maximum value is 86400 seconds (24 hours). + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=86400 + SendIntervalSeconds int32 `json:"sendIntervalSeconds,omitempty"` +} + +// OAuth2 defines OAuth2 authentication settings for the remote write endpoint. +type OAuth2 struct { + // clientId defines the secret reference containing the OAuth2 client ID. + // The secret must exist in the openshift-monitoring namespace. + // +required + ClientID SecretKeySelector `json:"clientId,omitzero,omitempty"` + // clientSecret defines the secret reference containing the OAuth2 client secret. + // The secret must exist in the openshift-monitoring namespace. + // +required + ClientSecret SecretKeySelector `json:"clientSecret,omitzero,omitempty"` + // tokenUrl is the URL to fetch the token from. + // Must be a valid URL with http or https scheme. + // Must be between 1 and 2048 characters in length. + // +required + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="isURL(self)",message="must be a valid URL" + // +kubebuilder:validation:XValidation:rule="!isURL(self) || url(self).getScheme() == 'http' || url(self).getScheme() == 'https'",message="must use http or https scheme" + TokenURL string `json:"tokenUrl,omitempty"` + // scopes is a list of OAuth2 scopes to request. + // When omitted, no scopes are requested. + // Maximum of 20 scopes can be specified. + // Each scope must be between 1 and 256 characters. + // +optional + // +kubebuilder:validation:MinItems=0 + // +kubebuilder:validation:MaxItems=20 + // +kubebuilder:validation:items:MinLength=1 + // +kubebuilder:validation:items:MaxLength=256 + // +listType=atomic + Scopes []string `json:"scopes,omitempty"` + // endpointParams defines additional parameters to append to the token URL. + // When omitted, no additional parameters are sent. + // Maximum of 20 parameters can be specified. Entries must have unique names (name is the list key). + // +optional + // +kubebuilder:validation:MinItems=0 + // +kubebuilder:validation:MaxItems=20 + // +listType=map + // +listMapKey=name + EndpointParams []OAuth2EndpointParam `json:"endpointParams,omitempty"` +} + +// OAuth2EndpointParam defines a name/value parameter for the OAuth2 token URL. +type OAuth2EndpointParam struct { + // name is the parameter name. Must be between 1 and 256 characters. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + Name string `json:"name,omitempty"` + // value is the optional parameter value. When omitted, the query parameter is applied as ?name (no value). + // When set (including to the empty string), it is applied as ?name=value. Empty string may be used when the + // external system expects a parameter with an empty value (e.g. ?parameter=""). + // Must be between 0 and 2048 characters when present (aligned with common URL length recommendations). + // +optional + // +kubebuilder:validation:MinLength=0 + // +kubebuilder:validation:MaxLength=2048 + Value *string `json:"value,omitempty"` +} + +// QueueConfig allows tuning configuration for remote write queue parameters. +// Configure this when you need to control throughput, backpressure, or retry behavior—for example to avoid overloading the remote endpoint, to reduce memory usage, or to tune for high-cardinality workloads. Consider capacity, maxShards, and batchSendDeadlineSeconds for throughput; minBackoffMilliseconds and maxBackoffMilliseconds for retries; and rateLimitedAction when the remote returns HTTP 429. +// +kubebuilder:validation:MinProperties=1 +type QueueConfig struct { + // capacity is the number of samples to buffer per shard before we start dropping them. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 10000. + // Minimum value is 1. + // Maximum value is 1000000. + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=1000000 + Capacity int32 `json:"capacity,omitempty"` + // maxShards is the maximum number of shards, i.e. amount of concurrency. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 200. + // Minimum value is 1. + // Maximum value is 10000. + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=10000 + MaxShards int32 `json:"maxShards,omitempty"` + // minShards is the minimum number of shards, i.e. amount of concurrency. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 1. + // Minimum value is 1. + // Maximum value is 10000. + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=10000 + MinShards int32 `json:"minShards,omitempty"` + // maxSamplesPerSend is the maximum number of samples per send. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 1000. + // Minimum value is 1. + // Maximum value is 100000. + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=100000 + MaxSamplesPerSend int32 `json:"maxSamplesPerSend,omitempty"` + // batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Minimum value is 1 second. + // Maximum value is 3600 seconds (1 hour). + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=3600 + BatchSendDeadlineSeconds int32 `json:"batchSendDeadlineSeconds,omitempty"` + // minBackoffMilliseconds is the minimum retry delay in milliseconds. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Minimum value is 1 millisecond. + // Maximum value is 3600000 milliseconds (1 hour). + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=3600000 + MinBackoffMilliseconds int32 `json:"minBackoffMilliseconds,omitempty"` + // maxBackoffMilliseconds is the maximum retry delay in milliseconds. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Minimum value is 1 millisecond. + // Maximum value is 3600000 milliseconds (1 hour). + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=3600000 + MaxBackoffMilliseconds int32 `json:"maxBackoffMilliseconds,omitempty"` + // rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). + // When omitted, no retries are performed on rate limit responses. + // When set to "Retry", Prometheus will retry such requests using the backoff settings above. + // Valid value when set is "Retry". + // +optional + RateLimitedAction RateLimitedAction `json:"rateLimitedAction,omitempty"` +} + +// Sigv4 defines AWS Signature Version 4 authentication settings. +// At least one of region, accessKey/secretKey, profile, or roleArn must be set so the platform can perform authentication. +// +kubebuilder:validation:MinProperties=1 +type Sigv4 struct { + // region is the AWS region. + // When omitted, the region is derived from the environment or instance metadata. + // Must be between 1 and 128 characters. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + Region string `json:"region,omitempty"` + // accessKey defines the secret reference containing the AWS access key ID. + // The secret must exist in the openshift-monitoring namespace. + // When omitted, the access key is derived from the environment or instance metadata. + // +optional + AccessKey SecretKeySelector `json:"accessKey,omitempty,omitzero"` + // secretKey defines the secret reference containing the AWS secret access key. + // The secret must exist in the openshift-monitoring namespace. + // When omitted, the secret key is derived from the environment or instance metadata. + // +optional + SecretKey SecretKeySelector `json:"secretKey,omitempty,omitzero"` + // profile is the named AWS profile used to authenticate. + // When omitted, the default profile is used. + // Must be between 1 and 128 characters. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + Profile string `json:"profile,omitempty"` + // roleArn is the AWS Role ARN, an alternative to using AWS API keys. + // When omitted, API keys are used for authentication. + // Must be a valid AWS ARN format (e.g., "arn:aws:iam::123456789012:role/MyRole"). + // Must be between 1 and 512 characters. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=512 + // +kubebuilder:validation:XValidation:rule=`self.startsWith('arn:aws') && self.matches('^arn:aws(-[a-z]+)?:iam::[0-9]{12}:role/.+$')`,message="must be a valid AWS IAM role ARN (e.g., arn:aws:iam::123456789012:role/MyRole)" + RoleArn string `json:"roleArn,omitempty"` +} + +// RelabelConfig represents a relabeling rule. +type RelabelConfig struct { + // name is a unique identifier for this relabel configuration. + // Must contain only alphanumeric characters, hyphens, and underscores. + // Must be between 1 and 63 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9_-]+$')",message="must contain only alphanumeric characters, hyphens, and underscores" + Name string `json:"name,omitempty"` + + // sourceLabels specifies which label names to extract from each series for this relabeling rule. + // The values of these labels are joined together using the configured separator, + // and the resulting string is then matched against the regular expression. + // If a referenced label does not exist on a series, Prometheus substitutes an empty string. + // When omitted, the rule operates without extracting source labels (useful for actions like labelmap). + // Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. + // Each entry must be unique. + // Label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed. + // Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. + // While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set + // ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.). + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:items:MinLength=1 + // +kubebuilder:validation:items:MaxLength=128 + // +kubebuilder:validation:items:XValidation:rule="!self.startsWith('__')",message="label names beginning with '__' (two underscores) are reserved for internal Prometheus use and are not allowed" + // +listType=set + SourceLabels []string `json:"sourceLabels,omitempty"` + + // separator is the character sequence used to join source label values. + // Common examples: ";", ",", "::", "|||". + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is ";". + // Must be between 1 and 5 characters in length when specified. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=5 + Separator string `json:"separator,omitempty"` + + // regex is the regular expression to match against the concatenated source label values. + // Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is "(.*)" to match everything. + // Must be between 1 and 1000 characters in length when specified. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1000 + Regex string `json:"regex,omitempty"` + + // action defines the action to perform on the matched labels and its configuration. + // Exactly one action-specific configuration must be specified based on the action type. + // +required + Action RelabelActionConfig `json:"action,omitzero"` +} + +// RelabelActionConfig represents the action to perform and its configuration. +// Exactly one action-specific configuration must be specified based on the action type. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Replace' ? has(self.replace) : !has(self.replace)",message="replace is required when type is Replace, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'HashMod' ? has(self.hashMod) : !has(self.hashMod)",message="hashMod is required when type is HashMod, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Lowercase' ? has(self.lowercase) : !has(self.lowercase)",message="lowercase is required when type is Lowercase, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Uppercase' ? has(self.uppercase) : !has(self.uppercase)",message="uppercase is required when type is Uppercase, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'KeepEqual' ? has(self.keepEqual) : !has(self.keepEqual)",message="keepEqual is required when type is KeepEqual, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'DropEqual' ? has(self.dropEqual) : !has(self.dropEqual)",message="dropEqual is required when type is DropEqual, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'LabelMap' ? has(self.labelMap) : !has(self.labelMap)",message="labelMap is required when type is LabelMap, and forbidden otherwise" +// +union +type RelabelActionConfig struct { + // type specifies the action to perform on the matched labels. + // Allowed values are Replace, Lowercase, Uppercase, Keep, Drop, KeepEqual, DropEqual, HashMod, LabelMap, LabelDrop, LabelKeep. + // + // When set to Replace, regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place. + // + // When set to Lowercase, the concatenated source_labels are mapped to their lower case. Requires Prometheus >= v2.36.0. + // + // When set to Uppercase, the concatenated source_labels are mapped to their upper case. Requires Prometheus >= v2.36.0. + // + // When set to Keep, targets for which regex does not match the concatenated source_labels are dropped. + // + // When set to Drop, targets for which regex matches the concatenated source_labels are dropped. + // + // When set to KeepEqual, targets for which the concatenated source_labels do not match target_label are dropped. Requires Prometheus >= v2.41.0. + // + // When set to DropEqual, targets for which the concatenated source_labels do match target_label are dropped. Requires Prometheus >= v2.41.0. + // + // When set to HashMod, target_label is set to the modulus of a hash of the concatenated source_labels. + // + // When set to LabelMap, regex is matched against all source label names (not just source_labels); matching label values are copied to new names given by replacement with ${1}, ${2}, ... substituted. + // + // When set to LabelDrop, regex is matched against all label names; any label that matches is removed. + // + // When set to LabelKeep, regex is matched against all label names; any label that does not match is removed. + // +required + // +unionDiscriminator + Type RelabelAction `json:"type,omitempty"` + + // replace configures the Replace action. + // Required when type is Replace, and forbidden otherwise. + // +unionMember + // +optional + Replace ReplaceActionConfig `json:"replace,omitempty,omitzero"` + + // hashMod configures the HashMod action. + // Required when type is HashMod, and forbidden otherwise. + // +unionMember + // +optional + HashMod HashModActionConfig `json:"hashMod,omitempty,omitzero"` + + // labelMap configures the LabelMap action. + // Required when type is LabelMap, and forbidden otherwise. + // +unionMember + // +optional + LabelMap LabelMapActionConfig `json:"labelMap,omitempty,omitzero"` + + // lowercase configures the Lowercase action. + // Required when type is Lowercase, and forbidden otherwise. + // Requires Prometheus >= v2.36.0. + // +unionMember + // +optional + Lowercase LowercaseActionConfig `json:"lowercase,omitempty,omitzero"` + + // uppercase configures the Uppercase action. + // Required when type is Uppercase, and forbidden otherwise. + // Requires Prometheus >= v2.36.0. + // +unionMember + // +optional + Uppercase UppercaseActionConfig `json:"uppercase,omitempty,omitzero"` + + // keepEqual configures the KeepEqual action. + // Required when type is KeepEqual, and forbidden otherwise. + // Requires Prometheus >= v2.41.0. + // +unionMember + // +optional + KeepEqual KeepEqualActionConfig `json:"keepEqual,omitempty,omitzero"` + + // dropEqual configures the DropEqual action. + // Required when type is DropEqual, and forbidden otherwise. + // Requires Prometheus >= v2.41.0. + // +unionMember + // +optional + DropEqual DropEqualActionConfig `json:"dropEqual,omitempty,omitzero"` +} + +// ReplaceActionConfig configures the Replace action. +// Regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. No replacement if regex does not match. +type ReplaceActionConfig struct { + // targetLabel is the label name where the replacement result is written. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` + + // replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. + // Required when using the Replace action so the intended behavior is explicit and the platform does not need to apply defaults. + // Use "$1" for the first capture group, "$2" for the second, etc. Use an empty string ("") to explicitly clear the target label value. + // Must be between 0 and 255 characters in length. + // +required + // +kubebuilder:validation:MinLength=0 + // +kubebuilder:validation:MaxLength=255 + Replacement *string `json:"replacement,omitempty"` +} + +// HashModActionConfig configures the HashMod action. +// target_label is set to the modulus of a hash of the concatenated source_labels (target = hash % modulus). +type HashModActionConfig struct { + // targetLabel is the label name where the hash modulus result is written. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` + + // modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). + // Required when using the HashMod action so the intended behavior is explicit. + // Must be between 1 and 1000000. + // +required + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=1000000 + Modulus int64 `json:"modulus,omitempty"` +} + +// LowercaseActionConfig configures the Lowercase action. +// Maps the concatenated source_labels to their lower case and writes to target_label. +// Requires Prometheus >= v2.36.0. +type LowercaseActionConfig struct { + // targetLabel is the label name where the lower-cased value is written. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` +} + +// UppercaseActionConfig configures the Uppercase action. +// Maps the concatenated source_labels to their upper case and writes to target_label. +// Requires Prometheus >= v2.36.0. +type UppercaseActionConfig struct { + // targetLabel is the label name where the upper-cased value is written. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` +} + +// KeepEqualActionConfig configures the KeepEqual action. +// Drops targets for which the concatenated source_labels do not match the value of target_label. +// Requires Prometheus >= v2.41.0. +type KeepEqualActionConfig struct { + // targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` +} + +// DropEqualActionConfig configures the DropEqual action. +// Drops targets for which the concatenated source_labels do match the value of target_label. +// Requires Prometheus >= v2.41.0. +type DropEqualActionConfig struct { + // targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. + // Must be between 1 and 128 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + TargetLabel string `json:"targetLabel,omitempty"` +} + +// LabelMapActionConfig configures the LabelMap action. +// Regex is matched against all source label names (not just source_labels). Matching label values are copied to new label names given by replacement, with match group references (${1}, ${2}, ...) substituted. +type LabelMapActionConfig struct { + // replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. + // Required when using the LabelMap action so the intended behavior is explicit and the platform does not need to apply defaults. + // Use "$1" for the first capture group, "$2" for the second, etc. + // Must be between 1 and 255 characters in length. Empty string is invalid as it would produce invalid label names. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + Replacement string `json:"replacement,omitempty"` +} + +// TLSConfig represents TLS configuration for Alertmanager connections. +// At least one TLS configuration option must be specified. +// For mutual TLS (mTLS), both cert and key must be specified together, or both omitted. +// +kubebuilder:validation:MinProperties=1 +// +kubebuilder:validation:XValidation:rule="(has(self.cert) && has(self.key)) || (!has(self.cert) && !has(self.key))",message="cert and key must both be specified together for mutual TLS, or both be omitted" +type TLSConfig struct { + // ca is an optional CA certificate to use for TLS connections. + // When omitted, the system's default CA bundle is used. + // +optional + CA SecretKeySelector `json:"ca,omitempty,omitzero"` + // cert is an optional client certificate to use for mutual TLS connections. + // When omitted, no client certificate is presented. + // +optional + Cert SecretKeySelector `json:"cert,omitempty,omitzero"` + // key is an optional client key to use for mutual TLS connections. + // When omitted, no client key is used. + // +optional + Key SecretKeySelector `json:"key,omitempty,omitzero"` + // serverName is an optional server name to use for TLS connections. + // When specified, must be a valid DNS subdomain as per RFC 1123. + // When omitted, the server name is derived from the URL. + // Must be between 1 and 253 characters in length. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="must be a valid DNS subdomain (lowercase alphanumeric characters, '-' or '.', start and end with alphanumeric)" + ServerName string `json:"serverName,omitempty"` + // certificateVerification determines the policy for TLS certificate verification. + // Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is "Verify". + // +optional + CertificateVerification CertificateVerificationType `json:"certificateVerification,omitempty"` +} + +// CertificateVerificationType defines the TLS certificate verification policy. +// +kubebuilder:validation:Enum=Verify;SkipVerify +type CertificateVerificationType string + +const ( + // CertificateVerificationVerify performs certificate verification (secure, recommended). + CertificateVerificationVerify CertificateVerificationType = "Verify" + // CertificateVerificationSkipVerify skips certificate verification (insecure, use with caution). + CertificateVerificationSkipVerify CertificateVerificationType = "SkipVerify" +) + +// AuthorizationType defines the type of authentication to use. +// +kubebuilder:validation:Enum=BearerToken +type AuthorizationType string + +const ( + // AuthorizationTypeBearerToken indicates bearer token authentication. + AuthorizationTypeBearerToken AuthorizationType = "BearerToken" +) + +// AuthorizationConfig defines the authentication method for Alertmanager connections. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'BearerToken' ? has(self.bearerToken) : !has(self.bearerToken)",message="bearerToken is required when type is BearerToken" +// +union +type AuthorizationConfig struct { + // type specifies the authentication type to use. + // Valid value is "BearerToken" (bearer token authentication). + // When set to BearerToken, the bearerToken field must be specified. + // +unionDiscriminator + // +required + Type AuthorizationType `json:"type,omitempty"` + // bearerToken defines the secret reference containing the bearer token. + // Required when type is "BearerToken", and forbidden otherwise. + // The secret must exist in the openshift-monitoring namespace. + // +optional + BearerToken SecretKeySelector `json:"bearerToken,omitempty,omitzero"` +} + +// SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace. +// +structType=atomic +type SecretKeySelector struct { + // name is the name of the secret in the `openshift-monitoring` namespace to select from. + // Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + // Must be between 1 and 253 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="must be a valid secret name (lowercase alphanumeric characters, '-' or '.', start and end with alphanumeric)" + Name string `json:"name,omitempty"` + // key is the key of the secret to select from. + // Must consist of alphanumeric characters, '-', '_', or '.'. + // Must be between 1 and 253 characters in length. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9._-]+$')",message="must contain only alphanumeric characters, '-', '_', or '.'" + Key string `json:"key,omitempty"` +} + +// Retention configures how long Prometheus retains metrics data and how much storage it can use. +// +kubebuilder:validation:MinProperties=1 +type Retention struct { + // durationInDays specifies how many days Prometheus will retain metrics data. + // Prometheus automatically deletes data older than this duration. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 15. + // Minimum value is 1 day. + // Maximum value is 365 days (1 year). + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=365 + // +optional + DurationInDays int32 `json:"durationInDays,omitempty"` + // sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus + // can use for data blocks and the write-ahead log (WAL). + // When the limit is reached, Prometheus will delete oldest data first. + // When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + // Minimum value is 1 GiB. + // Maximum value is 16384 GiB (16 TiB). + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=16384 + // +optional + SizeInGiB int32 `json:"sizeInGiB,omitempty"` +} + +// RelabelAction defines the action to perform in a relabeling rule. +// +kubebuilder:validation:Enum=Replace;Keep;Drop;HashMod;LabelMap;LabelDrop;LabelKeep;Lowercase;Uppercase;KeepEqual;DropEqual +type RelabelAction string + +const ( + // RelabelActionReplace: match regex against concatenated source_labels; set target_label to replacement with ${1}, ${2}, ... substituted. No replacement if regex does not match. + RelabelActionReplace RelabelAction = "Replace" + // RelabelActionLowercase: map the concatenated source_labels to their lower case. + RelabelActionLowercase RelabelAction = "Lowercase" + // RelabelActionUppercase: map the concatenated source_labels to their upper case. + RelabelActionUppercase RelabelAction = "Uppercase" + // RelabelActionKeep: drop targets for which regex does not match the concatenated source_labels. + RelabelActionKeep RelabelAction = "Keep" + // RelabelActionDrop: drop targets for which regex matches the concatenated source_labels. + RelabelActionDrop RelabelAction = "Drop" + // RelabelActionKeepEqual: drop targets for which the concatenated source_labels do not match target_label. + RelabelActionKeepEqual RelabelAction = "KeepEqual" + // RelabelActionDropEqual: drop targets for which the concatenated source_labels do match target_label. + RelabelActionDropEqual RelabelAction = "DropEqual" + // RelabelActionHashMod: set target_label to the modulus of a hash of the concatenated source_labels. + RelabelActionHashMod RelabelAction = "HashMod" + // RelabelActionLabelMap: match regex against all source label names; copy matching label values to new names given by replacement with ${1}, ${2}, ... substituted. + RelabelActionLabelMap RelabelAction = "LabelMap" + // RelabelActionLabelDrop: match regex against all label names; any label that matches is removed. + RelabelActionLabelDrop RelabelAction = "LabelDrop" + // RelabelActionLabelKeep: match regex against all label names; any label that does not match is removed. + RelabelActionLabelKeep RelabelAction = "LabelKeep" +) + +// CollectionProfile defines the metrics collection profile for Prometheus. +// +kubebuilder:validation:Enum=Full;Minimal +type CollectionProfile string + +const ( + // CollectionProfileFull means Prometheus collects all metrics that are exposed by the platform components. + CollectionProfileFull CollectionProfile = "Full" + // CollectionProfileMinimal means Prometheus only collects metrics necessary for the default + // platform alerts, recording rules, telemetry and console dashboards. + CollectionProfileMinimal CollectionProfile = "Minimal" +) + +// TelemeterClientConfig provides configuration options for the Telemeter Client component +// that runs in the `openshift-monitoring` namespace. The Telemeter Client collects selected +// monitoring metrics and forwards them to Red Hat for telemetry purposes. +// At least one field must be specified. +// +kubebuilder:validation:MinProperties=1 +type TelemeterClientConfig struct { + // nodeSelector defines the nodes on which the Pods are scheduled. + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries. + // +optional + // +kubebuilder:validation:MinProperties=1 + // +kubebuilder:validation:MaxProperties=10 + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // resources defines the compute resource requests and limits for the Telemeter Client container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // This field is optional. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // This is a simplified API that maps to Kubernetes ResourceRequirements. + // The current default values are: + // resources: + // - name: cpu + // request: 1m + // limit: null + // - name: memory + // request: 40Mi + // limit: null + // Maximum length for this list is 5. + // Minimum length for this list is 1. + // Each resource name must be unique within this list. + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=5 + // +kubebuilder:validation:MinItems=1 + Resources []ContainerResource `json:"resources,omitempty"` + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Defaults are empty/unset. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=atomic + // +optional + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // topologySpreadConstraints defines rules for how Telemeter Client Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Default is empty list. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + // +optional + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` +} + +// ThanosQuerierConfig provides configuration options for the Thanos Querier component +// that runs in the `openshift-monitoring` namespace. +// At least one field must be specified; an empty thanosQuerierConfig object is not allowed. +// +kubebuilder:validation:MinProperties=1 +type ThanosQuerierConfig struct { + // nodeSelector defines the nodes on which the Pods are scheduled. + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries. + // +optional + // +kubebuilder:validation:MinProperties=1 + // +kubebuilder:validation:MaxProperties=10 + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // resources defines the compute resource requests and limits for the Thanos Querier container. + // resources is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Requests cannot exceed limits. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // This is a simplified API that maps to Kubernetes ResourceRequirements. + // The current default values are: + // resources: + // - name: cpu + // request: 5m + // - name: memory + // request: 12Mi + // Maximum length for this list is 5. + // Minimum length for this list is 1. + // Each resource name must be unique within this list. + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=5 + // +kubebuilder:validation:MinItems=1 + Resources []ContainerResource `json:"resources,omitempty"` + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Defaults are empty/unset. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=atomic + // +optional + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // topologySpreadConstraints defines rules for how Thanos Querier Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Defaults are empty/unset. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + // +optional + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` +} + +// AuditProfile defines the audit log level for the Metrics Server. +// +kubebuilder:validation:Enum=None;Metadata;Request;RequestResponse +type AuditProfile string + +const ( + // AuditProfileNone disables audit logging + AuditProfileNone AuditProfile = "None" + // AuditProfileMetadata logs request metadata (requesting user, timestamp, resource, verb, etc.) but not request or response body + AuditProfileMetadata AuditProfile = "Metadata" + // AuditProfileRequest logs event metadata and request body but not response body + AuditProfileRequest AuditProfile = "Request" + // AuditProfileRequestResponse logs event metadata, request and response bodies + AuditProfileRequestResponse AuditProfile = "RequestResponse" +) + +// VerbosityLevel defines the verbosity of log messages for Metrics Server. +// +kubebuilder:validation:Enum=Errors;Info;Trace;TraceAll +type VerbosityLevel string + +const ( + // VerbosityLevelErrors means only critical messages and errors are logged. + VerbosityLevelErrors VerbosityLevel = "Errors" + // VerbosityLevelInfo means basic informational messages are logged. + VerbosityLevelInfo VerbosityLevel = "Info" + // VerbosityLevelTrace means extended information useful for general debugging is logged. + VerbosityLevelTrace VerbosityLevel = "Trace" + // VerbosityLevelTraceAll means detailed information about metric scraping operations is logged. + VerbosityLevelTraceAll VerbosityLevel = "TraceAll" +) + +// ExemplarsMode defines whether exemplars are sent via remote write. +// +kubebuilder:validation:Enum=Send;DoNotSend +type ExemplarsMode string + +const ( + // ExemplarsModeSend means exemplars are sent via remote write. + ExemplarsModeSend ExemplarsMode = "Send" + // ExemplarsModeDoNotSend means exemplars are not sent via remote write. + ExemplarsModeDoNotSend ExemplarsMode = "DoNotSend" +) + +// RateLimitedAction defines what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). +// Omission of this field means do not retry. When set, the only valid value is Retry. +// +kubebuilder:validation:Enum=Retry +type RateLimitedAction string + +const ( + // RateLimitedActionRetry means requests will be retried on HTTP 429 responses. + RateLimitedActionRetry RateLimitedAction = "Retry" ) // Audit profile configurations diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go b/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go deleted file mode 100644 index 977ca3dde3..0000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go +++ /dev/null @@ -1,289 +0,0 @@ -package v1alpha1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ImagePolicy holds namespace-wide configuration for image signature verification -// -// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. -// +kubebuilder:object:root=true -// +kubebuilder:resource:path=imagepolicies,scope=Namespaced -// +kubebuilder:subresource:status -// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1457 -// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 -// +openshift:enable:FeatureGate=SigstoreImageVerification -// +openshift:compatibility-gen:level=4 -type ImagePolicy struct { - metav1.TypeMeta `json:",inline"` - - // metadata is the standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - metav1.ObjectMeta `json:"metadata,omitempty"` - - // spec holds user settable values for configuration - // +required - Spec ImagePolicySpec `json:"spec"` - // status contains the observed state of the resource. - // +optional - Status ImagePolicyStatus `json:"status,omitempty"` -} - -// ImagePolicySpec is the specification of the ImagePolicy CRD. -type ImagePolicySpec struct { - // scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the "Docker Registry HTTP API V2". - // Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). - // More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository - // namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). - // Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. - // If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. - // In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories - // quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. - // If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. - // For additional details about the format, please refer to the document explaining the docker transport field, - // which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker - // +required - // +kubebuilder:validation:MaxItems=256 - // +listType=set - Scopes []ImageScope `json:"scopes"` - // policy contains configuration to allow scopes to be verified, and defines how - // images not matching the verification policy will be treated. - // +required - Policy ImageSigstoreVerificationPolicy `json:"policy"` -} - -// +kubebuilder:validation:XValidation:rule="size(self.split('/')[0].split('.')) == 1 ? self.split('/')[0].split('.')[0].split(':')[0] == 'localhost' : true",message="invalid image scope format, scope must contain a fully qualified domain name or 'localhost'" -// +kubebuilder:validation:XValidation:rule=`self.contains('*') ? self.matches('^\\*(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$') : true`,message="invalid image scope with wildcard, a wildcard can only be at the start of the domain and is only supported for subdomain matching, not path matching" -// +kubebuilder:validation:XValidation:rule=`!self.contains('*') ? self.matches('^((((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?)(?::([\\w][\\w.-]{0,127}))?(?:@([A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}))?$') : true`,message="invalid repository namespace or image specification in the image scope" -// +kubebuilder:validation:MaxLength=512 -type ImageScope string - -// ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list. -type ImageSigstoreVerificationPolicy struct { - // rootOfTrust specifies the root of trust for the policy. - // +required - RootOfTrust PolicyRootOfTrust `json:"rootOfTrust"` - // signedIdentity specifies what image identity the signature claims about the image. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is "MatchRepoDigestOrExact". - // +optional - SignedIdentity PolicyIdentity `json:"signedIdentity,omitempty"` -} - -// PolicyRootOfTrust defines the root of trust based on the selected policyType. -// +union -// +kubebuilder:validation:XValidation:rule="has(self.policyType) && self.policyType == 'PublicKey' ? has(self.publicKey) : !has(self.publicKey)",message="publicKey is required when policyType is PublicKey, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="has(self.policyType) && self.policyType == 'FulcioCAWithRekor' ? has(self.fulcioCAWithRekor) : !has(self.fulcioCAWithRekor)",message="fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise" -// +openshift:validation:FeatureGateAwareXValidation:featureGate=SigstoreImageVerificationPKI,rule="has(self.policyType) && self.policyType == 'PKI' ? has(self.pki) : !has(self.pki)",message="pki is required when policyType is PKI, and forbidden otherwise" -type PolicyRootOfTrust struct { - // policyType serves as the union's discriminator. Users are required to assign a value to this field, choosing one of the policy types that define the root of trust. - // "PublicKey" indicates that the policy relies on a sigstore publicKey and may optionally use a Rekor verification. - // "FulcioCAWithRekor" indicates that the policy is based on the Fulcio certification and incorporates a Rekor verification. - // "PKI" indicates that the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate. - // +unionDiscriminator - // +required - PolicyType PolicyType `json:"policyType"` - // publicKey defines the root of trust based on a sigstore public key. - // +optional - PublicKey *ImagePolicyPublicKeyRootOfTrust `json:"publicKey,omitempty"` - // fulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key. - // For more information about Fulcio and Rekor, please refer to the document at: - // https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor - // +optional - FulcioCAWithRekor *ImagePolicyFulcioCAWithRekorRootOfTrust `json:"fulcioCAWithRekor,omitempty"` - // pki defines the root of trust based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates. - // +optional - // +openshift:enable:FeatureGate=SigstoreImageVerificationPKI - PKI *ImagePolicyPKIRootOfTrust `json:"pki,omitempty"` -} - -// +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=PublicKey;FulcioCAWithRekor -// +openshift:validation:FeatureGateAwareEnum:featureGate=SigstoreImageVerificationPKI,enum=PublicKey;FulcioCAWithRekor;PKI -type PolicyType string - -const ( - PublicKeyRootOfTrust PolicyType = "PublicKey" - FulcioCAWithRekorRootOfTrust PolicyType = "FulcioCAWithRekor" - PKIRootOfTrust PolicyType = "PKI" -) - -// ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key. -type ImagePolicyPublicKeyRootOfTrust struct { - // keyData contains inline base64-encoded data for the PEM format public key. - // KeyData must be at most 8192 characters. - // +required - // +kubebuilder:validation:MaxLength=8192 - KeyData []byte `json:"keyData"` - // rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. - // rekorKeyData must be at most 8192 characters. - // +optional - // +kubebuilder:validation:MaxLength=8192 - RekorKeyData []byte `json:"rekorKeyData,omitempty"` -} - -// ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key. -type ImagePolicyFulcioCAWithRekorRootOfTrust struct { - // fulcioCAData contains inline base64-encoded data for the PEM format fulcio CA. - // fulcioCAData must be at most 8192 characters. - // +required - // +kubebuilder:validation:MaxLength=8192 - FulcioCAData []byte `json:"fulcioCAData"` - // rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. - // rekorKeyData must be at most 8192 characters. - // +required - // +kubebuilder:validation:MaxLength=8192 - RekorKeyData []byte `json:"rekorKeyData"` - // fulcioSubject specifies OIDC issuer and the email of the Fulcio authentication configuration. - // +required - FulcioSubject PolicyFulcioSubject `json:"fulcioSubject"` -} - -// PolicyFulcioSubject defines the OIDC issuer and the email of the Fulcio authentication configuration. -type PolicyFulcioSubject struct { - // oidcIssuer contains the expected OIDC issuer. It will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL. When Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token. - // Example: "https://expected.OIDC.issuer/" - // +required - // +kubebuilder:validation:XValidation:rule="isURL(self)",message="oidcIssuer must be a valid URL" - OIDCIssuer string `json:"oidcIssuer"` - // signedEmail holds the email address the the Fulcio certificate is issued for. - // Example: "expected-signing-user@example.com" - // +required - // +kubebuilder:validation:XValidation:rule=`self.matches('^\\S+@\\S+$')`,message="invalid email address" - SignedEmail string `json:"signedEmail"` -} - -// ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates. -type ImagePolicyPKIRootOfTrust struct { - // caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters. - // +required - // +kubebuilder:validation:MaxLength=8192 - // +kubebuilder:validation:XValidation:rule="string(self).startsWith('-----BEGIN CERTIFICATE-----')",message="the caRootsData must start with base64 encoding of '-----BEGIN CERTIFICATE-----'." - // +kubebuilder:validation:XValidation:rule="string(self).endsWith('-----END CERTIFICATE-----\\n') || string(self).endsWith('-----END CERTIFICATE-----')",message="the caRootsData must end with base64 encoding of '-----END CERTIFICATE-----'." - // +kubebuilder:validation:XValidation:rule="string(self).findAll('-----BEGIN CERTIFICATE-----').size() == string(self).findAll('-----END CERTIFICATE-----').size()",message="caRootsData must be base64 encoding of valid PEM format data contain the same number of '-----BEGIN CERTIFICATE-----' and '-----END CERTIFICATE-----' markers." - CertificateAuthorityRootsData []byte `json:"caRootsData"` - // caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. - // caIntermediatesData requires caRootsData to be set. - // +optional - // +kubebuilder:validation:XValidation:rule="string(self).startsWith('-----BEGIN CERTIFICATE-----')",message="the caIntermediatesData must start with base64 encoding of '-----BEGIN CERTIFICATE-----'." - // +kubebuilder:validation:XValidation:rule="string(self).endsWith('-----END CERTIFICATE-----\\n') || string(self).endsWith('-----END CERTIFICATE-----')",message="the caIntermediatesData must end with base64 encoding of '-----END CERTIFICATE-----'." - // +kubebuilder:validation:XValidation:rule="string(self).findAll('-----BEGIN CERTIFICATE-----').size() == string(self).findAll('-----END CERTIFICATE-----').size()",message="caIntermediatesData must be base64 encoding of valid PEM format data contain the same number of '-----BEGIN CERTIFICATE-----' and '-----END CERTIFICATE-----' markers." - // +kubebuilder:validation:MaxLength=8192 - CertificateAuthorityIntermediatesData []byte `json:"caIntermediatesData,omitempty"` - - // pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued. - // +required - PKICertificateSubject PKICertificateSubject `json:"pkiCertificateSubject"` -} - -// PKICertificateSubject defines the requirements imposed on the subject to which the certificate was issued. -// +kubebuilder:validation:XValidation:rule="has(self.email) || has(self.hostname)", message="at least one of email or hostname must be set in pkiCertificateSubject" -// +openshift:enable:FeatureGate=SigstoreImageVerificationPKI -type PKICertificateSubject struct { - // email specifies the expected email address imposed on the subject to which the certificate was issued, and must match the email address listed in the Subject Alternative Name (SAN) field of the certificate. - // The email should be a valid email address and at most 320 characters in length. - // +optional - // +kubebuilder:validation:MaxLength:=320 - // +kubebuilder:validation:XValidation:rule=`self.matches('^\\S+@\\S+$')`,message="invalid email address in pkiCertificateSubject" - Email string `json:"email,omitempty"` - // hostname specifies the expected hostname imposed on the subject to which the certificate was issued, and it must match the hostname listed in the Subject Alternative Name (SAN) DNS field of the certificate. - // The hostname should be a valid dns 1123 subdomain name, optionally prefixed by '*.', and at most 253 characters in length. - // It should consist only of lowercase alphanumeric characters, hyphens, periods and the optional preceding asterisk. - // +optional - // +kubebuilder:validation:MaxLength:=253 - // +kubebuilder:validation:XValidation:rule="self.startsWith('*.') ? !format.dns1123Subdomain().validate(self.replace('*.', '', 1)).hasValue() : !format.dns1123Subdomain().validate(self).hasValue()",message="hostname should be a valid dns 1123 subdomain name, optionally prefixed by '*.'. It should consist only of lowercase alphanumeric characters, hyphens, periods and the optional preceding asterisk." - Hostname string `json:"hostname,omitempty"` -} - -// PolicyIdentity defines image identity the signature claims about the image. When omitted, the default matchPolicy is "MatchRepoDigestOrExact". -// +kubebuilder:validation:XValidation:rule="(has(self.matchPolicy) && self.matchPolicy == 'ExactRepository') ? has(self.exactRepository) : !has(self.exactRepository)",message="exactRepository is required when matchPolicy is ExactRepository, and forbidden otherwise" -// +kubebuilder:validation:XValidation:rule="(has(self.matchPolicy) && self.matchPolicy == 'RemapIdentity') ? has(self.remapIdentity) : !has(self.remapIdentity)",message="remapIdentity is required when matchPolicy is RemapIdentity, and forbidden otherwise" -// +union -type PolicyIdentity struct { - // matchPolicy sets the type of matching to be used. - // Valid values are "MatchRepoDigestOrExact", "MatchRepository", "ExactRepository", "RemapIdentity". When omitted, the default value is "MatchRepoDigestOrExact". - // If set matchPolicy to ExactRepository, then the exactRepository must be specified. - // If set matchPolicy to RemapIdentity, then the remapIdentity must be specified. - // "MatchRepoDigestOrExact" means that the identity in the signature must be in the same repository as the image identity if the image identity is referenced by a digest. Otherwise, the identity in the signature must be the same as the image identity. - // "MatchRepository" means that the identity in the signature must be in the same repository as the image identity. - // "ExactRepository" means that the identity in the signature must be in the same repository as a specific identity specified by "repository". - // "RemapIdentity" means that the signature must be in the same as the remapped image identity. Remapped image identity is obtained by replacing the "prefix" with the specified “signedPrefix” if the the image identity matches the specified remapPrefix. - // +unionDiscriminator - // +required - MatchPolicy IdentityMatchPolicy `json:"matchPolicy"` - // exactRepository is required if matchPolicy is set to "ExactRepository". - // +optional - PolicyMatchExactRepository *PolicyMatchExactRepository `json:"exactRepository,omitempty"` - // remapIdentity is required if matchPolicy is set to "RemapIdentity". - // +optional - PolicyMatchRemapIdentity *PolicyMatchRemapIdentity `json:"remapIdentity,omitempty"` -} - -// +kubebuilder:validation:MaxLength=512 -// +kubebuilder:validation:XValidation:rule=`self.matches('.*:([\\w][\\w.-]{0,127})$')? self.matches('^(localhost:[0-9]+)$'): true`,message="invalid repository or prefix in the signedIdentity, should not include the tag or digest" -// +kubebuilder:validation:XValidation:rule=`self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$')`,message="invalid repository or prefix in the signedIdentity" -type IdentityRepositoryPrefix string - -type PolicyMatchExactRepository struct { - // repository is the reference of the image identity to be matched. - // The value should be a repository name (by omitting the tag or digest) in a registry implementing the "Docker Registry HTTP API V2". For example, docker.io/library/busybox - // +required - Repository IdentityRepositoryPrefix `json:"repository"` -} - -type PolicyMatchRemapIdentity struct { - // prefix is the prefix of the image identity to be matched. - // If the image identity matches the specified prefix, that prefix is replaced by the specified “signedPrefix” (otherwise it is used as unchanged and no remapping takes place). - // This useful when verifying signatures for a mirror of some other repository namespace that preserves the vendor’s repository structure. - // The prefix and signedPrefix values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, - // or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. - // For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox. - // +required - Prefix IdentityRepositoryPrefix `json:"prefix"` - // signedPrefix is the prefix of the image identity to be matched in the signature. The format is the same as "prefix". The values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, - // or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. - // For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox. - // +required - SignedPrefix IdentityRepositoryPrefix `json:"signedPrefix"` -} - -// IdentityMatchPolicy defines the type of matching for "matchPolicy". -// +kubebuilder:validation:Enum=MatchRepoDigestOrExact;MatchRepository;ExactRepository;RemapIdentity -type IdentityMatchPolicy string - -const ( - IdentityMatchPolicyMatchRepoDigestOrExact IdentityMatchPolicy = "MatchRepoDigestOrExact" - IdentityMatchPolicyMatchRepository IdentityMatchPolicy = "MatchRepository" - IdentityMatchPolicyExactRepository IdentityMatchPolicy = "ExactRepository" - IdentityMatchPolicyRemapIdentity IdentityMatchPolicy = "RemapIdentity" -) - -// +k8s:deepcopy-gen=true -type ImagePolicyStatus struct { - // conditions provide details on the status of this API Resource. - // +listType=map - // +listMapKey=type - // +optional - Conditions []metav1.Condition `json:"conditions,omitempty"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ImagePolicyList is a list of ImagePolicy resources -// -// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. -// +openshift:compatibility-gen:level=4 -type ImagePolicyList struct { - metav1.TypeMeta `json:",inline"` - - // metadata is the standard list's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - metav1.ListMeta `json:"metadata"` - - Items []ImagePolicy `json:"items"` -} - -const ( - // ImagePolicyPending indicates that the customer resource contains a policy that cannot take effect. It is either overwritten by a global policy or the image scope is not valid. - ImagePolicyPending = "Pending" - // ImagePolicyApplied indicates that the policy has been applied - ImagePolicyApplied = "Applied" -) diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_pki.go b/vendor/github.com/openshift/api/config/v1alpha1/types_pki.go new file mode 100644 index 0000000000..c5be8b5bc9 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_pki.go @@ -0,0 +1,274 @@ +package v1alpha1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// PKI configures cryptographic parameters for certificates generated +// internally by OpenShift components. +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=pkis,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/2645 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +openshift:enable:FeatureGate=ConfigurablePKI +// +openshift:compatibility-gen:level=4 +type PKI struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +required + Spec PKISpec `json:"spec,omitzero"` +} + +// PKISpec holds the specification for PKI configuration. +type PKISpec struct { + // certificateManagement specifies how PKI configuration is managed for internally-generated certificates. + // This controls the certificate generation approach for all OpenShift components that create + // certificates internally, including certificate authorities, serving certificates, and client certificates. + // + // +required + CertificateManagement PKICertificateManagement `json:"certificateManagement,omitzero"` +} + +// PKICertificateManagement determines whether components use hardcoded defaults (Unmanaged), follow +// OpenShift best practices (Default), or use administrator-specified cryptographic parameters (Custom). +// This provides flexibility for organizations with specific compliance requirements or security policies +// while maintaining backwards compatibility for existing clusters. +// +// +kubebuilder:validation:XValidation:rule="self.mode == 'Custom' ? has(self.custom) : !has(self.custom)",message="custom is required when mode is Custom, and forbidden otherwise" +// +union +type PKICertificateManagement struct { + // mode determines how PKI configuration is managed. + // Valid values are "Unmanaged", "Default", and "Custom". + // + // When set to Unmanaged, components use their existing hardcoded certificate + // generation behavior, exactly as if this feature did not exist. Each component + // generates certificates using whatever parameters it was using before this + // feature. While most components use RSA 2048, some may use different + // parameters. Use of this mode might prevent upgrading to the next major + // OpenShift release. + // + // When set to Default, OpenShift-recommended best practices for certificate + // generation are applied. The specific parameters may evolve across OpenShift + // releases to adopt improved cryptographic standards. In the initial release, + // this matches Unmanaged behavior for each component. In future releases, this + // may adopt ECDSA or larger RSA keys based on industry best practices. + // Recommended for most customers who want to benefit from security improvements + // automatically. + // + // When set to Custom, the certificate management parameters can be set + // explicitly. Use the custom field to specify certificate generation parameters. + // + // +required + // +unionDiscriminator + Mode PKICertificateManagementMode `json:"mode,omitempty"` + + // custom contains administrator-specified cryptographic configuration. + // Use the defaults and category override fields + // to specify certificate generation parameters. + // Required when mode is Custom, and forbidden otherwise. + // + // +optional + // +unionMember + Custom CustomPKIPolicy `json:"custom,omitzero"` +} + +// CustomPKIPolicy contains administrator-specified cryptographic configuration. +// Administrators must specify defaults for all certificates and may optionally +// override specific categories of certificates. +// +// +kubebuilder:validation:MinProperties=1 +type CustomPKIPolicy struct { + PKIProfile `json:",inline"` +} + +// PKICertificateManagementMode specifies the mode for PKI certificate management. +// +// +kubebuilder:validation:Enum=Unmanaged;Default;Custom +type PKICertificateManagementMode string + +const ( + // PKICertificateManagementModeUnmanaged uses each component's existing hardcoded defaults. + // Most components currently use RSA 2048, but parameters may differ by component. + PKICertificateManagementModeUnmanaged PKICertificateManagementMode = "Unmanaged" + + // PKICertificateManagementModeDefault uses OpenShift-recommended best practices. + // Specific parameters may evolve across OpenShift releases. + PKICertificateManagementModeDefault PKICertificateManagementMode = "Default" + + // PKICertificateManagementModeCustom uses administrator-specified configuration. + PKICertificateManagementModeCustom PKICertificateManagementMode = "Custom" +) + +// PKIProfile defines the certificate generation parameters that OpenShift +// components use to create certificates. Category overrides take precedence +// over defaults. +type PKIProfile struct { + // defaults specifies the default certificate configuration that applies + // to all certificates unless overridden by a category override. + // + // +required + Defaults DefaultCertificateConfig `json:"defaults,omitzero"` + + // signerCertificates optionally overrides certificate parameters for + // certificate authority (CA) certificates that sign other certificates. + // When set, these parameters take precedence over defaults for all signer certificates. + // When omitted, the defaults are used for signer certificates. + // + // +optional + SignerCertificates CertificateConfig `json:"signerCertificates,omitempty,omitzero"` + + // servingCertificates optionally overrides certificate parameters for + // TLS server certificates used to serve HTTPS endpoints. + // When set, these parameters take precedence over defaults for all serving certificates. + // When omitted, the defaults are used for serving certificates. + // + // +optional + ServingCertificates CertificateConfig `json:"servingCertificates,omitempty,omitzero"` + + // clientCertificates optionally overrides certificate parameters for + // client authentication certificates used to authenticate to servers. + // When set, these parameters take precedence over defaults for all client certificates. + // When omitted, the defaults are used for client certificates. + // + // +optional + ClientCertificates CertificateConfig `json:"clientCertificates,omitempty,omitzero"` +} + +// DefaultCertificateConfig specifies the default certificate configuration +// parameters. All fields are required to ensure that defaults are fully +// specified for all certificates. +type DefaultCertificateConfig struct { + // key specifies the cryptographic parameters for the certificate's key pair. + // This field is required in defaults to ensure all certificates have a + // well-defined key configuration. + // +required + Key KeyConfig `json:"key,omitzero"` +} + +// CertificateConfig specifies configuration parameters for certificates. +// At least one property must be specified. +// +kubebuilder:validation:MinProperties=1 +type CertificateConfig struct { + // key specifies the cryptographic parameters for the certificate's key pair. + // Currently this is the only configurable parameter. When omitted in an + // overrides entry, the key configuration from defaults is used. + // +optional + Key KeyConfig `json:"key,omitzero"` +} + +// KeyConfig specifies cryptographic parameters for key generation. +// +// +kubebuilder:validation:XValidation:rule="has(self.algorithm) && self.algorithm == 'RSA' ? has(self.rsa) : !has(self.rsa)",message="rsa is required when algorithm is RSA, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.algorithm) && self.algorithm == 'ECDSA' ? has(self.ecdsa) : !has(self.ecdsa)",message="ecdsa is required when algorithm is ECDSA, and forbidden otherwise" +// +union +type KeyConfig struct { + // algorithm specifies the key generation algorithm. + // Valid values are "RSA" and "ECDSA". + // + // When set to RSA, the rsa field must be specified and the generated key + // will be an RSA key with the configured key size. + // + // When set to ECDSA, the ecdsa field must be specified and the generated key + // will be an ECDSA key using the configured elliptic curve. + // + // +required + // +unionDiscriminator + Algorithm KeyAlgorithm `json:"algorithm,omitempty"` + + // rsa specifies RSA key parameters. + // Required when algorithm is RSA, and forbidden otherwise. + // +optional + // +unionMember + RSA RSAKeyConfig `json:"rsa,omitzero"` + + // ecdsa specifies ECDSA key parameters. + // Required when algorithm is ECDSA, and forbidden otherwise. + // +optional + // +unionMember + ECDSA ECDSAKeyConfig `json:"ecdsa,omitzero"` +} + +// RSAKeyConfig specifies parameters for RSA key generation. +type RSAKeyConfig struct { + // keySize specifies the size of RSA keys in bits. + // Valid values are multiples of 1024 from 2048 to 8192. + // +required + // +kubebuilder:validation:Minimum=2048 + // +kubebuilder:validation:Maximum=8192 + // +kubebuilder:validation:MultipleOf=1024 + KeySize int32 `json:"keySize,omitempty"` +} + +// ECDSAKeyConfig specifies parameters for ECDSA key generation. +type ECDSAKeyConfig struct { + // curve specifies the NIST elliptic curve for ECDSA keys. + // Valid values are "P256", "P384", and "P521". + // + // When set to P256, the NIST P-256 curve (also known as secp256r1) is used, + // providing 128-bit security. + // + // When set to P384, the NIST P-384 curve (also known as secp384r1) is used, + // providing 192-bit security. + // + // When set to P521, the NIST P-521 curve (also known as secp521r1) is used, + // providing 256-bit security. + // + // +required + Curve ECDSACurve `json:"curve,omitempty"` +} + +// KeyAlgorithm specifies the cryptographic algorithm used for key generation. +// +// +kubebuilder:validation:Enum=RSA;ECDSA +type KeyAlgorithm string + +const ( + // KeyAlgorithmRSA specifies the RSA (Rivest-Shamir-Adleman) algorithm for key generation. + KeyAlgorithmRSA KeyAlgorithm = "RSA" + + // KeyAlgorithmECDSA specifies the ECDSA (Elliptic Curve Digital Signature Algorithm) for key generation. + KeyAlgorithmECDSA KeyAlgorithm = "ECDSA" +) + +// ECDSACurve specifies the elliptic curve used for ECDSA key generation. +// +// +kubebuilder:validation:Enum=P256;P384;P521 +type ECDSACurve string + +const ( + // ECDSACurveP256 specifies the NIST P-256 curve (also known as secp256r1), providing 128-bit security. + ECDSACurveP256 ECDSACurve = "P256" + + // ECDSACurveP384 specifies the NIST P-384 curve (also known as secp384r1), providing 192-bit security. + ECDSACurveP384 ECDSACurve = "P384" + + // ECDSACurveP521 specifies the NIST P-521 curve (also known as secp521r1), providing 256-bit security. + ECDSACurveP521 ECDSACurve = "P521" +) + +// PKIList is a collection of PKI resources. +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +openshift:compatibility-gen:level=4 +type PKIList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata,omitempty"` + + // items is a list of PKI resources + Items []PKI `json:"items"` +} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go index d648413ab5..38694ad9eb 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go @@ -11,6 +11,29 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdditionalAlertmanagerConfig) DeepCopyInto(out *AdditionalAlertmanagerConfig) { + *out = *in + out.Authorization = in.Authorization + if in.StaticConfigs != nil { + in, out := &in.StaticConfigs, &out.StaticConfigs + *out = make([]string, len(*in)) + copy(*out, *in) + } + out.TLSConfig = in.TLSConfig + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdditionalAlertmanagerConfig. +func (in *AdditionalAlertmanagerConfig) DeepCopy() *AdditionalAlertmanagerConfig { + if in == nil { + return nil + } + out := new(AdditionalAlertmanagerConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AlertmanagerConfig) DeepCopyInto(out *AlertmanagerConfig) { *out = *in @@ -98,6 +121,23 @@ func (in *Audit) DeepCopy() *Audit { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuthorizationConfig) DeepCopyInto(out *AuthorizationConfig) { + *out = *in + out.BearerToken = in.BearerToken + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizationConfig. +func (in *AuthorizationConfig) DeepCopy() *AuthorizationConfig { + if in == nil { + return nil + } + out := new(AuthorizationConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Backup) DeepCopyInto(out *Backup) { *out = *in @@ -192,6 +232,24 @@ func (in *BackupStatus) DeepCopy() *BackupStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BasicAuth) DeepCopyInto(out *BasicAuth) { + *out = *in + out.Username = in.Username + out.Password = in.Password + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BasicAuth. +func (in *BasicAuth) DeepCopy() *BasicAuth { + if in == nil { + return nil + } + out := new(BasicAuth) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CRIOCredentialProviderConfig) DeepCopyInto(out *CRIOCredentialProviderConfig) { *out = *in @@ -302,27 +360,44 @@ func (in *CRIOCredentialProviderConfigStatus) DeepCopy() *CRIOCredentialProvider } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterImagePolicy) DeepCopyInto(out *ClusterImagePolicy) { +func (in *CertificateConfig) DeepCopyInto(out *CertificateConfig) { + *out = *in + out.Key = in.Key + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateConfig. +func (in *CertificateConfig) DeepCopy() *CertificateConfig { + if in == nil { + return nil + } + out := new(CertificateConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterMonitoring) DeepCopyInto(out *ClusterMonitoring) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) + out.Status = in.Status return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterImagePolicy. -func (in *ClusterImagePolicy) DeepCopy() *ClusterImagePolicy { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterMonitoring. +func (in *ClusterMonitoring) DeepCopy() *ClusterMonitoring { if in == nil { return nil } - out := new(ClusterImagePolicy) + out := new(ClusterMonitoring) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterImagePolicy) DeepCopyObject() runtime.Object { +func (in *ClusterMonitoring) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -330,13 +405,13 @@ func (in *ClusterImagePolicy) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterImagePolicyList) DeepCopyInto(out *ClusterImagePolicyList) { +func (in *ClusterMonitoringList) DeepCopyInto(out *ClusterMonitoringList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]ClusterImagePolicy, len(*in)) + *out = make([]ClusterMonitoring, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -344,18 +419,18 @@ func (in *ClusterImagePolicyList) DeepCopyInto(out *ClusterImagePolicyList) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterImagePolicyList. -func (in *ClusterImagePolicyList) DeepCopy() *ClusterImagePolicyList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterMonitoringList. +func (in *ClusterMonitoringList) DeepCopy() *ClusterMonitoringList { if in == nil { return nil } - out := new(ClusterImagePolicyList) + out := new(ClusterMonitoringList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterImagePolicyList) DeepCopyObject() runtime.Object { +func (in *ClusterMonitoringList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -363,162 +438,126 @@ func (in *ClusterImagePolicyList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterImagePolicySpec) DeepCopyInto(out *ClusterImagePolicySpec) { +func (in *ClusterMonitoringSpec) DeepCopyInto(out *ClusterMonitoringSpec) { *out = *in - if in.Scopes != nil { - in, out := &in.Scopes, &out.Scopes - *out = make([]ImageScope, len(*in)) - copy(*out, *in) - } - in.Policy.DeepCopyInto(&out.Policy) + out.UserDefined = in.UserDefined + in.AlertmanagerConfig.DeepCopyInto(&out.AlertmanagerConfig) + in.PrometheusConfig.DeepCopyInto(&out.PrometheusConfig) + in.MetricsServerConfig.DeepCopyInto(&out.MetricsServerConfig) + in.PrometheusOperatorConfig.DeepCopyInto(&out.PrometheusOperatorConfig) + in.PrometheusOperatorAdmissionWebhookConfig.DeepCopyInto(&out.PrometheusOperatorAdmissionWebhookConfig) + in.OpenShiftStateMetricsConfig.DeepCopyInto(&out.OpenShiftStateMetricsConfig) + in.TelemeterClientConfig.DeepCopyInto(&out.TelemeterClientConfig) + in.ThanosQuerierConfig.DeepCopyInto(&out.ThanosQuerierConfig) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterImagePolicySpec. -func (in *ClusterImagePolicySpec) DeepCopy() *ClusterImagePolicySpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterMonitoringSpec. +func (in *ClusterMonitoringSpec) DeepCopy() *ClusterMonitoringSpec { if in == nil { return nil } - out := new(ClusterImagePolicySpec) + out := new(ClusterMonitoringSpec) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterImagePolicyStatus) DeepCopyInto(out *ClusterImagePolicyStatus) { +func (in *ClusterMonitoringStatus) DeepCopyInto(out *ClusterMonitoringStatus) { *out = *in - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]metav1.Condition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterImagePolicyStatus. -func (in *ClusterImagePolicyStatus) DeepCopy() *ClusterImagePolicyStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterMonitoringStatus. +func (in *ClusterMonitoringStatus) DeepCopy() *ClusterMonitoringStatus { if in == nil { return nil } - out := new(ClusterImagePolicyStatus) + out := new(ClusterMonitoringStatus) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterMonitoring) DeepCopyInto(out *ClusterMonitoring) { +func (in *ContainerResource) DeepCopyInto(out *ContainerResource) { *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - out.Status = in.Status + out.Request = in.Request.DeepCopy() + out.Limit = in.Limit.DeepCopy() return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterMonitoring. -func (in *ClusterMonitoring) DeepCopy() *ClusterMonitoring { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerResource. +func (in *ContainerResource) DeepCopy() *ContainerResource { if in == nil { return nil } - out := new(ClusterMonitoring) + out := new(ContainerResource) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterMonitoring) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterMonitoringList) DeepCopyInto(out *ClusterMonitoringList) { +func (in *CustomPKIPolicy) DeepCopyInto(out *CustomPKIPolicy) { *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ClusterMonitoring, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } + out.PKIProfile = in.PKIProfile return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterMonitoringList. -func (in *ClusterMonitoringList) DeepCopy() *ClusterMonitoringList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomPKIPolicy. +func (in *CustomPKIPolicy) DeepCopy() *CustomPKIPolicy { if in == nil { return nil } - out := new(ClusterMonitoringList) + out := new(CustomPKIPolicy) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterMonitoringList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterMonitoringSpec) DeepCopyInto(out *ClusterMonitoringSpec) { +func (in *DefaultCertificateConfig) DeepCopyInto(out *DefaultCertificateConfig) { *out = *in - out.UserDefined = in.UserDefined - in.AlertmanagerConfig.DeepCopyInto(&out.AlertmanagerConfig) - in.MetricsServerConfig.DeepCopyInto(&out.MetricsServerConfig) - in.PrometheusOperatorConfig.DeepCopyInto(&out.PrometheusOperatorConfig) - in.PrometheusOperatorAdmissionWebhookConfig.DeepCopyInto(&out.PrometheusOperatorAdmissionWebhookConfig) + out.Key = in.Key return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterMonitoringSpec. -func (in *ClusterMonitoringSpec) DeepCopy() *ClusterMonitoringSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefaultCertificateConfig. +func (in *DefaultCertificateConfig) DeepCopy() *DefaultCertificateConfig { if in == nil { return nil } - out := new(ClusterMonitoringSpec) + out := new(DefaultCertificateConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterMonitoringStatus) DeepCopyInto(out *ClusterMonitoringStatus) { +func (in *DropEqualActionConfig) DeepCopyInto(out *DropEqualActionConfig) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterMonitoringStatus. -func (in *ClusterMonitoringStatus) DeepCopy() *ClusterMonitoringStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DropEqualActionConfig. +func (in *DropEqualActionConfig) DeepCopy() *DropEqualActionConfig { if in == nil { return nil } - out := new(ClusterMonitoringStatus) + out := new(DropEqualActionConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ContainerResource) DeepCopyInto(out *ContainerResource) { +func (in *ECDSAKeyConfig) DeepCopyInto(out *ECDSAKeyConfig) { *out = *in - out.Request = in.Request.DeepCopy() - out.Limit = in.Limit.DeepCopy() return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerResource. -func (in *ContainerResource) DeepCopy() *ContainerResource { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ECDSAKeyConfig. +func (in *ECDSAKeyConfig) DeepCopy() *ECDSAKeyConfig { if in == nil { return nil } - out := new(ContainerResource) + out := new(ECDSAKeyConfig) in.DeepCopyInto(out) return out } @@ -567,68 +606,57 @@ func (in *GatherConfig) DeepCopy() *GatherConfig { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImagePolicy) DeepCopyInto(out *ImagePolicy) { +func (in *HashModActionConfig) DeepCopyInto(out *HashModActionConfig) { *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicy. -func (in *ImagePolicy) DeepCopy() *ImagePolicy { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HashModActionConfig. +func (in *HashModActionConfig) DeepCopy() *HashModActionConfig { if in == nil { return nil } - out := new(ImagePolicy) + out := new(HashModActionConfig) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ImagePolicy) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImagePolicyFulcioCAWithRekorRootOfTrust) DeepCopyInto(out *ImagePolicyFulcioCAWithRekorRootOfTrust) { +func (in *InsightsDataGather) DeepCopyInto(out *InsightsDataGather) { *out = *in - if in.FulcioCAData != nil { - in, out := &in.FulcioCAData, &out.FulcioCAData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.RekorKeyData != nil { - in, out := &in.RekorKeyData, &out.RekorKeyData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - out.FulcioSubject = in.FulcioSubject + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + out.Status = in.Status return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyFulcioCAWithRekorRootOfTrust. -func (in *ImagePolicyFulcioCAWithRekorRootOfTrust) DeepCopy() *ImagePolicyFulcioCAWithRekorRootOfTrust { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsDataGather. +func (in *InsightsDataGather) DeepCopy() *InsightsDataGather { if in == nil { return nil } - out := new(ImagePolicyFulcioCAWithRekorRootOfTrust) + out := new(InsightsDataGather) in.DeepCopyInto(out) return out } +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *InsightsDataGather) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImagePolicyList) DeepCopyInto(out *ImagePolicyList) { +func (in *InsightsDataGatherList) DeepCopyInto(out *InsightsDataGatherList) { *out = *in out.TypeMeta = in.TypeMeta in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]ImagePolicy, len(*in)) + *out = make([]InsightsDataGather, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -636,18 +664,18 @@ func (in *ImagePolicyList) DeepCopyInto(out *ImagePolicyList) { return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyList. -func (in *ImagePolicyList) DeepCopy() *ImagePolicyList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsDataGatherList. +func (in *InsightsDataGatherList) DeepCopy() *InsightsDataGatherList { if in == nil { return nil } - out := new(ImagePolicyList) + out := new(InsightsDataGatherList) in.DeepCopyInto(out) return out } // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ImagePolicyList) DeepCopyObject() runtime.Object { +func (in *InsightsDataGatherList) DeepCopyObject() runtime.Object { if c := in.DeepCopy(); c != nil { return c } @@ -655,211 +683,149 @@ func (in *ImagePolicyList) DeepCopyObject() runtime.Object { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImagePolicyPKIRootOfTrust) DeepCopyInto(out *ImagePolicyPKIRootOfTrust) { +func (in *InsightsDataGatherSpec) DeepCopyInto(out *InsightsDataGatherSpec) { *out = *in - if in.CertificateAuthorityRootsData != nil { - in, out := &in.CertificateAuthorityRootsData, &out.CertificateAuthorityRootsData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.CertificateAuthorityIntermediatesData != nil { - in, out := &in.CertificateAuthorityIntermediatesData, &out.CertificateAuthorityIntermediatesData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - out.PKICertificateSubject = in.PKICertificateSubject + in.GatherConfig.DeepCopyInto(&out.GatherConfig) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyPKIRootOfTrust. -func (in *ImagePolicyPKIRootOfTrust) DeepCopy() *ImagePolicyPKIRootOfTrust { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsDataGatherSpec. +func (in *InsightsDataGatherSpec) DeepCopy() *InsightsDataGatherSpec { if in == nil { return nil } - out := new(ImagePolicyPKIRootOfTrust) + out := new(InsightsDataGatherSpec) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImagePolicyPublicKeyRootOfTrust) DeepCopyInto(out *ImagePolicyPublicKeyRootOfTrust) { +func (in *InsightsDataGatherStatus) DeepCopyInto(out *InsightsDataGatherStatus) { *out = *in - if in.KeyData != nil { - in, out := &in.KeyData, &out.KeyData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.RekorKeyData != nil { - in, out := &in.RekorKeyData, &out.RekorKeyData - *out = make([]byte, len(*in)) - copy(*out, *in) - } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyPublicKeyRootOfTrust. -func (in *ImagePolicyPublicKeyRootOfTrust) DeepCopy() *ImagePolicyPublicKeyRootOfTrust { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsDataGatherStatus. +func (in *InsightsDataGatherStatus) DeepCopy() *InsightsDataGatherStatus { if in == nil { return nil } - out := new(ImagePolicyPublicKeyRootOfTrust) + out := new(InsightsDataGatherStatus) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImagePolicySpec) DeepCopyInto(out *ImagePolicySpec) { +func (in *KeepEqualActionConfig) DeepCopyInto(out *KeepEqualActionConfig) { *out = *in - if in.Scopes != nil { - in, out := &in.Scopes, &out.Scopes - *out = make([]ImageScope, len(*in)) - copy(*out, *in) - } - in.Policy.DeepCopyInto(&out.Policy) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicySpec. -func (in *ImagePolicySpec) DeepCopy() *ImagePolicySpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeepEqualActionConfig. +func (in *KeepEqualActionConfig) DeepCopy() *KeepEqualActionConfig { if in == nil { return nil } - out := new(ImagePolicySpec) + out := new(KeepEqualActionConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImagePolicyStatus) DeepCopyInto(out *ImagePolicyStatus) { +func (in *KeyConfig) DeepCopyInto(out *KeyConfig) { *out = *in - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]metav1.Condition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } + out.RSA = in.RSA + out.ECDSA = in.ECDSA return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImagePolicyStatus. -func (in *ImagePolicyStatus) DeepCopy() *ImagePolicyStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyConfig. +func (in *KeyConfig) DeepCopy() *KeyConfig { if in == nil { return nil } - out := new(ImagePolicyStatus) + out := new(KeyConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ImageSigstoreVerificationPolicy) DeepCopyInto(out *ImageSigstoreVerificationPolicy) { +func (in *Label) DeepCopyInto(out *Label) { *out = *in - in.RootOfTrust.DeepCopyInto(&out.RootOfTrust) - in.SignedIdentity.DeepCopyInto(&out.SignedIdentity) return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageSigstoreVerificationPolicy. -func (in *ImageSigstoreVerificationPolicy) DeepCopy() *ImageSigstoreVerificationPolicy { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Label. +func (in *Label) DeepCopy() *Label { if in == nil { return nil } - out := new(ImageSigstoreVerificationPolicy) + out := new(Label) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InsightsDataGather) DeepCopyInto(out *InsightsDataGather) { +func (in *LabelMapActionConfig) DeepCopyInto(out *LabelMapActionConfig) { *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - out.Status = in.Status return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsDataGather. -func (in *InsightsDataGather) DeepCopy() *InsightsDataGather { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LabelMapActionConfig. +func (in *LabelMapActionConfig) DeepCopy() *LabelMapActionConfig { if in == nil { return nil } - out := new(InsightsDataGather) + out := new(LabelMapActionConfig) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *InsightsDataGather) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InsightsDataGatherList) DeepCopyInto(out *InsightsDataGatherList) { +func (in *LowercaseActionConfig) DeepCopyInto(out *LowercaseActionConfig) { *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]InsightsDataGather, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsDataGatherList. -func (in *InsightsDataGatherList) DeepCopy() *InsightsDataGatherList { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LowercaseActionConfig. +func (in *LowercaseActionConfig) DeepCopy() *LowercaseActionConfig { if in == nil { return nil } - out := new(InsightsDataGatherList) + out := new(LowercaseActionConfig) in.DeepCopyInto(out) return out } -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *InsightsDataGatherList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InsightsDataGatherSpec) DeepCopyInto(out *InsightsDataGatherSpec) { +func (in *MetadataConfig) DeepCopyInto(out *MetadataConfig) { *out = *in - in.GatherConfig.DeepCopyInto(&out.GatherConfig) + out.Custom = in.Custom return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsDataGatherSpec. -func (in *InsightsDataGatherSpec) DeepCopy() *InsightsDataGatherSpec { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetadataConfig. +func (in *MetadataConfig) DeepCopy() *MetadataConfig { if in == nil { return nil } - out := new(InsightsDataGatherSpec) + out := new(MetadataConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InsightsDataGatherStatus) DeepCopyInto(out *InsightsDataGatherStatus) { +func (in *MetadataConfigCustom) DeepCopyInto(out *MetadataConfigCustom) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsDataGatherStatus. -func (in *InsightsDataGatherStatus) DeepCopy() *InsightsDataGatherStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetadataConfigCustom. +func (in *MetadataConfigCustom) DeepCopy() *MetadataConfigCustom { if in == nil { return nil } - out := new(InsightsDataGatherStatus) + out := new(MetadataConfigCustom) in.DeepCopyInto(out) return out } @@ -910,155 +876,312 @@ func (in *MetricsServerConfig) DeepCopy() *MetricsServerConfig { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PKICertificateSubject) DeepCopyInto(out *PKICertificateSubject) { +func (in *OAuth2) DeepCopyInto(out *OAuth2) { *out = *in + out.ClientID = in.ClientID + out.ClientSecret = in.ClientSecret + if in.Scopes != nil { + in, out := &in.Scopes, &out.Scopes + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.EndpointParams != nil { + in, out := &in.EndpointParams, &out.EndpointParams + *out = make([]OAuth2EndpointParam, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKICertificateSubject. -func (in *PKICertificateSubject) DeepCopy() *PKICertificateSubject { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2. +func (in *OAuth2) DeepCopy() *OAuth2 { if in == nil { return nil } - out := new(PKICertificateSubject) + out := new(OAuth2) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PersistentVolumeClaimReference) DeepCopyInto(out *PersistentVolumeClaimReference) { +func (in *OAuth2EndpointParam) DeepCopyInto(out *OAuth2EndpointParam) { *out = *in + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeClaimReference. -func (in *PersistentVolumeClaimReference) DeepCopy() *PersistentVolumeClaimReference { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth2EndpointParam. +func (in *OAuth2EndpointParam) DeepCopy() *OAuth2EndpointParam { if in == nil { return nil } - out := new(PersistentVolumeClaimReference) + out := new(OAuth2EndpointParam) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PersistentVolumeConfig) DeepCopyInto(out *PersistentVolumeConfig) { +func (in *OpenShiftStateMetricsConfig) DeepCopyInto(out *OpenShiftStateMetricsConfig) { *out = *in - out.Claim = in.Claim + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeConfig. -func (in *PersistentVolumeConfig) DeepCopy() *PersistentVolumeConfig { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenShiftStateMetricsConfig. +func (in *OpenShiftStateMetricsConfig) DeepCopy() *OpenShiftStateMetricsConfig { if in == nil { return nil } - out := new(PersistentVolumeConfig) + out := new(OpenShiftStateMetricsConfig) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyFulcioSubject) DeepCopyInto(out *PolicyFulcioSubject) { +func (in *PKI) DeepCopyInto(out *PKI) { *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyFulcioSubject. -func (in *PolicyFulcioSubject) DeepCopy() *PolicyFulcioSubject { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKI. +func (in *PKI) DeepCopy() *PKI { if in == nil { return nil } - out := new(PolicyFulcioSubject) + out := new(PKI) in.DeepCopyInto(out) return out } +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PKI) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyIdentity) DeepCopyInto(out *PolicyIdentity) { +func (in *PKICertificateManagement) DeepCopyInto(out *PKICertificateManagement) { *out = *in - if in.PolicyMatchExactRepository != nil { - in, out := &in.PolicyMatchExactRepository, &out.PolicyMatchExactRepository - *out = new(PolicyMatchExactRepository) - **out = **in + out.Custom = in.Custom + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKICertificateManagement. +func (in *PKICertificateManagement) DeepCopy() *PKICertificateManagement { + if in == nil { + return nil } - if in.PolicyMatchRemapIdentity != nil { - in, out := &in.PolicyMatchRemapIdentity, &out.PolicyMatchRemapIdentity - *out = new(PolicyMatchRemapIdentity) - **out = **in + out := new(PKICertificateManagement) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PKIList) DeepCopyInto(out *PKIList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]PKI, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyIdentity. -func (in *PolicyIdentity) DeepCopy() *PolicyIdentity { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKIList. +func (in *PKIList) DeepCopy() *PKIList { if in == nil { return nil } - out := new(PolicyIdentity) + out := new(PKIList) in.DeepCopyInto(out) return out } +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PKIList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyMatchExactRepository) DeepCopyInto(out *PolicyMatchExactRepository) { +func (in *PKIProfile) DeepCopyInto(out *PKIProfile) { *out = *in + out.Defaults = in.Defaults + out.SignerCertificates = in.SignerCertificates + out.ServingCertificates = in.ServingCertificates + out.ClientCertificates = in.ClientCertificates return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyMatchExactRepository. -func (in *PolicyMatchExactRepository) DeepCopy() *PolicyMatchExactRepository { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKIProfile. +func (in *PKIProfile) DeepCopy() *PKIProfile { if in == nil { return nil } - out := new(PolicyMatchExactRepository) + out := new(PKIProfile) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyMatchRemapIdentity) DeepCopyInto(out *PolicyMatchRemapIdentity) { +func (in *PKISpec) DeepCopyInto(out *PKISpec) { *out = *in + out.CertificateManagement = in.CertificateManagement return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyMatchRemapIdentity. -func (in *PolicyMatchRemapIdentity) DeepCopy() *PolicyMatchRemapIdentity { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PKISpec. +func (in *PKISpec) DeepCopy() *PKISpec { if in == nil { return nil } - out := new(PolicyMatchRemapIdentity) + out := new(PKISpec) in.DeepCopyInto(out) return out } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PolicyRootOfTrust) DeepCopyInto(out *PolicyRootOfTrust) { +func (in *PersistentVolumeClaimReference) DeepCopyInto(out *PersistentVolumeClaimReference) { *out = *in - if in.PublicKey != nil { - in, out := &in.PublicKey, &out.PublicKey - *out = new(ImagePolicyPublicKeyRootOfTrust) - (*in).DeepCopyInto(*out) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeClaimReference. +func (in *PersistentVolumeClaimReference) DeepCopy() *PersistentVolumeClaimReference { + if in == nil { + return nil } - if in.FulcioCAWithRekor != nil { - in, out := &in.FulcioCAWithRekor, &out.FulcioCAWithRekor - *out = new(ImagePolicyFulcioCAWithRekorRootOfTrust) - (*in).DeepCopyInto(*out) + out := new(PersistentVolumeClaimReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PersistentVolumeConfig) DeepCopyInto(out *PersistentVolumeConfig) { + *out = *in + out.Claim = in.Claim + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeConfig. +func (in *PersistentVolumeConfig) DeepCopy() *PersistentVolumeConfig { + if in == nil { + return nil + } + out := new(PersistentVolumeConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrometheusConfig) DeepCopyInto(out *PrometheusConfig) { + *out = *in + if in.AdditionalAlertmanagerConfigs != nil { + in, out := &in.AdditionalAlertmanagerConfigs, &out.AdditionalAlertmanagerConfigs + *out = make([]AdditionalAlertmanagerConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ExternalLabels != nil { + in, out := &in.ExternalLabels, &out.ExternalLabels + *out = make([]Label, len(*in)) + copy(*out, *in) + } + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.RemoteWrite != nil { + in, out := &in.RemoteWrite, &out.RemoteWrite + *out = make([]RemoteWriteSpec, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } - if in.PKI != nil { - in, out := &in.PKI, &out.PKI - *out = new(ImagePolicyPKIRootOfTrust) + out.Retention = in.Retention + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.VolumeClaimTemplate != nil { + in, out := &in.VolumeClaimTemplate, &out.VolumeClaimTemplate + *out = new(v1.PersistentVolumeClaim) (*in).DeepCopyInto(*out) } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyRootOfTrust. -func (in *PolicyRootOfTrust) DeepCopy() *PolicyRootOfTrust { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusConfig. +func (in *PrometheusConfig) DeepCopy() *PrometheusConfig { if in == nil { return nil } - out := new(PolicyRootOfTrust) + out := new(PrometheusConfig) in.DeepCopyInto(out) return out } @@ -1137,6 +1260,200 @@ func (in *PrometheusOperatorConfig) DeepCopy() *PrometheusOperatorConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrometheusRemoteWriteHeader) DeepCopyInto(out *PrometheusRemoteWriteHeader) { + *out = *in + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrometheusRemoteWriteHeader. +func (in *PrometheusRemoteWriteHeader) DeepCopy() *PrometheusRemoteWriteHeader { + if in == nil { + return nil + } + out := new(PrometheusRemoteWriteHeader) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *QueueConfig) DeepCopyInto(out *QueueConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueueConfig. +func (in *QueueConfig) DeepCopy() *QueueConfig { + if in == nil { + return nil + } + out := new(QueueConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RSAKeyConfig) DeepCopyInto(out *RSAKeyConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RSAKeyConfig. +func (in *RSAKeyConfig) DeepCopy() *RSAKeyConfig { + if in == nil { + return nil + } + out := new(RSAKeyConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RelabelActionConfig) DeepCopyInto(out *RelabelActionConfig) { + *out = *in + in.Replace.DeepCopyInto(&out.Replace) + out.HashMod = in.HashMod + out.LabelMap = in.LabelMap + out.Lowercase = in.Lowercase + out.Uppercase = in.Uppercase + out.KeepEqual = in.KeepEqual + out.DropEqual = in.DropEqual + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RelabelActionConfig. +func (in *RelabelActionConfig) DeepCopy() *RelabelActionConfig { + if in == nil { + return nil + } + out := new(RelabelActionConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RelabelConfig) DeepCopyInto(out *RelabelConfig) { + *out = *in + if in.SourceLabels != nil { + in, out := &in.SourceLabels, &out.SourceLabels + *out = make([]string, len(*in)) + copy(*out, *in) + } + in.Action.DeepCopyInto(&out.Action) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RelabelConfig. +func (in *RelabelConfig) DeepCopy() *RelabelConfig { + if in == nil { + return nil + } + out := new(RelabelConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RemoteWriteAuthorization) DeepCopyInto(out *RemoteWriteAuthorization) { + *out = *in + if in.SafeAuthorization != nil { + in, out := &in.SafeAuthorization, &out.SafeAuthorization + *out = new(v1.SecretKeySelector) + (*in).DeepCopyInto(*out) + } + out.BearerToken = in.BearerToken + out.BasicAuth = in.BasicAuth + in.OAuth2.DeepCopyInto(&out.OAuth2) + out.Sigv4 = in.Sigv4 + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteWriteAuthorization. +func (in *RemoteWriteAuthorization) DeepCopy() *RemoteWriteAuthorization { + if in == nil { + return nil + } + out := new(RemoteWriteAuthorization) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RemoteWriteSpec) DeepCopyInto(out *RemoteWriteSpec) { + *out = *in + in.AuthorizationConfig.DeepCopyInto(&out.AuthorizationConfig) + if in.Headers != nil { + in, out := &in.Headers, &out.Headers + *out = make([]PrometheusRemoteWriteHeader, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + out.MetadataConfig = in.MetadataConfig + out.QueueConfig = in.QueueConfig + out.TLSConfig = in.TLSConfig + if in.WriteRelabelConfigs != nil { + in, out := &in.WriteRelabelConfigs, &out.WriteRelabelConfigs + *out = make([]RelabelConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteWriteSpec. +func (in *RemoteWriteSpec) DeepCopy() *RemoteWriteSpec { + if in == nil { + return nil + } + out := new(RemoteWriteSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReplaceActionConfig) DeepCopyInto(out *ReplaceActionConfig) { + *out = *in + if in.Replacement != nil { + in, out := &in.Replacement, &out.Replacement + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReplaceActionConfig. +func (in *ReplaceActionConfig) DeepCopy() *ReplaceActionConfig { + if in == nil { + return nil + } + out := new(ReplaceActionConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Retention) DeepCopyInto(out *Retention) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Retention. +func (in *Retention) DeepCopy() *Retention { + if in == nil { + return nil + } + out := new(Retention) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RetentionNumberConfig) DeepCopyInto(out *RetentionNumberConfig) { *out = *in @@ -1195,6 +1512,40 @@ func (in *RetentionSizeConfig) DeepCopy() *RetentionSizeConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretKeySelector) DeepCopyInto(out *SecretKeySelector) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeySelector. +func (in *SecretKeySelector) DeepCopy() *SecretKeySelector { + if in == nil { + return nil + } + out := new(SecretKeySelector) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Sigv4) DeepCopyInto(out *Sigv4) { + *out = *in + out.AccessKey = in.AccessKey + out.SecretKey = in.SecretKey + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Sigv4. +func (in *Sigv4) DeepCopy() *Sigv4 { + if in == nil { + return nil + } + out := new(Sigv4) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Storage) DeepCopyInto(out *Storage) { *out = *in @@ -1216,6 +1567,129 @@ func (in *Storage) DeepCopy() *Storage { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TLSConfig) DeepCopyInto(out *TLSConfig) { + *out = *in + out.CA = in.CA + out.Cert = in.Cert + out.Key = in.Key + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSConfig. +func (in *TLSConfig) DeepCopy() *TLSConfig { + if in == nil { + return nil + } + out := new(TLSConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TelemeterClientConfig) DeepCopyInto(out *TelemeterClientConfig) { + *out = *in + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TelemeterClientConfig. +func (in *TelemeterClientConfig) DeepCopy() *TelemeterClientConfig { + if in == nil { + return nil + } + out := new(TelemeterClientConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ThanosQuerierConfig) DeepCopyInto(out *ThanosQuerierConfig) { + *out = *in + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ThanosQuerierConfig. +func (in *ThanosQuerierConfig) DeepCopy() *ThanosQuerierConfig { + if in == nil { + return nil + } + out := new(ThanosQuerierConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UppercaseActionConfig) DeepCopyInto(out *UppercaseActionConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UppercaseActionConfig. +func (in *UppercaseActionConfig) DeepCopy() *UppercaseActionConfig { + if in == nil { + return nil + } + out := new(UppercaseActionConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *UserDefinedMonitoring) DeepCopyInto(out *UserDefinedMonitoring) { *out = *in diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml index 14091b5872..b2a1241937 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml @@ -44,30 +44,6 @@ criocredentialproviderconfigs.config.openshift.io: - CRIOCredentialProviderConfig Version: v1alpha1 -clusterimagepolicies.config.openshift.io: - Annotations: {} - ApprovedPRNumber: https://github.com/openshift/api/pull/1457 - CRDName: clusterimagepolicies.config.openshift.io - Capability: "" - Category: "" - FeatureGates: - - SigstoreImageVerification - - SigstoreImageVerificationPKI - FilenameOperatorName: config-operator - FilenameOperatorOrdering: "01" - FilenameRunLevel: "0000_10" - GroupName: config.openshift.io - HasStatus: true - KindName: ClusterImagePolicy - Labels: {} - PluralName: clusterimagepolicies - PrinterColumns: [] - Scope: Cluster - ShortNames: null - TopLevelFeatureGates: - - SigstoreImageVerification - Version: v1alpha1 - clustermonitorings.config.openshift.io: Annotations: description: Cluster Monitoring Operators configuration API @@ -92,50 +68,49 @@ clustermonitorings.config.openshift.io: - ClusterMonitoringConfig Version: v1alpha1 -imagepolicies.config.openshift.io: +insightsdatagathers.config.openshift.io: Annotations: {} - ApprovedPRNumber: https://github.com/openshift/api/pull/1457 - CRDName: imagepolicies.config.openshift.io - Capability: "" + ApprovedPRNumber: https://github.com/openshift/api/pull/1245 + CRDName: insightsdatagathers.config.openshift.io + Capability: Insights Category: "" FeatureGates: - - SigstoreImageVerification - - SigstoreImageVerificationPKI + - InsightsConfig FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" GroupName: config.openshift.io HasStatus: true - KindName: ImagePolicy + KindName: InsightsDataGather Labels: {} - PluralName: imagepolicies + PluralName: insightsdatagathers PrinterColumns: [] - Scope: Namespaced + Scope: Cluster ShortNames: null TopLevelFeatureGates: - - SigstoreImageVerification + - InsightsConfig Version: v1alpha1 -insightsdatagathers.config.openshift.io: +pkis.config.openshift.io: Annotations: {} - ApprovedPRNumber: https://github.com/openshift/api/pull/1245 - CRDName: insightsdatagathers.config.openshift.io - Capability: Insights + ApprovedPRNumber: https://github.com/openshift/api/pull/2645 + CRDName: pkis.config.openshift.io + Capability: "" Category: "" FeatureGates: - - InsightsConfig + - ConfigurablePKI FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" GroupName: config.openshift.io - HasStatus: true - KindName: InsightsDataGather + HasStatus: false + KindName: PKI Labels: {} - PluralName: insightsdatagathers + PluralName: pkis PrinterColumns: [] Scope: Cluster ShortNames: null TopLevelFeatureGates: - - InsightsConfig + - ConfigurablePKI Version: v1alpha1 diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go index 343947f591..a95db9b463 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -80,42 +80,19 @@ func (RetentionSizeConfig) SwaggerDoc() map[string]string { return map_RetentionSizeConfig } -var map_ClusterImagePolicy = map[string]string{ - "": "ClusterImagePolicy holds cluster-wide configuration for image signature verification\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "spec": "spec contains the configuration for the cluster image policy.", - "status": "status contains the observed state of the resource.", -} - -func (ClusterImagePolicy) SwaggerDoc() map[string]string { - return map_ClusterImagePolicy -} - -var map_ClusterImagePolicyList = map[string]string{ - "": "ClusterImagePolicyList is a list of ClusterImagePolicy resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", -} - -func (ClusterImagePolicyList) SwaggerDoc() map[string]string { - return map_ClusterImagePolicyList -} - -var map_ClusterImagePolicySpec = map[string]string{ - "": "CLusterImagePolicySpec is the specification of the ClusterImagePolicy custom resource.", - "scopes": "scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", - "policy": "policy contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", -} - -func (ClusterImagePolicySpec) SwaggerDoc() map[string]string { - return map_ClusterImagePolicySpec +var map_AdditionalAlertmanagerConfig = map[string]string{ + "": "AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. The `AdditionalAlertmanagerConfig` resource defines settings for how a component communicates with additional Alertmanager instances.", + "name": "name is a unique identifier for this Alertmanager configuration entry. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. Minimum length is 1 character (empty string is invalid). Maximum length is 253 characters.", + "authorization": "authorization configures the authentication method for Alertmanager connections. Supports bearer token authentication. When omitted, no authentication is used.", + "pathPrefix": "pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. For example, if your Alertmanager is behind a reverse proxy at \"/alertmanager/\", set this to \"/alertmanager\" so requests go to \"/alertmanager/api/v1/alerts\" instead of \"/api/v1/alerts\". This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. When no prefix is needed, omit this field; do not set it to \"/\" as that would produce paths with double slashes (e.g. \"//api/v1/alerts\"). Must start with \"/\", must not end with \"/\", and must not be exactly \"/\". Must not contain query strings (\"?\") or fragments (\"#\").", + "scheme": "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `HTTP`.", + "staticConfigs": "staticConfigs is a list of statically configured Alertmanager endpoints in the form of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address (in brackets) followed by a colon and a valid port number (1-65535). Examples: \"alertmanager.example.com:9093\", \"192.168.1.100:9093\", \"[::1]:9093\" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). Each entry must be unique and non-empty (empty string is invalid).", + "timeoutSeconds": "timeoutSeconds defines the timeout in seconds for requests to Alertmanager. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Currently the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "tlsConfig": "tlsConfig defines the TLS settings to use for Alertmanager connections. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", } -var map_ClusterImagePolicyStatus = map[string]string{ - "conditions": "conditions provide details on the status of this API Resource.", -} - -func (ClusterImagePolicyStatus) SwaggerDoc() map[string]string { - return map_ClusterImagePolicyStatus +func (AdditionalAlertmanagerConfig) SwaggerDoc() map[string]string { + return map_AdditionalAlertmanagerConfig } var map_AlertmanagerConfig = map[string]string{ @@ -132,11 +109,11 @@ var map_AlertmanagerCustomConfig = map[string]string{ "": "AlertmanagerCustomConfig represents the configuration for a custom Alertmanager deployment. alertmanagerCustomConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", "logLevel": "logLevel defines the verbosity of logs emitted by Alertmanager. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", - "resources": "resources defines the compute resource requests and limits for the Alertmanager container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", + "resources": "resources defines the compute resource requests and limits for the Alertmanager container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", "secrets": "secrets defines a list of secrets that need to be mounted into the Alertmanager. The secrets must reside within the same namespace as the Alertmanager object. They will be added as volumes named secret- and mounted at /etc/alertmanager/secrets/ within the 'alertmanager' container of the Alertmanager Pods.\n\nThese secrets can be used to authenticate Alertmanager with endpoint receivers. For example, you can use secrets to: - Provide certificates for TLS authentication with receivers that require private CA certificates - Store credentials for Basic HTTP authentication with receivers that require password-based auth - Store any other authentication credentials needed by your alert receivers\n\nThis field is optional. Maximum length for this list is 10. Minimum length for this list is 1. Entries in this list must be unique.", "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Alertmanager Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", - "volumeClaimTemplate": "volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class, volume size, and name. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. This field is optional.", + "volumeClaimTemplate": "volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts.", } func (AlertmanagerCustomConfig) SwaggerDoc() map[string]string { @@ -152,6 +129,26 @@ func (Audit) SwaggerDoc() map[string]string { return map_Audit } +var map_AuthorizationConfig = map[string]string{ + "": "AuthorizationConfig defines the authentication method for Alertmanager connections.", + "type": "type specifies the authentication type to use. Valid value is \"BearerToken\" (bearer token authentication). When set to BearerToken, the bearerToken field must be specified.", + "bearerToken": "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", and forbidden otherwise. The secret must exist in the openshift-monitoring namespace.", +} + +func (AuthorizationConfig) SwaggerDoc() map[string]string { + return map_AuthorizationConfig +} + +var map_BasicAuth = map[string]string{ + "": "BasicAuth defines basic authentication settings for the remote write endpoint URL.", + "username": "username defines the secret reference containing the username for basic authentication. The secret must exist in the openshift-monitoring namespace.", + "password": "password defines the secret reference containing the password for basic authentication. The secret must exist in the openshift-monitoring namespace.", +} + +func (BasicAuth) SwaggerDoc() map[string]string { + return map_BasicAuth +} + var map_ClusterMonitoring = map[string]string{ "": "ClusterMonitoring is the Custom Resource object which holds the current status of Cluster Monitoring Operator. CMO is a central component of the monitoring stack.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. ClusterMonitoring is the Schema for the Cluster Monitoring Operators API", "metadata": "metadata is the standard object metadata.", @@ -177,9 +174,13 @@ var map_ClusterMonitoringSpec = map[string]string{ "": "ClusterMonitoringSpec defines the desired state of Cluster Monitoring Operator", "userDefined": "userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. userDefined is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `Disabled`.", "alertmanagerConfig": "alertmanagerConfig allows users to configure how the default Alertmanager instance should be deployed in the `openshift-monitoring` namespace. alertmanagerConfig is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `DefaultConfig`.", + "prometheusConfig": "prometheusConfig provides configuration options for the default platform Prometheus instance that runs in the `openshift-monitoring` namespace. This configuration applies only to the platform Prometheus instance; user-workload Prometheus instances are configured separately.\n\nThis field allows you to customize how the platform Prometheus is deployed and operated, including:\n - Pod scheduling (node selectors, tolerations, topology spread constraints)\n - Resource allocation (CPU, memory requests/limits)\n - Retention policies (how long metrics are stored)\n - External integrations (remote write, additional alertmanagers)\n\nThis field is optional. When omitted, the platform chooses reasonable defaults, which may change over time.", "metricsServerConfig": "metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", "prometheusOperatorConfig": "prometheusOperatorConfig is an optional field that can be used to configure the Prometheus Operator component. Specifically, it can configure how the Prometheus Operator instance is deployed, pod scheduling, and resource allocation. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", "prometheusOperatorAdmissionWebhookConfig": "prometheusOperatorAdmissionWebhookConfig is an optional field that can be used to configure the admission webhook component of Prometheus Operator that runs in the openshift-monitoring namespace. The admission webhook validates PrometheusRule and AlertmanagerConfig objects to ensure they are semantically valid, mutates PrometheusRule annotations, and converts AlertmanagerConfig objects between API versions. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "openShiftStateMetricsConfig": "openShiftStateMetricsConfig is an optional field that can be used to configure the openshift-state-metrics agent that runs in the openshift-monitoring namespace. The openshift-state-metrics agent generates metrics about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "telemeterClientConfig": "telemeterClientConfig is an optional field that can be used to configure the Telemeter Client component that runs in the openshift-monitoring namespace. The Telemeter Client collects selected monitoring metrics and forwards them to Red Hat for telemetry purposes. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. When set, at least one field must be specified within telemeterClientConfig.", + "thanosQuerierConfig": "thanosQuerierConfig is an optional field that can be used to configure the Thanos Querier component that runs in the openshift-monitoring namespace. The Thanos Querier provides a global query view by aggregating and deduplicating metrics from multiple Prometheus instances. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default deploys the Thanos Querier on linux nodes with 5m CPU and 12Mi memory requests, and no custom tolerations or topology spread constraints. When set, at least one field must be specified within thanosQuerierConfig.", } func (ClusterMonitoringSpec) SwaggerDoc() map[string]string { @@ -197,7 +198,7 @@ func (ClusterMonitoringStatus) SwaggerDoc() map[string]string { var map_ContainerResource = map[string]string{ "": "ContainerResource defines a single resource requirement for a container.", "name": "name of the resource (e.g. \"cpu\", \"memory\", \"hugepages-2Mi\"). This field is required. name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character.", - "request": "request is the minimum amount of the resource required (e.g. \"2Mi\", \"1Gi\"). This field is optional. When limit is specified, request cannot be greater than limit.", + "request": "request is the minimum amount of the resource required (e.g. \"2Mi\", \"1Gi\"). This field is optional. When limit is specified, request cannot be greater than limit. The value must be greater than 0 when specified.", "limit": "limit is the maximum amount of the resource allowed (e.g. \"2Mi\", \"1Gi\"). This field is optional. When request is specified, limit cannot be less than request. The value must be greater than 0 when specified.", } @@ -205,13 +206,88 @@ func (ContainerResource) SwaggerDoc() map[string]string { return map_ContainerResource } +var map_DropEqualActionConfig = map[string]string{ + "": "DropEqualActionConfig configures the DropEqual action. Drops targets for which the concatenated source_labels do match the value of target_label. Requires Prometheus >= v2.41.0.", + "targetLabel": "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. Must be between 1 and 128 characters in length.", +} + +func (DropEqualActionConfig) SwaggerDoc() map[string]string { + return map_DropEqualActionConfig +} + +var map_HashModActionConfig = map[string]string{ + "": "HashModActionConfig configures the HashMod action. target_label is set to the modulus of a hash of the concatenated source_labels (target = hash % modulus).", + "targetLabel": "targetLabel is the label name where the hash modulus result is written. Must be between 1 and 128 characters in length.", + "modulus": "modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). Required when using the HashMod action so the intended behavior is explicit. Must be between 1 and 1000000.", +} + +func (HashModActionConfig) SwaggerDoc() map[string]string { + return map_HashModActionConfig +} + +var map_KeepEqualActionConfig = map[string]string{ + "": "KeepEqualActionConfig configures the KeepEqual action. Drops targets for which the concatenated source_labels do not match the value of target_label. Requires Prometheus >= v2.41.0.", + "targetLabel": "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. Must be between 1 and 128 characters in length.", +} + +func (KeepEqualActionConfig) SwaggerDoc() map[string]string { + return map_KeepEqualActionConfig +} + +var map_Label = map[string]string{ + "": "Label represents a key/value pair for external labels.", + "key": "key is the name of the label. Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. Must be between 1 and 128 characters in length.", + "value": "value is the value of the label. Must be between 1 and 128 characters in length.", +} + +func (Label) SwaggerDoc() map[string]string { + return map_Label +} + +var map_LabelMapActionConfig = map[string]string{ + "": "LabelMapActionConfig configures the LabelMap action. Regex is matched against all source label names (not just source_labels). Matching label values are copied to new label names given by replacement, with match group references (${1}, ${2}, ...) substituted.", + "replacement": "replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. Required when using the LabelMap action so the intended behavior is explicit and the platform does not need to apply defaults. Use \"$1\" for the first capture group, \"$2\" for the second, etc. Must be between 1 and 255 characters in length. Empty string is invalid as it would produce invalid label names.", +} + +func (LabelMapActionConfig) SwaggerDoc() map[string]string { + return map_LabelMapActionConfig +} + +var map_LowercaseActionConfig = map[string]string{ + "": "LowercaseActionConfig configures the Lowercase action. Maps the concatenated source_labels to their lower case and writes to target_label. Requires Prometheus >= v2.36.0.", + "targetLabel": "targetLabel is the label name where the lower-cased value is written. Must be between 1 and 128 characters in length.", +} + +func (LowercaseActionConfig) SwaggerDoc() map[string]string { + return map_LowercaseActionConfig +} + +var map_MetadataConfig = map[string]string{ + "": "MetadataConfig defines whether and how to send series metadata to remote write storage.", + "sendPolicy": "sendPolicy specifies whether to send metadata and how it is configured. Default: send metadata using platform-chosen defaults (e.g. send interval 30 seconds). Custom: send metadata using the settings in the custom field.", + "custom": "custom defines custom metadata send settings. Required when sendPolicy is Custom (must have at least one property), and forbidden when sendPolicy is Default.", +} + +func (MetadataConfig) SwaggerDoc() map[string]string { + return map_MetadataConfig +} + +var map_MetadataConfigCustom = map[string]string{ + "": "MetadataConfigCustom defines custom settings for sending series metadata when sendPolicy is Custom. At least one property must be set when sendPolicy is Custom (e.g. sendIntervalSeconds).", + "sendIntervalSeconds": "sendIntervalSeconds is the interval in seconds at which metadata is sent. When omitted, the platform chooses a reasonable default (e.g. 30 seconds). Minimum value is 1 second. Maximum value is 86400 seconds (24 hours).", +} + +func (MetadataConfigCustom) SwaggerDoc() map[string]string { + return map_MetadataConfigCustom +} + var map_MetricsServerConfig = map[string]string{ "": "MetricsServerConfig provides configuration options for the Metrics Server instance that runs in the `openshift-monitoring` namespace. Use this configuration to control how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled.", "audit": "audit defines the audit configuration used by the Metrics Server instance. audit is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default sets audit.profile to Metadata", "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", "verbosity": "verbosity defines the verbosity of log messages for Metrics Server. Valid values are Errors, Info, Trace, TraceAll and omitted. When set to Errors, only critical messages and errors are logged. When set to Info, only basic information messages are logged. When set to Trace, information useful for general debugging is logged. When set to TraceAll, detailed information about metric scraping is logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Errors`", - "resources": "resources defines the compute resource requests and limits for the Metrics Server container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", + "resources": "resources defines the compute resource requests and limits for the Metrics Server container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", } @@ -219,9 +295,65 @@ func (MetricsServerConfig) SwaggerDoc() map[string]string { return map_MetricsServerConfig } +var map_OAuth2 = map[string]string{ + "": "OAuth2 defines OAuth2 authentication settings for the remote write endpoint.", + "clientId": "clientId defines the secret reference containing the OAuth2 client ID. The secret must exist in the openshift-monitoring namespace.", + "clientSecret": "clientSecret defines the secret reference containing the OAuth2 client secret. The secret must exist in the openshift-monitoring namespace.", + "tokenUrl": "tokenUrl is the URL to fetch the token from. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + "scopes": "scopes is a list of OAuth2 scopes to request. When omitted, no scopes are requested. Maximum of 20 scopes can be specified. Each scope must be between 1 and 256 characters.", + "endpointParams": "endpointParams defines additional parameters to append to the token URL. When omitted, no additional parameters are sent. Maximum of 20 parameters can be specified. Entries must have unique names (name is the list key).", +} + +func (OAuth2) SwaggerDoc() map[string]string { + return map_OAuth2 +} + +var map_OAuth2EndpointParam = map[string]string{ + "": "OAuth2EndpointParam defines a name/value parameter for the OAuth2 token URL.", + "name": "name is the parameter name. Must be between 1 and 256 characters.", + "value": "value is the optional parameter value. When omitted, the query parameter is applied as ?name (no value). When set (including to the empty string), it is applied as ?name=value. Empty string may be used when the external system expects a parameter with an empty value (e.g. ?parameter=\"\"). Must be between 0 and 2048 characters when present (aligned with common URL length recommendations).", +} + +func (OAuth2EndpointParam) SwaggerDoc() map[string]string { + return map_OAuth2EndpointParam +} + +var map_OpenShiftStateMetricsConfig = map[string]string{ + "": "OpenShiftStateMetricsConfig provides configuration options for the openshift-state-metrics agent that runs in the `openshift-monitoring` namespace. The openshift-state-metrics agent generates metrics about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments.", + "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + "resources": "resources defines the compute resource requests and limits for the openshift-state-metrics container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 1m\n limit: null\n - name: memory\n request: 32Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how openshift-state-metrics Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", +} + +func (OpenShiftStateMetricsConfig) SwaggerDoc() map[string]string { + return map_OpenShiftStateMetricsConfig +} + +var map_PrometheusConfig = map[string]string{ + "": "PrometheusConfig provides configuration options for the Prometheus instance. Use this configuration to control Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations.", + "additionalAlertmanagerConfigs": "additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from the Prometheus component. This is useful for organizations that need to:\n - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks)\n - Route different types of alerts to different teams or systems\n - Integrate with existing enterprise alerting infrastructure\n - Maintain separate alert routing for compliance or organizational requirements\nWhen omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Entries must have unique names (name is the list key).", + "enforcedBodySizeLimitBytes": "enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. If a scraped target's body response is larger than the limit, the scrape will fail. This helps protect Prometheus from targets that return excessively large responses. The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). When omitted, the Cluster Monitoring Operator automatically calculates an appropriate limit based on cluster capacity. Set an explicit value to override the automatic calculation. Minimum value is 10240 (10kB). Maximum value is 1073741824 (1GB).", + "externalLabels": "externalLabels defines labels to be attached to time series and alerts when communicating with external systems such as federation, remote storage, and Alertmanager. These labels are not stored with metrics on disk; they are only added when data leaves Prometheus (e.g., during federation queries, remote write, or alert notifications). At least 1 label must be specified when set, with a maximum of 50 labels allowed. Each label key must be unique within this list. When omitted, no external labels are applied.", + "logLevel": "logLevel defines the verbosity of logs emitted by Prometheus. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least one key-value pair (minimum of 1) and must not contain more than 10 entries.", + "queryLogFile": "queryLogFile specifies the file to which PromQL queries are logged. This setting can be either a filename, in which case the queries are saved to an `emptyDir` volume at `/var/log/prometheus`, or a full path to a location where an `emptyDir` volume will be mounted and the queries saved. Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but writing to any other `/dev/` path is not supported. Relative paths are also not supported. By default, PromQL queries are not logged. Must be an absolute path starting with `/` or a simple filename without path separators. Must not contain consecutive slashes, end with a slash, or include '..' path traversal. Must contain only alphanumeric characters, '.', '_', '-', or '/'. Must be between 1 and 255 characters in length.", + "remoteWrite": "remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. Remote write allows Prometheus to send metrics it collects to external long-term storage systems. When omitted, no remote write endpoints are configured. When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Entries must have unique names (name is the list key).", + "resources": "resources defines the compute resource requests and limits for the Prometheus container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + "retention": "retention configures how long Prometheus retains metrics data and how much storage it can use. When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit).", + "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Prometheus Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "collectionProfile": "collectionProfile defines the metrics collection profile that Prometheus uses to collect metrics from the platform components. Supported values are `Full` or `Minimal`. In the `Full` profile (default), Prometheus collects all metrics that are exposed by the platform components. In the `Minimal` profile, Prometheus only collects metrics necessary for the default platform alerts, recording rules, telemetry and console dashboards. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is `Full`.", + "volumeClaimTemplate": "volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and Prometheus data will not persist across restarts.", +} + +func (PrometheusConfig) SwaggerDoc() map[string]string { + return map_PrometheusConfig +} + var map_PrometheusOperatorAdmissionWebhookConfig = map[string]string{ "": "PrometheusOperatorAdmissionWebhookConfig provides configuration options for the admission webhook component of Prometheus Operator that runs in the `openshift-monitoring` namespace. The admission webhook validates PrometheusRule and AlertmanagerConfig objects, mutates PrometheusRule annotations, and converts AlertmanagerConfig objects between API versions.", - "resources": "resources defines the compute resource requests and limits for the prometheus-operator-admission-webhook container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 5m\n limit: null\n - name: memory\n request: 30Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", + "resources": "resources defines the compute resource requests and limits for the prometheus-operator-admission-webhook container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 5m\n limit: null\n - name: memory\n request: 30Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", "topologySpreadConstraints": "topologySpreadConstraints defines rules for how admission webhook Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", } @@ -233,7 +365,7 @@ var map_PrometheusOperatorConfig = map[string]string{ "": "PrometheusOperatorConfig provides configuration options for the Prometheus Operator instance Use this configuration to control how the Prometheus Operator instance is deployed, how it logs, and how its pods are scheduled.", "logLevel": "logLevel defines the verbosity of logs emitted by Prometheus Operator. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", - "resources": "resources defines the compute resource requests and limits for the Prometheus Operator container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", + "resources": "resources defines the compute resource requests and limits for the Prometheus Operator container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Prometheus Operator Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", } @@ -242,191 +374,228 @@ func (PrometheusOperatorConfig) SwaggerDoc() map[string]string { return map_PrometheusOperatorConfig } -var map_UserDefinedMonitoring = map[string]string{ - "": "UserDefinedMonitoring config for user-defined projects.", - "mode": "mode defines the different configurations of UserDefinedMonitoring Valid values are Disabled and NamespaceIsolated Disabled disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces. NamespaceIsolated enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level. The current default value is `Disabled`.", +var map_PrometheusRemoteWriteHeader = map[string]string{ + "": "PrometheusRemoteWriteHeader defines a custom HTTP header for remote write requests. The header name must not be one of the reserved headers set by Prometheus (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). Header names must contain only case-insensitive alphanumeric characters, hyphens (-), and underscores (_); other characters (e.g. emoji) are rejected by validation. Validation is enforced on the Headers field in RemoteWriteSpec.", + "name": "name is the HTTP header name. Must not be a reserved header (see type documentation). Must contain only alphanumeric characters, hyphens, and underscores; invalid characters are rejected. Must be between 1 and 256 characters.", + "value": "value is the HTTP header value. Must be at most 4096 characters.", } -func (UserDefinedMonitoring) SwaggerDoc() map[string]string { - return map_UserDefinedMonitoring +func (PrometheusRemoteWriteHeader) SwaggerDoc() map[string]string { + return map_PrometheusRemoteWriteHeader } -var map_CRIOCredentialProviderConfig = map[string]string{ - "": "CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is \"cluster\". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "spec": "spec defines the desired configuration of the CRI-O Credential Provider. This field is required and must be provided when creating the resource.", - "status": "status represents the current state of the CRIOCredentialProviderConfig. When omitted or nil, it indicates that the status has not yet been set by the controller. The controller will populate this field with validation conditions and operational state.", +var map_QueueConfig = map[string]string{ + "": "QueueConfig allows tuning configuration for remote write queue parameters. Configure this when you need to control throughput, backpressure, or retry behavior—for example to avoid overloading the remote endpoint, to reduce memory usage, or to tune for high-cardinality workloads. Consider capacity, maxShards, and batchSendDeadlineSeconds for throughput; minBackoffMilliseconds and maxBackoffMilliseconds for retries; and rateLimitedAction when the remote returns HTTP 429.", + "capacity": "capacity is the number of samples to buffer per shard before we start dropping them. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 10000. Minimum value is 1. Maximum value is 1000000.", + "maxShards": "maxShards is the maximum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 200. Minimum value is 1. Maximum value is 10000.", + "minShards": "minShards is the minimum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1. Minimum value is 1. Maximum value is 10000.", + "maxSamplesPerSend": "maxSamplesPerSend is the maximum number of samples per send. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1000. Minimum value is 1. Maximum value is 100000.", + "batchSendDeadlineSeconds": "batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 3600 seconds (1 hour).", + "minBackoffMilliseconds": "minBackoffMilliseconds is the minimum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", + "maxBackoffMilliseconds": "maxBackoffMilliseconds is the maximum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", + "rateLimitedAction": "rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). When omitted, no retries are performed on rate limit responses. When set to \"Retry\", Prometheus will retry such requests using the backoff settings above. Valid value when set is \"Retry\".", } -func (CRIOCredentialProviderConfig) SwaggerDoc() map[string]string { - return map_CRIOCredentialProviderConfig +func (QueueConfig) SwaggerDoc() map[string]string { + return map_QueueConfig } -var map_CRIOCredentialProviderConfigList = map[string]string{ - "": "CRIOCredentialProviderConfigList contains a list of CRIOCredentialProviderConfig resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +var map_RelabelActionConfig = map[string]string{ + "": "RelabelActionConfig represents the action to perform and its configuration. Exactly one action-specific configuration must be specified based on the action type.", + "type": "type specifies the action to perform on the matched labels. Allowed values are Replace, Lowercase, Uppercase, Keep, Drop, KeepEqual, DropEqual, HashMod, LabelMap, LabelDrop, LabelKeep.\n\nWhen set to Replace, regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place.\n\nWhen set to Lowercase, the concatenated source_labels are mapped to their lower case. Requires Prometheus >= v2.36.0.\n\nWhen set to Uppercase, the concatenated source_labels are mapped to their upper case. Requires Prometheus >= v2.36.0.\n\nWhen set to Keep, targets for which regex does not match the concatenated source_labels are dropped.\n\nWhen set to Drop, targets for which regex matches the concatenated source_labels are dropped.\n\nWhen set to KeepEqual, targets for which the concatenated source_labels do not match target_label are dropped. Requires Prometheus >= v2.41.0.\n\nWhen set to DropEqual, targets for which the concatenated source_labels do match target_label are dropped. Requires Prometheus >= v2.41.0.\n\nWhen set to HashMod, target_label is set to the modulus of a hash of the concatenated source_labels.\n\nWhen set to LabelMap, regex is matched against all source label names (not just source_labels); matching label values are copied to new names given by replacement with ${1}, ${2}, ... substituted.\n\nWhen set to LabelDrop, regex is matched against all label names; any label that matches is removed.\n\nWhen set to LabelKeep, regex is matched against all label names; any label that does not match is removed.", + "replace": "replace configures the Replace action. Required when type is Replace, and forbidden otherwise.", + "hashMod": "hashMod configures the HashMod action. Required when type is HashMod, and forbidden otherwise.", + "labelMap": "labelMap configures the LabelMap action. Required when type is LabelMap, and forbidden otherwise.", + "lowercase": "lowercase configures the Lowercase action. Required when type is Lowercase, and forbidden otherwise. Requires Prometheus >= v2.36.0.", + "uppercase": "uppercase configures the Uppercase action. Required when type is Uppercase, and forbidden otherwise. Requires Prometheus >= v2.36.0.", + "keepEqual": "keepEqual configures the KeepEqual action. Required when type is KeepEqual, and forbidden otherwise. Requires Prometheus >= v2.41.0.", + "dropEqual": "dropEqual configures the DropEqual action. Required when type is DropEqual, and forbidden otherwise. Requires Prometheus >= v2.41.0.", } -func (CRIOCredentialProviderConfigList) SwaggerDoc() map[string]string { - return map_CRIOCredentialProviderConfigList +func (RelabelActionConfig) SwaggerDoc() map[string]string { + return map_RelabelActionConfig } -var map_CRIOCredentialProviderConfigSpec = map[string]string{ - "": "CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider.", - "matchImages": "matchImages is a list of string patterns used to determine whether the CRI-O credential provider should be invoked for a given image. This list is passed to the kubelet CredentialProviderConfig, and if any pattern matches the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling that image or its mirrors. Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider. Conflicts between the existing platform specific provider image match configuration and this list will be handled by the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those from the CRIOCredentialProviderConfig when both match the same image. To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml). You can check the resource's Status conditions to see if any entries were ignored due to exact matches with known built-in provider patterns.\n\nThis field is optional, the items of the list must contain between 1 and 50 entries. The list is treated as a set, so duplicate entries are not allowed.\n\nFor more details, see: https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/ https://github.com/cri-o/crio-credential-provider#architecture\n\nEach entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters. Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io', and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net'). A global wildcard '*' (matching any domain) is not allowed. Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path. For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not. Each wildcard matches only a single domain label, so '*.io' does **not** match '*.k8s.io'.\n\nA match exists between an image and a matchImage when all of the below are true: Both contain the same number of domain parts and each part matches. The URL path of an matchImages must be a prefix of the target image URL path. If the matchImages contains a port, then the port must match in the image as well.\n\nExample values of matchImages: - 123456789.dkr.ecr.us-east-1.amazonaws.com - *.azurecr.io - gcr.io - *.*.registry.io - registry.io:8080/path", +var map_RelabelConfig = map[string]string{ + "": "RelabelConfig represents a relabeling rule.", + "name": "name is a unique identifier for this relabel configuration. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + "sourceLabels": "sourceLabels specifies which label names to extract from each series for this relabeling rule. The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with \"__\" (two underscores) are reserved for internal Prometheus use and are not allowed. Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.).", + "separator": "separator is the character sequence used to join source label values. Common examples: \";\", \",\", \"::\", \"|||\". When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \";\". Must be between 1 and 5 characters in length when specified.", + "regex": "regex is the regular expression to match against the concatenated source label values. Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"(.*)\" to match everything. Must be between 1 and 1000 characters in length when specified.", + "action": "action defines the action to perform on the matched labels and its configuration. Exactly one action-specific configuration must be specified based on the action type.", } -func (CRIOCredentialProviderConfigSpec) SwaggerDoc() map[string]string { - return map_CRIOCredentialProviderConfigSpec +func (RelabelConfig) SwaggerDoc() map[string]string { + return map_RelabelConfig } -var map_CRIOCredentialProviderConfigStatus = map[string]string{ - "": "CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig", - "conditions": "conditions represent the latest available observations of the configuration state. When omitted, it indicates that no conditions have been reported yet. The maximum number of conditions is 16. Conditions are stored as a map keyed by condition type, ensuring uniqueness.\n\nExpected condition types include: \"Validated\": indicates whether the matchImages configuration is valid", +var map_RemoteWriteAuthorization = map[string]string{ + "": "RemoteWriteAuthorization defines the authorization method for a remote write endpoint. Exactly one of the nested configs must be set according to the type discriminator.", + "type": "type specifies the authorization method to use. Allowed values are BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, ServiceAccount.\n\nWhen set to BearerToken, the bearer token is read from a Secret referenced by the bearerToken field.\n\nWhen set to BasicAuth, HTTP basic authentication is used; the basicAuth field (username and password from Secrets) must be set.\n\nWhen set to OAuth2, OAuth2 client credentials flow is used; the oauth2 field (clientId, clientSecret, tokenUrl) must be set.\n\nWhen set to SigV4, AWS Signature Version 4 is used for authentication; the sigv4 field must be set.\n\nWhen set to SafeAuthorization, credentials are read from a single Secret key (Prometheus SafeAuthorization pattern). The secret key typically contains a Bearer token. Use the safeAuthorization field.\n\nWhen set to ServiceAccount, the pod's service account token is used for machine identity. No additional field is required; the operator configures the token path.", + "safeAuthorization": "safeAuthorization defines the secret reference containing the credentials for authentication (e.g. Bearer token). Required when type is \"SafeAuthorization\", and forbidden otherwise. Maps to Prometheus SafeAuthorization. The secret must exist in the openshift-monitoring namespace.", + "bearerToken": "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", and forbidden otherwise.", + "basicAuth": "basicAuth defines HTTP basic authentication credentials. Required when type is \"BasicAuth\", and forbidden otherwise.", + "oauth2": "oauth2 defines OAuth2 client credentials authentication. Required when type is \"OAuth2\", and forbidden otherwise.", + "sigv4": "sigv4 defines AWS Signature Version 4 authentication. Required when type is \"SigV4\", and forbidden otherwise.", } -func (CRIOCredentialProviderConfigStatus) SwaggerDoc() map[string]string { - return map_CRIOCredentialProviderConfigStatus +func (RemoteWriteAuthorization) SwaggerDoc() map[string]string { + return map_RemoteWriteAuthorization } -var map_ImagePolicy = map[string]string{ - "": "ImagePolicy holds namespace-wide configuration for image signature verification\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "spec": "spec holds user settable values for configuration", - "status": "status contains the observed state of the resource.", +var map_RemoteWriteSpec = map[string]string{ + "": "RemoteWriteSpec represents configuration for remote write endpoints.", + "url": "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme and a non-empty hostname. Query parameters, fragments, and user information (e.g. user:password@host) are not allowed. Empty string is invalid. Must be between 1 and 2048 characters in length.", + "name": "name is a required identifier for this remote write configuration (name is the list key for the remoteWrite list). This name is used in metrics and logging to differentiate remote write queues. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + "authorization": "authorization defines the authorization method for the remote write endpoint. When omitted, no authorization is performed. When set, type must be one of BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, or ServiceAccount; the corresponding nested config must be set (ServiceAccount has no config).", + "headers": "headers specifies the custom HTTP headers to be sent along with each remote write request. Sending custom headers makes the configuration of a proxy in between optional and helps the receiver recognize the given source better. Clients MAY allow users to send custom HTTP headers; they MUST NOT allow users to configure them in such a way as to send reserved headers. Headers set by Prometheus cannot be overwritten. When omitted, no custom headers are sent. Maximum of 50 headers can be specified. Each header name must be unique. Each header name must contain only alphanumeric characters, hyphens, and underscores, and must not be a reserved Prometheus header (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate).", + "metadataConfig": "metadataConfig configures the sending of series metadata to remote storage. When omitted, no metadata is sent. When set to sendPolicy: Default, metadata is sent using platform-chosen defaults (e.g. send interval 30 seconds). When set to sendPolicy: Custom, metadata is sent using the settings in the custom field (e.g. custom.sendIntervalSeconds).", + "proxyUrl": "proxyUrl defines an optional proxy URL. If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. When omitted, no proxy is used. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + "queueConfig": "queueConfig allows tuning configuration for remote write queue parameters. When omitted, default queue configuration is used.", + "remoteTimeoutSeconds": "remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "exemplarsMode": "exemplarsMode controls whether exemplars are sent via remote write. Valid values are \"Send\", \"DoNotSend\" and omitted. When set to \"Send\", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. When omitted or set to \"DoNotSend\", exemplars are not sent.", + "tlsConfig": "tlsConfig defines TLS authentication settings for the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "writeRelabelConfigs": "writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. When omitted, no relabeling is performed and all metrics are sent as-is. Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name.", } -func (ImagePolicy) SwaggerDoc() map[string]string { - return map_ImagePolicy +func (RemoteWriteSpec) SwaggerDoc() map[string]string { + return map_RemoteWriteSpec } -var map_ImagePolicyFulcioCAWithRekorRootOfTrust = map[string]string{ - "": "ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key.", - "fulcioCAData": "fulcioCAData contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters.", - "rekorKeyData": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", - "fulcioSubject": "fulcioSubject specifies OIDC issuer and the email of the Fulcio authentication configuration.", +var map_ReplaceActionConfig = map[string]string{ + "": "ReplaceActionConfig configures the Replace action. Regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. No replacement if regex does not match.", + "targetLabel": "targetLabel is the label name where the replacement result is written. Must be between 1 and 128 characters in length.", + "replacement": "replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. Required when using the Replace action so the intended behavior is explicit and the platform does not need to apply defaults. Use \"$1\" for the first capture group, \"$2\" for the second, etc. Use an empty string (\"\") to explicitly clear the target label value. Must be between 0 and 255 characters in length.", } -func (ImagePolicyFulcioCAWithRekorRootOfTrust) SwaggerDoc() map[string]string { - return map_ImagePolicyFulcioCAWithRekorRootOfTrust +func (ReplaceActionConfig) SwaggerDoc() map[string]string { + return map_ReplaceActionConfig } -var map_ImagePolicyList = map[string]string{ - "": "ImagePolicyList is a list of ImagePolicy resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +var map_Retention = map[string]string{ + "": "Retention configures how long Prometheus retains metrics data and how much storage it can use.", + "durationInDays": "durationInDays specifies how many days Prometheus will retain metrics data. Prometheus automatically deletes data older than this duration. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 15. Minimum value is 1 day. Maximum value is 365 days (1 year).", + "sizeInGiB": "sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus can use for data blocks and the write-ahead log (WAL). When the limit is reached, Prometheus will delete oldest data first. When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. Minimum value is 1 GiB. Maximum value is 16384 GiB (16 TiB).", } -func (ImagePolicyList) SwaggerDoc() map[string]string { - return map_ImagePolicyList +func (Retention) SwaggerDoc() map[string]string { + return map_Retention } -var map_ImagePolicyPKIRootOfTrust = map[string]string{ - "": "ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates.", - "caRootsData": "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters. ", - "caIntermediatesData": "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set. ", - "pkiCertificateSubject": "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", +var map_SecretKeySelector = map[string]string{ + "": "SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace.", + "name": "name is the name of the secret in the `openshift-monitoring` namespace to select from. Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). Must be between 1 and 253 characters in length.", + "key": "key is the key of the secret to select from. Must consist of alphanumeric characters, '-', '_', or '.'. Must be between 1 and 253 characters in length.", } -func (ImagePolicyPKIRootOfTrust) SwaggerDoc() map[string]string { - return map_ImagePolicyPKIRootOfTrust +func (SecretKeySelector) SwaggerDoc() map[string]string { + return map_SecretKeySelector } -var map_ImagePolicyPublicKeyRootOfTrust = map[string]string{ - "": "ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key.", - "keyData": "keyData contains inline base64-encoded data for the PEM format public key. KeyData must be at most 8192 characters.", - "rekorKeyData": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", +var map_Sigv4 = map[string]string{ + "": "Sigv4 defines AWS Signature Version 4 authentication settings. At least one of region, accessKey/secretKey, profile, or roleArn must be set so the platform can perform authentication.", + "region": "region is the AWS region. When omitted, the region is derived from the environment or instance metadata. Must be between 1 and 128 characters.", + "accessKey": "accessKey defines the secret reference containing the AWS access key ID. The secret must exist in the openshift-monitoring namespace. When omitted, the access key is derived from the environment or instance metadata.", + "secretKey": "secretKey defines the secret reference containing the AWS secret access key. The secret must exist in the openshift-monitoring namespace. When omitted, the secret key is derived from the environment or instance metadata.", + "profile": "profile is the named AWS profile used to authenticate. When omitted, the default profile is used. Must be between 1 and 128 characters.", + "roleArn": "roleArn is the AWS Role ARN, an alternative to using AWS API keys. When omitted, API keys are used for authentication. Must be a valid AWS ARN format (e.g., \"arn:aws:iam::123456789012:role/MyRole\"). Must be between 1 and 512 characters.", } -func (ImagePolicyPublicKeyRootOfTrust) SwaggerDoc() map[string]string { - return map_ImagePolicyPublicKeyRootOfTrust +func (Sigv4) SwaggerDoc() map[string]string { + return map_Sigv4 } -var map_ImagePolicySpec = map[string]string{ - "": "ImagePolicySpec is the specification of the ImagePolicy CRD.", - "scopes": "scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", - "policy": "policy contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", +var map_TLSConfig = map[string]string{ + "": "TLSConfig represents TLS configuration for Alertmanager connections. At least one TLS configuration option must be specified. For mutual TLS (mTLS), both cert and key must be specified together, or both omitted.", + "ca": "ca is an optional CA certificate to use for TLS connections. When omitted, the system's default CA bundle is used.", + "cert": "cert is an optional client certificate to use for mutual TLS connections. When omitted, no client certificate is presented.", + "key": "key is an optional client key to use for mutual TLS connections. When omitted, no client key is used.", + "serverName": "serverName is an optional server name to use for TLS connections. When specified, must be a valid DNS subdomain as per RFC 1123. When omitted, the server name is derived from the URL. Must be between 1 and 253 characters in length.", + "certificateVerification": "certificateVerification determines the policy for TLS certificate verification. Allowed values are \"Verify\" (performs certificate verification, secure) and \"SkipVerify\" (skips verification, insecure). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"Verify\".", } -func (ImagePolicySpec) SwaggerDoc() map[string]string { - return map_ImagePolicySpec +func (TLSConfig) SwaggerDoc() map[string]string { + return map_TLSConfig } -var map_ImagePolicyStatus = map[string]string{ - "conditions": "conditions provide details on the status of this API Resource.", +var map_TelemeterClientConfig = map[string]string{ + "": "TelemeterClientConfig provides configuration options for the Telemeter Client component that runs in the `openshift-monitoring` namespace. The Telemeter Client collects selected monitoring metrics and forwards them to Red Hat for telemetry purposes. At least one field must be specified.", + "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + "resources": "resources defines the compute resource requests and limits for the Telemeter Client container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 1m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Telemeter Client Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", } -func (ImagePolicyStatus) SwaggerDoc() map[string]string { - return map_ImagePolicyStatus +func (TelemeterClientConfig) SwaggerDoc() map[string]string { + return map_TelemeterClientConfig } -var map_ImageSigstoreVerificationPolicy = map[string]string{ - "": "ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list.", - "rootOfTrust": "rootOfTrust specifies the root of trust for the policy.", - "signedIdentity": "signedIdentity specifies what image identity the signature claims about the image. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".", +var map_ThanosQuerierConfig = map[string]string{ + "": "ThanosQuerierConfig provides configuration options for the Thanos Querier component that runs in the `openshift-monitoring` namespace. At least one field must be specified; an empty thanosQuerierConfig object is not allowed.", + "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + "resources": "resources defines the compute resource requests and limits for the Thanos Querier container. resources is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Requests cannot exceed limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 5m\n - name: memory\n request: 12Mi\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Thanos Querier Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", } -func (ImageSigstoreVerificationPolicy) SwaggerDoc() map[string]string { - return map_ImageSigstoreVerificationPolicy +func (ThanosQuerierConfig) SwaggerDoc() map[string]string { + return map_ThanosQuerierConfig } -var map_PKICertificateSubject = map[string]string{ - "": "PKICertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", - "email": "email specifies the expected email address imposed on the subject to which the certificate was issued, and must match the email address listed in the Subject Alternative Name (SAN) field of the certificate. The email should be a valid email address and at most 320 characters in length.", - "hostname": "hostname specifies the expected hostname imposed on the subject to which the certificate was issued, and it must match the hostname listed in the Subject Alternative Name (SAN) DNS field of the certificate. The hostname should be a valid dns 1123 subdomain name, optionally prefixed by '*.', and at most 253 characters in length. It should consist only of lowercase alphanumeric characters, hyphens, periods and the optional preceding asterisk.", +var map_UppercaseActionConfig = map[string]string{ + "": "UppercaseActionConfig configures the Uppercase action. Maps the concatenated source_labels to their upper case and writes to target_label. Requires Prometheus >= v2.36.0.", + "targetLabel": "targetLabel is the label name where the upper-cased value is written. Must be between 1 and 128 characters in length.", } -func (PKICertificateSubject) SwaggerDoc() map[string]string { - return map_PKICertificateSubject +func (UppercaseActionConfig) SwaggerDoc() map[string]string { + return map_UppercaseActionConfig } -var map_PolicyFulcioSubject = map[string]string{ - "": "PolicyFulcioSubject defines the OIDC issuer and the email of the Fulcio authentication configuration.", - "oidcIssuer": "oidcIssuer contains the expected OIDC issuer. It will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL. When Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token. Example: \"https://expected.OIDC.issuer/\"", - "signedEmail": "signedEmail holds the email address the the Fulcio certificate is issued for. Example: \"expected-signing-user@example.com\"", +var map_UserDefinedMonitoring = map[string]string{ + "": "UserDefinedMonitoring config for user-defined projects.", + "mode": "mode defines the different configurations of UserDefinedMonitoring Valid values are Disabled and NamespaceIsolated Disabled disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces. NamespaceIsolated enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level. The current default value is `Disabled`.", } -func (PolicyFulcioSubject) SwaggerDoc() map[string]string { - return map_PolicyFulcioSubject +func (UserDefinedMonitoring) SwaggerDoc() map[string]string { + return map_UserDefinedMonitoring } -var map_PolicyIdentity = map[string]string{ - "": "PolicyIdentity defines image identity the signature claims about the image. When omitted, the default matchPolicy is \"MatchRepoDigestOrExact\".", - "matchPolicy": "matchPolicy sets the type of matching to be used. Valid values are \"MatchRepoDigestOrExact\", \"MatchRepository\", \"ExactRepository\", \"RemapIdentity\". When omitted, the default value is \"MatchRepoDigestOrExact\". If set matchPolicy to ExactRepository, then the exactRepository must be specified. If set matchPolicy to RemapIdentity, then the remapIdentity must be specified. \"MatchRepoDigestOrExact\" means that the identity in the signature must be in the same repository as the image identity if the image identity is referenced by a digest. Otherwise, the identity in the signature must be the same as the image identity. \"MatchRepository\" means that the identity in the signature must be in the same repository as the image identity. \"ExactRepository\" means that the identity in the signature must be in the same repository as a specific identity specified by \"repository\". \"RemapIdentity\" means that the signature must be in the same as the remapped image identity. Remapped image identity is obtained by replacing the \"prefix\" with the specified “signedPrefix” if the the image identity matches the specified remapPrefix.", - "exactRepository": "exactRepository is required if matchPolicy is set to \"ExactRepository\".", - "remapIdentity": "remapIdentity is required if matchPolicy is set to \"RemapIdentity\".", +var map_CRIOCredentialProviderConfig = map[string]string{ + "": "CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is \"cluster\". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec defines the desired configuration of the CRI-O Credential Provider. This field is required and must be provided when creating the resource.", + "status": "status represents the current state of the CRIOCredentialProviderConfig. When omitted or nil, it indicates that the status has not yet been set by the controller. The controller will populate this field with validation conditions and operational state.", } -func (PolicyIdentity) SwaggerDoc() map[string]string { - return map_PolicyIdentity +func (CRIOCredentialProviderConfig) SwaggerDoc() map[string]string { + return map_CRIOCredentialProviderConfig } -var map_PolicyMatchExactRepository = map[string]string{ - "repository": "repository is the reference of the image identity to be matched. The value should be a repository name (by omitting the tag or digest) in a registry implementing the \"Docker Registry HTTP API V2\". For example, docker.io/library/busybox", +var map_CRIOCredentialProviderConfigList = map[string]string{ + "": "CRIOCredentialProviderConfigList contains a list of CRIOCredentialProviderConfig resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", } -func (PolicyMatchExactRepository) SwaggerDoc() map[string]string { - return map_PolicyMatchExactRepository +func (CRIOCredentialProviderConfigList) SwaggerDoc() map[string]string { + return map_CRIOCredentialProviderConfigList } -var map_PolicyMatchRemapIdentity = map[string]string{ - "prefix": "prefix is the prefix of the image identity to be matched. If the image identity matches the specified prefix, that prefix is replaced by the specified “signedPrefix” (otherwise it is used as unchanged and no remapping takes place). This useful when verifying signatures for a mirror of some other repository namespace that preserves the vendor’s repository structure. The prefix and signedPrefix values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", - "signedPrefix": "signedPrefix is the prefix of the image identity to be matched in the signature. The format is the same as \"prefix\". The values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", +var map_CRIOCredentialProviderConfigSpec = map[string]string{ + "": "CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider.", + "matchImages": "matchImages is a list of string patterns used to determine whether the CRI-O credential provider should be invoked for a given image. This list is passed to the kubelet CredentialProviderConfig, and if any pattern matches the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling that image or its mirrors. Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider. Conflicts between the existing platform specific provider image match configuration and this list will be handled by the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those from the CRIOCredentialProviderConfig when both match the same image. To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml). You can check the resource's Status conditions to see if any entries were ignored due to exact matches with known built-in provider patterns.\n\nThis field is optional, the items of the list must contain between 1 and 50 entries. The list is treated as a set, so duplicate entries are not allowed.\n\nFor more details, see: https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/ https://github.com/cri-o/crio-credential-provider#architecture\n\nEach entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters. Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io', and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net'). A global wildcard '*' (matching any domain) is not allowed. Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path. For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not. Each wildcard matches only a single domain label, so '*.io' does **not** match '*.k8s.io'.\n\nA match exists between an image and a matchImage when all of the below are true: Both contain the same number of domain parts and each part matches. The URL path of an matchImages must be a prefix of the target image URL path. If the matchImages contains a port, then the port must match in the image as well.\n\nExample values of matchImages: - 123456789.dkr.ecr.us-east-1.amazonaws.com - *.azurecr.io - gcr.io - *.*.registry.io - registry.io:8080/path", } -func (PolicyMatchRemapIdentity) SwaggerDoc() map[string]string { - return map_PolicyMatchRemapIdentity +func (CRIOCredentialProviderConfigSpec) SwaggerDoc() map[string]string { + return map_CRIOCredentialProviderConfigSpec } -var map_PolicyRootOfTrust = map[string]string{ - "": "PolicyRootOfTrust defines the root of trust based on the selected policyType.", - "policyType": "policyType serves as the union's discriminator. Users are required to assign a value to this field, choosing one of the policy types that define the root of trust. \"PublicKey\" indicates that the policy relies on a sigstore publicKey and may optionally use a Rekor verification. \"FulcioCAWithRekor\" indicates that the policy is based on the Fulcio certification and incorporates a Rekor verification. \"PKI\" indicates that the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate.", - "publicKey": "publicKey defines the root of trust based on a sigstore public key.", - "fulcioCAWithRekor": "fulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key. For more information about Fulcio and Rekor, please refer to the document at: https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor", - "pki": "pki defines the root of trust based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates.", +var map_CRIOCredentialProviderConfigStatus = map[string]string{ + "": "CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig", + "conditions": "conditions represent the latest available observations of the configuration state. When omitted, it indicates that no conditions have been reported yet. The maximum number of conditions is 16. Conditions are stored as a map keyed by condition type, ensuring uniqueness.\n\nExpected condition types include: \"Validated\": indicates whether the matchImages configuration is valid", } -func (PolicyRootOfTrust) SwaggerDoc() map[string]string { - return map_PolicyRootOfTrust +func (CRIOCredentialProviderConfigStatus) SwaggerDoc() map[string]string { + return map_CRIOCredentialProviderConfigStatus } var map_GatherConfig = map[string]string{ @@ -497,4 +666,110 @@ func (Storage) SwaggerDoc() map[string]string { return map_Storage } +var map_CertificateConfig = map[string]string{ + "": "CertificateConfig specifies configuration parameters for certificates. At least one property must be specified.", + "key": "key specifies the cryptographic parameters for the certificate's key pair. Currently this is the only configurable parameter. When omitted in an overrides entry, the key configuration from defaults is used.", +} + +func (CertificateConfig) SwaggerDoc() map[string]string { + return map_CertificateConfig +} + +var map_CustomPKIPolicy = map[string]string{ + "": "CustomPKIPolicy contains administrator-specified cryptographic configuration. Administrators must specify defaults for all certificates and may optionally override specific categories of certificates.", +} + +func (CustomPKIPolicy) SwaggerDoc() map[string]string { + return map_CustomPKIPolicy +} + +var map_DefaultCertificateConfig = map[string]string{ + "": "DefaultCertificateConfig specifies the default certificate configuration parameters. All fields are required to ensure that defaults are fully specified for all certificates.", + "key": "key specifies the cryptographic parameters for the certificate's key pair. This field is required in defaults to ensure all certificates have a well-defined key configuration.", +} + +func (DefaultCertificateConfig) SwaggerDoc() map[string]string { + return map_DefaultCertificateConfig +} + +var map_ECDSAKeyConfig = map[string]string{ + "": "ECDSAKeyConfig specifies parameters for ECDSA key generation.", + "curve": "curve specifies the NIST elliptic curve for ECDSA keys. Valid values are \"P256\", \"P384\", and \"P521\".\n\nWhen set to P256, the NIST P-256 curve (also known as secp256r1) is used, providing 128-bit security.\n\nWhen set to P384, the NIST P-384 curve (also known as secp384r1) is used, providing 192-bit security.\n\nWhen set to P521, the NIST P-521 curve (also known as secp521r1) is used, providing 256-bit security.", +} + +func (ECDSAKeyConfig) SwaggerDoc() map[string]string { + return map_ECDSAKeyConfig +} + +var map_KeyConfig = map[string]string{ + "": "KeyConfig specifies cryptographic parameters for key generation.", + "algorithm": "algorithm specifies the key generation algorithm. Valid values are \"RSA\" and \"ECDSA\".\n\nWhen set to RSA, the rsa field must be specified and the generated key will be an RSA key with the configured key size.\n\nWhen set to ECDSA, the ecdsa field must be specified and the generated key will be an ECDSA key using the configured elliptic curve.", + "rsa": "rsa specifies RSA key parameters. Required when algorithm is RSA, and forbidden otherwise.", + "ecdsa": "ecdsa specifies ECDSA key parameters. Required when algorithm is ECDSA, and forbidden otherwise.", +} + +func (KeyConfig) SwaggerDoc() map[string]string { + return map_KeyConfig +} + +var map_PKI = map[string]string{ + "": "PKI configures cryptographic parameters for certificates generated internally by OpenShift components.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration", +} + +func (PKI) SwaggerDoc() map[string]string { + return map_PKI +} + +var map_PKICertificateManagement = map[string]string{ + "": "PKICertificateManagement determines whether components use hardcoded defaults (Unmanaged), follow OpenShift best practices (Default), or use administrator-specified cryptographic parameters (Custom). This provides flexibility for organizations with specific compliance requirements or security policies while maintaining backwards compatibility for existing clusters.", + "mode": "mode determines how PKI configuration is managed. Valid values are \"Unmanaged\", \"Default\", and \"Custom\".\n\nWhen set to Unmanaged, components use their existing hardcoded certificate generation behavior, exactly as if this feature did not exist. Each component generates certificates using whatever parameters it was using before this feature. While most components use RSA 2048, some may use different parameters. Use of this mode might prevent upgrading to the next major OpenShift release.\n\nWhen set to Default, OpenShift-recommended best practices for certificate generation are applied. The specific parameters may evolve across OpenShift releases to adopt improved cryptographic standards. In the initial release, this matches Unmanaged behavior for each component. In future releases, this may adopt ECDSA or larger RSA keys based on industry best practices. Recommended for most customers who want to benefit from security improvements automatically.\n\nWhen set to Custom, the certificate management parameters can be set explicitly. Use the custom field to specify certificate generation parameters.", + "custom": "custom contains administrator-specified cryptographic configuration. Use the defaults and category override fields to specify certificate generation parameters. Required when mode is Custom, and forbidden otherwise.", +} + +func (PKICertificateManagement) SwaggerDoc() map[string]string { + return map_PKICertificateManagement +} + +var map_PKIList = map[string]string{ + "": "PKIList is a collection of PKI resources.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "items": "items is a list of PKI resources", +} + +func (PKIList) SwaggerDoc() map[string]string { + return map_PKIList +} + +var map_PKIProfile = map[string]string{ + "": "PKIProfile defines the certificate generation parameters that OpenShift components use to create certificates. Category overrides take precedence over defaults.", + "defaults": "defaults specifies the default certificate configuration that applies to all certificates unless overridden by a category override.", + "signerCertificates": "signerCertificates optionally overrides certificate parameters for certificate authority (CA) certificates that sign other certificates. When set, these parameters take precedence over defaults for all signer certificates. When omitted, the defaults are used for signer certificates.", + "servingCertificates": "servingCertificates optionally overrides certificate parameters for TLS server certificates used to serve HTTPS endpoints. When set, these parameters take precedence over defaults for all serving certificates. When omitted, the defaults are used for serving certificates.", + "clientCertificates": "clientCertificates optionally overrides certificate parameters for client authentication certificates used to authenticate to servers. When set, these parameters take precedence over defaults for all client certificates. When omitted, the defaults are used for client certificates.", +} + +func (PKIProfile) SwaggerDoc() map[string]string { + return map_PKIProfile +} + +var map_PKISpec = map[string]string{ + "": "PKISpec holds the specification for PKI configuration.", + "certificateManagement": "certificateManagement specifies how PKI configuration is managed for internally-generated certificates. This controls the certificate generation approach for all OpenShift components that create certificates internally, including certificate authorities, serving certificates, and client certificates.", +} + +func (PKISpec) SwaggerDoc() map[string]string { + return map_PKISpec +} + +var map_RSAKeyConfig = map[string]string{ + "": "RSAKeyConfig specifies parameters for RSA key generation.", + "keySize": "keySize specifies the size of RSA keys in bits. Valid values are multiples of 1024 from 2048 to 8192.", +} + +func (RSAKeyConfig) SwaggerDoc() map[string]string { + return map_RSAKeyConfig +} + // AUTO-GENERATED FUNCTIONS END HERE diff --git a/vendor/github.com/openshift/api/envtest-releases.yaml b/vendor/github.com/openshift/api/envtest-releases.yaml index e495e02796..ea376ded55 100644 --- a/vendor/github.com/openshift/api/envtest-releases.yaml +++ b/vendor/github.com/openshift/api/envtest-releases.yaml @@ -1,4 +1,30 @@ releases: + v1.28.15: + envtest-v1.28.15-darwin-amd64.tar.gz: + hash: 79e04e7e264e6907da73d27c04d50be7bfa702b059e66f21331c9c8e16daa6ff960e750c1910804b7aa2a5bd79488a5bd082b76a7bab003e613a2cdbb2a8b80d + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.28.15-darwin-amd64.tar.gz + envtest-v1.28.15-darwin-arm64.tar.gz: + hash: 9646d169cf5161793ded60fa2ffde705d8fdde7c7c77833be9a77909f5804b909f28d56b2b0b93bd200d8057db3e37da9fe1683368ae38777ea62609135d0b4d + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.28.15-darwin-arm64.tar.gz + envtest-v1.28.15-linux-amd64.tar.gz: + hash: bc7e3deabbb3c7ee5e572e1392041af9d2fa40a51eb88dcabdaf57ff2a476e81efbd837a87f1f0849a5083dcb7c0b4b2fc16107da4cf3308805eee377fb383c1 + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.28.15-linux-amd64.tar.gz + envtest-v1.28.15-linux-arm64.tar.gz: + hash: 17ec8d5f7de118b66d1621d8b25b4f0a891e4a641d5e845d14c0da4cb2e258b6bf788fe6b5334b27beb12d9e67f7c8f2c2ded6023bf9a7e79ac3b483b8cdfcc2 + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.28.15-linux-arm64.tar.gz + v1.29.7: + envtest-v1.29.7-darwin-amd64.tar.gz: + hash: 4a97f9162ee882632aafda20e562dfb4011879f9ec6c8ffa4922e566933fc35292171cc837b50860e2e91238d820931a1fb8c3280541a180f6e9057178c71889 + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.29.7-darwin-amd64.tar.gz + envtest-v1.29.7-darwin-arm64.tar.gz: + hash: e810e04c14b1bba79c90c755ecb8b13094132a86339e78d1fe39029b9825b90b663d538b29d6ab4d905c22728efdf278881ee3f434f2215bc77157dee90a2bde + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.29.7-darwin-arm64.tar.gz + envtest-v1.29.7-linux-amd64.tar.gz: + hash: 91dcf683c95541691b8b9fdd332b0d3df56f8969b57c14797e990b9861ad71b2954f402913b5579f6afb99dce19817ba49542e2e276c7f70aeeb857a5ec1d57c + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.29.7-linux-amd64.tar.gz + envtest-v1.29.7-linux-arm64.tar.gz: + hash: 912333dee15e9cc068ebc5ef25591e16b9732cc70c23435efa72af352cffa9c25236d3982db910bd3a06172e9d57fc0d50585996f17c66ae1b80f0e2d3ef37b5 + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.29.7-linux-arm64.tar.gz v1.30.3: envtest-v1.30.3-darwin-amd64.tar.gz: hash: 81ab2ad5841522976d9a5fc58642b745cf308230b0f2e634acfb2d5c8f288ef837f7b82144a5e91db607d86885101e06dd473a68bcac0d71be2297edc4aaa92e @@ -77,3 +103,16 @@ releases: envtest-v1.34.1-linux-arm64.tar.gz: hash: e2ee7e47ceeba56624fd869922ab9851200482ef835c09fe3dd57c9806a992a7e1f56641906510ebb095514953aa8a3af68d45a82be45b94981a50e894ac6e42 selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.34.1-linux-arm64.tar.gz + v1.35.1: + envtest-v1.35.1-darwin-amd64.tar.gz: + hash: 8b788ca564d0d2d49000b572b9c83a87f71978b7dcbb0c969dde5bf8923869dcb5860b8f905af9a3772431ba7e575c4215d1bcfa5d2857bd8db440272f252ddd + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.35.1-darwin-amd64.tar.gz + envtest-v1.35.1-darwin-arm64.tar.gz: + hash: d650d7a96c69efdc7321579d597b9dbd9ef71df5ea1e0f00815edb31eb0f4a40599fe223b9d0f2a114be32657ff842136a3ab65e646b08a0fce50d6871bcec71 + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.35.1-darwin-arm64.tar.gz + envtest-v1.35.1-linux-amd64.tar.gz: + hash: 70e4e66f842d53cce174a3499feb04e0493ada374148c687da4e7ddc0e20e10dd6fa5e2cd765bd80b7d3dca3cd8388460503a0335e15f71212b333386fb3c2b1 + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.35.1-linux-amd64.tar.gz + envtest-v1.35.1-linux-arm64.tar.gz: + hash: 309308f9c66f9e2e5192c65a333a388faaaa903841f26f8a96b8f13a5eb3039bcbb818ef6ddbb5803a9cfa9b25e37249a0aed5d472badb25539696569923f87f + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.35.1-linux-arm64.tar.gz diff --git a/vendor/github.com/openshift/api/etcd/install.go b/vendor/github.com/openshift/api/etcd/install.go index 7e7474152c..659816d814 100644 --- a/vendor/github.com/openshift/api/etcd/install.go +++ b/vendor/github.com/openshift/api/etcd/install.go @@ -5,6 +5,7 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" v1alpha1 "github.com/openshift/api/etcd/v1alpha1" + v1 "github.com/openshift/api/etcd/v1" ) const ( @@ -12,7 +13,7 @@ const ( ) var ( - schemeBuilder = runtime.NewSchemeBuilder(v1alpha1.Install) + schemeBuilder = runtime.NewSchemeBuilder(v1.Install, v1alpha1.Install) // Install is a function which adds every version of this group to a scheme Install = schemeBuilder.AddToScheme ) diff --git a/vendor/github.com/openshift/api/etcd/v1/Makefile b/vendor/github.com/openshift/api/etcd/v1/Makefile new file mode 100644 index 0000000000..6fa6435a24 --- /dev/null +++ b/vendor/github.com/openshift/api/etcd/v1/Makefile @@ -0,0 +1,3 @@ +.PHONY: test +test: + make -C ../../tests test GINKGO_EXTRA_ARGS=--focus="etcd.openshift.io/v1" diff --git a/vendor/github.com/openshift/api/etcd/v1/doc.go b/vendor/github.com/openshift/api/etcd/v1/doc.go new file mode 100644 index 0000000000..fe483fffd4 --- /dev/null +++ b/vendor/github.com/openshift/api/etcd/v1/doc.go @@ -0,0 +1,6 @@ +// +k8s:deepcopy-gen=package,register +// +k8s:defaulter-gen=TypeMeta +// +k8s:openapi-gen=true +// +openshift:featuregated-schema-gen=true +// +groupName=etcd.openshift.io +package v1 diff --git a/vendor/github.com/openshift/api/etcd/v1/register.go b/vendor/github.com/openshift/api/etcd/v1/register.go new file mode 100644 index 0000000000..1b59263043 --- /dev/null +++ b/vendor/github.com/openshift/api/etcd/v1/register.go @@ -0,0 +1,39 @@ +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +var ( + GroupName = "etcd.openshift.io" + GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} + schemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + // Install is a function which adds this version to a scheme + Install = schemeBuilder.AddToScheme + + // SchemeGroupVersion generated code relies on this name + // Deprecated + SchemeGroupVersion = GroupVersion + // AddToScheme exists solely to keep the old generators creating valid code + // DEPRECATED + AddToScheme = schemeBuilder.AddToScheme +) + +// Resource generated code relies on this being here, but it logically belongs to the group +// DEPRECATED +func Resource(resource string) schema.GroupResource { + return schema.GroupResource{Group: GroupName, Resource: resource} +} + +func addKnownTypes(scheme *runtime.Scheme) error { + metav1.AddToGroupVersion(scheme, GroupVersion) + + scheme.AddKnownTypes(GroupVersion, + &PacemakerCluster{}, + &PacemakerClusterList{}, + ) + + return nil +} diff --git a/vendor/github.com/openshift/api/etcd/v1/types_pacemakercluster.go b/vendor/github.com/openshift/api/etcd/v1/types_pacemakercluster.go new file mode 100644 index 0000000000..a481f5e1bd --- /dev/null +++ b/vendor/github.com/openshift/api/etcd/v1/types_pacemakercluster.go @@ -0,0 +1,737 @@ +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// PacemakerCluster is used in Two Node OpenShift with Fencing deployments to monitor the health +// of etcd running under pacemaker. + +// Cluster-level condition types for PacemakerCluster.status.conditions +const ( + // ClusterHealthyConditionType tracks the overall health of the pacemaker cluster. + // This is an aggregate condition that reflects the health of all cluster-level conditions and node health. + // Specifically, it aggregates the following conditions: + // - ClusterInServiceConditionType + // - ClusterNodeCountAsExpectedConditionType + // - NodeHealthyConditionType (for each node) + // When True, the cluster is healthy with reason "ClusterHealthy". + // When False, the cluster is unhealthy with reason "ClusterUnhealthy". + ClusterHealthyConditionType = "Healthy" + + // ClusterInServiceConditionType tracks whether the cluster is in service (not in maintenance mode). + // Maintenance mode is a cluster-wide setting that prevents pacemaker from starting or stopping resources. + // When True, the cluster is in service with reason "InService". This is the normal operating state. + // When False, the cluster is in maintenance mode with reason "InMaintenance". This is an unexpected state. + ClusterInServiceConditionType = "InService" + + // ClusterNodeCountAsExpectedConditionType tracks whether the cluster has the expected number of nodes. + // For Two Node OpenShift with Fencing, we are expecting exactly 2 nodes. + // When True, the expected number of nodes are present with reason "AsExpected". + // When False, the node count is incorrect with reason "InsufficientNodes" or "ExcessiveNodes". + ClusterNodeCountAsExpectedConditionType = "NodeCountAsExpected" +) + +// ClusterHealthy condition reasons +const ( + // ClusterHealthyReasonHealthy means the pacemaker cluster is healthy and operating normally. + ClusterHealthyReasonHealthy = "ClusterHealthy" + + // ClusterHealthyReasonUnhealthy means the pacemaker cluster has issues that need investigation. + ClusterHealthyReasonUnhealthy = "ClusterUnhealthy" +) + +// ClusterInService condition reasons +const ( + // ClusterInServiceReasonInService means the cluster is in service (not in maintenance mode). + // This is the normal operating state. + ClusterInServiceReasonInService = "InService" + + // ClusterInServiceReasonInMaintenance means the cluster is in maintenance mode. + // In maintenance mode, pacemaker will not start or stop any resources. Entering and exiting this state requires + // manual user intervention, and is unexpected during normal cluster operation. + ClusterInServiceReasonInMaintenance = "InMaintenance" +) + +// ClusterNodeCountAsExpected condition reasons +const ( + // ClusterNodeCountAsExpectedReasonAsExpected means the expected number of nodes are present. + // For Two Node OpenShift with Fencing, we are expecting exactly 2 nodes. This is the expected healthy state. + ClusterNodeCountAsExpectedReasonAsExpected = "AsExpected" + + // ClusterNodeCountAsExpectedReasonInsufficientNodes means fewer nodes than expected are present. + // For Two Node OpenShift with Fencing, this means that less than 2 nodes are present. Under normal operation, this will only happen during + // a node replacement operation. It's also possible to enter this state with manual user intervention, but + // will also require user intervention to restore normal functionality. + ClusterNodeCountAsExpectedReasonInsufficientNodes = "InsufficientNodes" + + // ClusterNodeCountAsExpectedReasonExcessiveNodes means more nodes than expected are present. + // For Two Node OpenShift with Fencing, this means more than 2 nodes are present. This should be investigated as it is unexpected and should + // never happen during normal cluster operation. It is possible to enter this state with manual user intervention, + // but will also require user intervention to restore normal functionality. + ClusterNodeCountAsExpectedReasonExcessiveNodes = "ExcessiveNodes" +) + +// Node-level condition types for PacemakerCluster.status.nodes[].conditions +const ( + // NodeHealthyConditionType tracks the overall health of a node in the pacemaker cluster. + // This is an aggregate condition that reflects the health of all node-level conditions and resource health. + // Specifically, it aggregates the following conditions: + // - NodeOnlineConditionType + // - NodeInServiceConditionType + // - NodeActiveConditionType + // - NodeReadyConditionType + // - NodeCleanConditionType + // - NodeMemberConditionType + // - NodeFencingAvailableConditionType + // - NodeFencingHealthyConditionType + // - ResourceHealthyConditionType (for each resource in the node's resources list) + // When True, the node is healthy with reason "NodeHealthy". + // When False, the node is unhealthy with reason "NodeUnhealthy". + NodeHealthyConditionType = "Healthy" + + // NodeOnlineConditionType tracks whether a node is online. + // When True, the node is online with reason "Online". This is the normal operating state. + // When False, the node is offline with reason "Offline". This can occur during reboots, failures, maintenance, or replacement. + NodeOnlineConditionType = "Online" + + // NodeInServiceConditionType tracks whether a node is in service (not in maintenance mode). + // A node in maintenance mode is ignored by pacemaker while maintenance mode is active. + // When True, the node is in service with reason "InService". This is the normal operating state. + // When False, the node is in maintenance mode with reason "InMaintenance". This is an unexpected state. + NodeInServiceConditionType = "InService" + + // NodeActiveConditionType tracks whether a node is active (not in standby mode). + // When a node enters standby mode, pacemaker moves its resources to other nodes in the cluster. + // In Two Node OpenShift with Fencing, we do not use standby mode during normal operation. + // When True, the node is active with reason "Active". This is the normal operating state. + // When False, the node is in standby mode with reason "Standby". This is an unexpected state. + NodeActiveConditionType = "Active" + + // NodeReadyConditionType tracks whether a node is ready (not in a pending state). + // A node in a pending state is in the process of joining or leaving the cluster. + // When True, the node is ready with reason "Ready". This is the normal operating state. + // When False, the node is pending with reason "Pending". This is expected to be temporary. + NodeReadyConditionType = "Ready" + + // NodeCleanConditionType tracks whether a node is in a clean state. + // An unclean state means that pacemaker was unable to confirm the node's state, which signifies issues + // in fencing, communication, or configuration. + // When True, the node is clean with reason "Clean". This is the normal operating state. + // When False, the node is unclean with reason "Unclean". This is an unexpected state. + NodeCleanConditionType = "Clean" + + // NodeMemberConditionType tracks whether a node is a member of the cluster. + // Some configurations may use remote nodes or ping nodes, which are nodes that are not members. + // For Two Node OpenShift with Fencing, we expect both nodes to be members. + // When True, the node is a member with reason "Member". This is the normal operating state. + // When False, the node is not a member with reason "NotMember". This is an unexpected state. + NodeMemberConditionType = "Member" + + // NodeFencingAvailableConditionType tracks whether a node can be fenced by at least one fencing agent. + // For Two Node OpenShift with Fencing, each node needs at least one healthy fencing agent to ensure + // that the cluster can recover from a node failure via STONITH (Shoot The Other Node In The Head). + // When True, at least one fencing agent is healthy with reason "FencingAvailable". + // When False, all fencing agents are unhealthy with reason "FencingUnavailable". This is a critical + // state that should degrade the operator. + NodeFencingAvailableConditionType = "FencingAvailable" + + // NodeFencingHealthyConditionType tracks whether all fencing agents for a node are healthy. + // This is an aggregate condition that reflects the health of all fencing agents targeting this node. + // When True, all fencing agents are healthy with reason "FencingHealthy". + // When False, one or more fencing agents are unhealthy with reason "FencingUnhealthy". Warning events + // should be emitted for failing agents, but the operator should not be degraded if FencingAvailable is True. + NodeFencingHealthyConditionType = "FencingHealthy" +) + +// NodeHealthy condition reasons +const ( + // NodeHealthyReasonHealthy means the node is healthy and operating normally. + NodeHealthyReasonHealthy = "NodeHealthy" + + // NodeHealthyReasonUnhealthy means the node has issues that need investigation. + NodeHealthyReasonUnhealthy = "NodeUnhealthy" +) + +// NodeOnline condition reasons +const ( + // NodeOnlineReasonOnline means the node is online. This is the normal operating state. + NodeOnlineReasonOnline = "Online" + + // NodeOnlineReasonOffline means the node is offline. + NodeOnlineReasonOffline = "Offline" +) + +// NodeInService condition reasons +const ( + // NodeInServiceReasonInService means the node is in service (not in maintenance mode). + // This is the normal operating state. + NodeInServiceReasonInService = "InService" + + // NodeInServiceReasonInMaintenance means the node is in maintenance mode. + // This is an unexpected state. + NodeInServiceReasonInMaintenance = "InMaintenance" +) + +// NodeActive condition reasons +const ( + // NodeActiveReasonActive means the node is active (not in standby mode). + // This is the normal operating state. + NodeActiveReasonActive = "Active" + + // NodeActiveReasonStandby means the node is in standby mode. + // This is an unexpected state. + NodeActiveReasonStandby = "Standby" +) + +// NodeReady condition reasons +const ( + // NodeReadyReasonReady means the node is ready (not in a pending state). + // This is the normal operating state. + NodeReadyReasonReady = "Ready" + + // NodeReadyReasonPending means the node is joining or leaving the cluster. + // This state is expected to be temporary. + NodeReadyReasonPending = "Pending" +) + +// NodeClean condition reasons +const ( + // NodeCleanReasonClean means the node is in a clean state. + // This is the normal operating state. + NodeCleanReasonClean = "Clean" + + // NodeCleanReasonUnclean means the node is in an unclean state. + // Pacemaker was unable to confirm the node's state, which signifies issues in fencing, communication, or configuration. + // This is an unexpected state. + NodeCleanReasonUnclean = "Unclean" +) + +// NodeMember condition reasons +const ( + // NodeMemberReasonMember means the node is a member of the cluster. + // For Two Node OpenShift with Fencing, we expect both nodes to be members. This is the normal operating state. + NodeMemberReasonMember = "Member" + + // NodeMemberReasonNotMember means the node is not a member of the cluster. + // This is an unexpected state. + NodeMemberReasonNotMember = "NotMember" +) + +// NodeFencingAvailable condition reasons +const ( + // NodeFencingAvailableReasonAvailable means at least one fencing agent for this node is healthy. + // The cluster can fence this node if needed. This is the normal operating state. + NodeFencingAvailableReasonAvailable = "FencingAvailable" + + // NodeFencingAvailableReasonUnavailable means all fencing agents for this node are unhealthy. + // The cluster cannot fence this node, which compromises high availability. + // This is a critical state that should degrade the operator. + NodeFencingAvailableReasonUnavailable = "FencingUnavailable" +) + +// NodeFencingHealthy condition reasons +const ( + // NodeFencingHealthyReasonHealthy means all fencing agents for this node are healthy. + // This is the ideal operating state with full redundancy. + NodeFencingHealthyReasonHealthy = "FencingHealthy" + + // NodeFencingHealthyReasonUnhealthy means one or more fencing agents for this node are unhealthy. + // Warning events should be emitted for failing agents, but the operator should not be degraded + // if FencingAvailable is still True. + NodeFencingHealthyReasonUnhealthy = "FencingUnhealthy" +) + +// Resource-level condition types for PacemakerCluster.status.nodes[].resources[].conditions +const ( + // ResourceHealthyConditionType tracks the overall health of a pacemaker resource. + // This is an aggregate condition that reflects the health of all resource-level conditions. + // Specifically, it aggregates the following conditions: + // - ResourceInServiceConditionType + // - ResourceManagedConditionType + // - ResourceEnabledConditionType + // - ResourceOperationalConditionType + // - ResourceActiveConditionType + // - ResourceStartedConditionType + // - ResourceSchedulableConditionType + // When True, the resource is healthy with reason "ResourceHealthy". + // When False, the resource is unhealthy with reason "ResourceUnhealthy". + ResourceHealthyConditionType = "Healthy" + + // ResourceInServiceConditionType tracks whether a resource is in service (not in maintenance mode). + // Resources in maintenance mode are not monitored or moved by pacemaker. + // In Two Node OpenShift with Fencing, we do not expect any resources to be in maintenance mode. + // When True, the resource is in service with reason "InService". This is the normal operating state. + // When False, the resource is in maintenance mode with reason "InMaintenance". This is an unexpected state. + ResourceInServiceConditionType = "InService" + + // ResourceManagedConditionType tracks whether a resource is managed by pacemaker. + // Resources that are not managed by pacemaker are effectively invisible to the pacemaker HA logic. + // For Two Node OpenShift with Fencing, all resources are expected to be managed. + // When True, the resource is managed with reason "Managed". This is the normal operating state. + // When False, the resource is not managed with reason "Unmanaged". This is an unexpected state. + ResourceManagedConditionType = "Managed" + + // ResourceEnabledConditionType tracks whether a resource is enabled. + // Resources that are disabled are stopped and not automatically managed or started by the cluster. + // In Two Node OpenShift with Fencing, we do not expect any resources to be disabled. + // When True, the resource is enabled with reason "Enabled". This is the normal operating state. + // When False, the resource is disabled with reason "Disabled". This is an unexpected state. + ResourceEnabledConditionType = "Enabled" + + // ResourceOperationalConditionType tracks whether a resource is operational (not failed). + // A failed resource is one that is not able to start or is in an error state. + // When True, the resource is operational with reason "Operational". This is the normal operating state. + // When False, the resource has failed with reason "Failed". This is an unexpected state. + ResourceOperationalConditionType = "Operational" + + // ResourceActiveConditionType tracks whether a resource is active. + // An active resource is running on a cluster node. + // In Two Node OpenShift with Fencing, all resources are expected to be active. + // When True, the resource is active with reason "Active". This is the normal operating state. + // When False, the resource is not active with reason "Inactive". This is an unexpected state. + ResourceActiveConditionType = "Active" + + // ResourceStartedConditionType tracks whether a resource is started. + // It's normal for a resource like etcd to become stopped in the event of a quorum loss event because + // the pacemaker recovery logic will fence a node and restore etcd quorum on the surviving node as a cluster-of-one. + // A resource that stays stopped for an extended period of time is an unexpected state and should be investigated. + // When True, the resource is started with reason "Started". This is the normal operating state. + // When False, the resource is not started with reason "Stopped". This is expected to be temporary. + ResourceStartedConditionType = "Started" + + // ResourceSchedulableConditionType tracks whether a resource is schedulable (not blocked). + // A resource that is not schedulable is unable to start or move to a different node. + // In Two Node OpenShift with Fencing, we do not expect any resources to be unschedulable. + // When True, the resource is schedulable with reason "Schedulable". This is the normal operating state. + // When False, the resource is not schedulable with reason "Unschedulable". This is an unexpected state. + ResourceSchedulableConditionType = "Schedulable" +) + +// ResourceHealthy condition reasons +const ( + // ResourceHealthyReasonHealthy means the resource is healthy and operating normally. + ResourceHealthyReasonHealthy = "ResourceHealthy" + + // ResourceHealthyReasonUnhealthy means the resource has issues that need investigation. + ResourceHealthyReasonUnhealthy = "ResourceUnhealthy" +) + +// ResourceInService condition reasons +const ( + // ResourceInServiceReasonInService means the resource is in service (not in maintenance mode). + // This is the normal operating state. + ResourceInServiceReasonInService = "InService" + + // ResourceInServiceReasonInMaintenance means the resource is in maintenance mode. + // Resources in maintenance mode are not monitored or moved by pacemaker. This is an unexpected state. + ResourceInServiceReasonInMaintenance = "InMaintenance" +) + +// ResourceManaged condition reasons +const ( + // ResourceManagedReasonManaged means the resource is managed by pacemaker. + // This is the normal operating state. + ResourceManagedReasonManaged = "Managed" + + // ResourceManagedReasonUnmanaged means the resource is not managed by pacemaker. + // Resources that are not managed by pacemaker are effectively invisible to the pacemaker HA logic. + // This is an unexpected state. + ResourceManagedReasonUnmanaged = "Unmanaged" +) + +// ResourceEnabled condition reasons +const ( + // ResourceEnabledReasonEnabled means the resource is enabled. + // This is the normal operating state. + ResourceEnabledReasonEnabled = "Enabled" + + // ResourceEnabledReasonDisabled means the resource is disabled. + // Resources that are disabled are stopped and not automatically managed or started by the cluster. + // This is an unexpected state. + ResourceEnabledReasonDisabled = "Disabled" +) + +// ResourceOperational condition reasons +const ( + // ResourceOperationalReasonOperational means the resource is operational (not failed). + // This is the normal operating state. + ResourceOperationalReasonOperational = "Operational" + + // ResourceOperationalReasonFailed means the resource has failed. + // A failed resource is one that is not able to start or is in an error state. This is an unexpected state. + ResourceOperationalReasonFailed = "Failed" +) + +// ResourceActive condition reasons +const ( + // ResourceActiveReasonActive means the resource is active. + // An active resource is running on a cluster node. This is the normal operating state. + ResourceActiveReasonActive = "Active" + + // ResourceActiveReasonInactive means the resource is not active. + // This is an unexpected state. + ResourceActiveReasonInactive = "Inactive" +) + +// ResourceStarted condition reasons +const ( + // ResourceStartedReasonStarted means the resource is started. + // This is the normal operating state. + ResourceStartedReasonStarted = "Started" + + // ResourceStartedReasonStopped means the resource is stopped. + // It's normal for a resource like etcd to become stopped in the event of a quorum loss event because + // the pacemaker recovery logic will fence a node and restore etcd quorum on the surviving node as a cluster-of-one. + // A resource that stays stopped for an extended period of time is an unexpected state and should be investigated. + ResourceStartedReasonStopped = "Stopped" +) + +// ResourceSchedulable condition reasons +const ( + // ResourceSchedulableReasonSchedulable means the resource is schedulable (not blocked). + // This is the normal operating state. + ResourceSchedulableReasonSchedulable = "Schedulable" + + // ResourceSchedulableReasonUnschedulable means the resource is not schedulable (blocked). + // A resource that is not schedulable is unable to start or move to a different node. This is an unexpected state. + ResourceSchedulableReasonUnschedulable = "Unschedulable" +) + +// PacemakerNodeAddressType represents the type of a node address. +// Currently only InternalIP is supported. +// +kubebuilder:validation:Enum=InternalIP +// +enum +type PacemakerNodeAddressType string + +const ( + // PacemakerNodeInternalIP is an internal IP address assigned to the node. + // This is typically the IP address used for intra-cluster communication. + PacemakerNodeInternalIP PacemakerNodeAddressType = "InternalIP" +) + +// PacemakerNodeAddress contains information for a node's address. +// This is similar to corev1.NodeAddress but adds validation for IP addresses. +type PacemakerNodeAddress struct { + // type is the type of node address. + // Currently only "InternalIP" is supported. + // +required + Type PacemakerNodeAddressType `json:"type,omitempty"` + + // address is the node address. + // For InternalIP, this must be a valid global unicast IPv4 or IPv6 address in canonical form. + // Canonical form means the shortest standard representation (e.g., "192.168.1.1" not "192.168.001.001", + // or "2001:db8::1" not "2001:0db8::1"). Maximum length is 39 characters (full IPv6 address). + // Global unicast includes private/RFC1918 addresses but excludes loopback, link-local, and multicast. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=39 + // +kubebuilder:validation:XValidation:rule="isIP(self) && ip.isCanonical(self) && ip(self).isGlobalUnicast()",message="must be a valid global unicast IPv4 or IPv6 address in canonical form" + // +required + Address string `json:"address,omitempty"` +} + +// PacemakerClusterResourceName represents the name of a pacemaker resource. +// Fencing agents are tracked separately in the fencingAgents field. +// +kubebuilder:validation:Enum=Kubelet;Etcd +// +enum +type PacemakerClusterResourceName string + +// PacemakerClusterResourceName values +const ( + // PacemakerClusterResourceNameKubelet is the kubelet pacemaker resource. + // The kubelet resource is a prerequisite for etcd in Two Node OpenShift with Fencing deployments. + PacemakerClusterResourceNameKubelet PacemakerClusterResourceName = "Kubelet" + + // PacemakerClusterResourceNameEtcd is the etcd pacemaker resource. + // The etcd resource may temporarily transition to stopped during pacemaker quorum-recovery operations. + PacemakerClusterResourceNameEtcd PacemakerClusterResourceName = "Etcd" +) + +// FencingMethod represents the method used by a fencing agent to isolate failed nodes. +// Valid values are "Redfish" and "IPMI". +// +kubebuilder:validation:Enum=Redfish;IPMI +// +enum +type FencingMethod string + +// FencingMethod values +const ( + // FencingMethodRedfish uses Redfish, a standard RESTful API for server management. + FencingMethodRedfish FencingMethod = "Redfish" + + // FencingMethodIPMI uses IPMI (Intelligent Platform Management Interface), a hardware management interface. + FencingMethodIPMI FencingMethod = "IPMI" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// PacemakerCluster represents the current state of the pacemaker cluster as reported by the pcs status command. +// PacemakerCluster is a cluster-scoped singleton resource. The name of this instance is "cluster". This +// resource provides a view into the health and status of a pacemaker-managed cluster in Two Node OpenShift with Fencing deployments. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=pacemakerclusters,scope=Cluster,singular=pacemakercluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/2544 +// +openshift:file-pattern=cvoRunLevel=0000_25,operatorName=etcd,operatorOrdering=01,operatorComponent=two-node-fencing +// +openshift:enable:FeatureGate=DualReplica +// +kubebuilder:validation:XValidation:rule="self.metadata.name == 'cluster'",message="PacemakerCluster must be named 'cluster'" +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.status) || has(self.status)",message="status may not be removed once set" +type PacemakerCluster struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +required + metav1.ObjectMeta `json:"metadata,omitempty"` + + // status contains the actual pacemaker cluster status information collected from the cluster. + // The goal of this status is to be able to quickly identify if pacemaker is in a healthy state. + // In Two Node OpenShift with Fencing, a healthy pacemaker cluster has 2 nodes, both of which have healthy kubelet, etcd, and fencing resources. + // This field is optional on creation - the status collector populates it immediately after creating + // the resource via the status subresource. + // +optional + Status PacemakerClusterStatus `json:"status,omitzero"` +} + +// PacemakerClusterStatus contains the actual pacemaker cluster status information. As part of validating the status +// object, we need to ensure that the lastUpdated timestamp may not be set to an earlier timestamp than the current value. +// The validation rule checks if oldSelf has lastUpdated before comparing, to handle the initial status creation case. +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.lastUpdated) || self.lastUpdated >= oldSelf.lastUpdated",message="lastUpdated may not be set to an earlier timestamp" +type PacemakerClusterStatus struct { + // conditions represent the observations of the pacemaker cluster's current state. + // Known condition types are: "Healthy", "InService", "NodeCountAsExpected". + // The "Healthy" condition is an aggregate that tracks the overall health of the cluster. + // The "InService" condition tracks whether the cluster is in service (not in maintenance mode). + // The "NodeCountAsExpected" condition tracks whether the expected number of nodes are present. + // Each of these conditions is required, so the array must contain at least 3 items. + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MinItems=3 + // +kubebuilder:validation:MaxItems=8 + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Healthy')",message="conditions must contain a condition of type Healthy" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'InService')",message="conditions must contain a condition of type InService" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'NodeCountAsExpected')",message="conditions must contain a condition of type NodeCountAsExpected" + // +required + Conditions []metav1.Condition `json:"conditions,omitempty"` + + // lastUpdated is the timestamp when this status was last updated. This is useful for identifying + // stale status reports. It must be a valid timestamp in RFC3339 format. Once set, this field cannot + // be removed and cannot be set to an earlier timestamp than the current value. + // +kubebuilder:validation:Format=date-time + // +required + LastUpdated metav1.Time `json:"lastUpdated,omitempty,omitzero"` + + // nodes provides detailed status for each control-plane node in the Pacemaker cluster. + // While Pacemaker supports up to 32 nodes, the limit is set to 5 (max OpenShift control-plane nodes). + // For Two Node OpenShift with Fencing, exactly 2 nodes are expected in a healthy cluster. + // An empty list indicates a catastrophic failure where Pacemaker reports no nodes. + // +listType=map + // +listMapKey=nodeName + // +kubebuilder:validation:MinItems=0 + // +kubebuilder:validation:MaxItems=5 + // +required + Nodes *[]PacemakerClusterNodeStatus `json:"nodes,omitempty"` +} + +// PacemakerClusterNodeStatus represents the status of a single node in the pacemaker cluster including +// the node's conditions and the health of critical resources running on that node. +type PacemakerClusterNodeStatus struct { + // conditions represent the observations of the node's current state. + // Known condition types are: "Healthy", "Online", "InService", "Active", "Ready", "Clean", "Member", + // "FencingAvailable", "FencingHealthy". + // The "Healthy" condition is an aggregate that tracks the overall health of the node. + // The "Online" condition tracks whether the node is online. + // The "InService" condition tracks whether the node is in service (not in maintenance mode). + // The "Active" condition tracks whether the node is active (not in standby mode). + // The "Ready" condition tracks whether the node is ready (not in a pending state). + // The "Clean" condition tracks whether the node is in a clean (status known) state. + // The "Member" condition tracks whether the node is a member of the cluster. + // The "FencingAvailable" condition tracks whether this node can be fenced by at least one healthy agent. + // The "FencingHealthy" condition tracks whether all fencing agents for this node are healthy. + // Each of these conditions is required, so the array must contain at least 9 items. + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MinItems=9 + // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Healthy')",message="conditions must contain a condition of type Healthy" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Online')",message="conditions must contain a condition of type Online" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'InService')",message="conditions must contain a condition of type InService" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Active')",message="conditions must contain a condition of type Active" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Ready')",message="conditions must contain a condition of type Ready" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Clean')",message="conditions must contain a condition of type Clean" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Member')",message="conditions must contain a condition of type Member" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'FencingAvailable')",message="conditions must contain a condition of type FencingAvailable" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'FencingHealthy')",message="conditions must contain a condition of type FencingHealthy" + // +required + Conditions []metav1.Condition `json:"conditions,omitempty"` + + // nodeName is the name of the node. This is expected to match the Kubernetes node's name, which must be a lowercase + // RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with + // an alphanumeric character, and be at most 253 characters in length. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="nodeName must be a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character" + // +required + NodeName string `json:"nodeName,omitempty"` + + // addresses is a list of IP addresses for the node. + // Pacemaker allows multiple IP addresses for Corosync communication between nodes. + // The first address in this list is used for IP-based peer URLs for etcd membership. + // Each address must be a valid global unicast IPv4 or IPv6 address in canonical form + // (e.g., "192.168.1.1" not "192.168.001.001", or "2001:db8::1" not "2001:0db8::1"). + // This excludes loopback, link-local, and multicast addresses. + // +listType=atomic + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=8 + // +required + Addresses []PacemakerNodeAddress `json:"addresses,omitempty"` + + // resources contains the status of pacemaker resources scheduled on this node. + // Each resource entry includes the resource name and its health conditions. + // For Two Node OpenShift with Fencing, we track Kubelet and Etcd resources per node. + // Both resources are required to be present, so the array must contain at least 2 items. + // Valid resource names are "Kubelet" and "Etcd". + // Fencing agents are tracked separately in the fencingAgents field. + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MinItems=2 + // +kubebuilder:validation:MaxItems=8 + // +kubebuilder:validation:XValidation:rule="self.exists(r, r.name == 'Kubelet')",message="resources must contain a resource named Kubelet" + // +kubebuilder:validation:XValidation:rule="self.exists(r, r.name == 'Etcd')",message="resources must contain a resource named Etcd" + // +required + Resources []PacemakerClusterResourceStatus `json:"resources,omitempty"` + + // fencingAgents contains the status of fencing agents that can fence this node. + // Unlike resources (which are scheduled to run on this node), fencing agents are mapped + // to the node they can fence (their target), not the node where monitoring operations run. + // Each fencing agent entry includes a unique name, fencing type, target node, and health conditions. + // A node is considered fence-capable if at least one fencing agent is healthy. + // A healthy node is expected to have at least 1 fencing agent, but the list may be empty + // when fencing agent discovery fails. + // Names must be unique within this array. + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MinItems=0 + // +kubebuilder:validation:MaxItems=8 + // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x.name == y.name))",message="fencing agent names must be unique" + // +required + FencingAgents []PacemakerClusterFencingAgentStatus `json:"fencingAgents,omitempty"` +} + +// PacemakerClusterFencingAgentStatus represents the status of a fencing agent that can fence a node. +// Fencing agents are STONITH (Shoot The Other Node In The Head) devices used to isolate failed nodes. +// Unlike regular pacemaker resources, fencing agents are mapped to their target node (the node they +// can fence), not the node where their monitoring operations are scheduled. +type PacemakerClusterFencingAgentStatus struct { + // conditions represent the observations of the fencing agent's current state. + // Known condition types are: "Healthy", "InService", "Managed", "Enabled", "Operational", + // "Active", "Started", "Schedulable". + // The "Healthy" condition is an aggregate that tracks the overall health of the fencing agent. + // The "InService" condition tracks whether the fencing agent is in service (not in maintenance mode). + // The "Managed" condition tracks whether the fencing agent is managed by pacemaker. + // The "Enabled" condition tracks whether the fencing agent is enabled. + // The "Operational" condition tracks whether the fencing agent is operational (not failed). + // The "Active" condition tracks whether the fencing agent is active (available to be used). + // The "Started" condition tracks whether the fencing agent is started. + // The "Schedulable" condition tracks whether the fencing agent is schedulable (not blocked). + // Each of these conditions is required, so the array must contain at least 8 items. + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MinItems=8 + // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Healthy')",message="conditions must contain a condition of type Healthy" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'InService')",message="conditions must contain a condition of type InService" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Managed')",message="conditions must contain a condition of type Managed" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Enabled')",message="conditions must contain a condition of type Enabled" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Operational')",message="conditions must contain a condition of type Operational" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Active')",message="conditions must contain a condition of type Active" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Started')",message="conditions must contain a condition of type Started" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Schedulable')",message="conditions must contain a condition of type Schedulable" + // +required + Conditions []metav1.Condition `json:"conditions,omitempty"` + + // name is the unique identifier for this fencing agent (e.g., "master-0_redfish"). + // The name must be unique within the fencingAgents array for this node. + // It may contain alphanumeric characters, dots, hyphens, and underscores. + // Maximum length is 300 characters, providing headroom beyond the typical format of + // _ (253 for RFC 1123 node name + 1 underscore + type). + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=300 + // +kubebuilder:validation:XValidation:rule="self.matches('^[a-zA-Z0-9._-]+$')",message="name must contain only alphanumeric characters, dots, hyphens, and underscores" + // +required + Name string `json:"name,omitempty"` + + // method is the fencing method used by this agent. + // Valid values are "Redfish" and "IPMI". + // Redfish is a standard RESTful API for server management. + // IPMI (Intelligent Platform Management Interface) is a hardware management interface. + // +required + Method FencingMethod `json:"method,omitempty"` +} + +// PacemakerClusterResourceStatus represents the status of a pacemaker resource scheduled on a node. +// A pacemaker resource is a unit of work managed by pacemaker. In pacemaker terminology, resources are services or +// applications that pacemaker monitors, starts, stops, and moves between nodes to maintain high availability. +// For Two Node OpenShift with Fencing, we track two resources per node: +// - Kubelet (the Kubernetes node agent and a prerequisite for etcd) +// - Etcd (the distributed key-value store) +// +// Fencing agents are tracked separately in the fencingAgents field because they are mapped to +// their target node (the node they can fence), not the node where monitoring operations are scheduled. +type PacemakerClusterResourceStatus struct { + // conditions represent the observations of the resource's current state. + // Known condition types are: "Healthy", "InService", "Managed", "Enabled", "Operational", + // "Active", "Started", "Schedulable". + // The "Healthy" condition is an aggregate that tracks the overall health of the resource. + // The "InService" condition tracks whether the resource is in service (not in maintenance mode). + // The "Managed" condition tracks whether the resource is managed by pacemaker. + // The "Enabled" condition tracks whether the resource is enabled. + // The "Operational" condition tracks whether the resource is operational (not failed). + // The "Active" condition tracks whether the resource is active (available to be used). + // The "Started" condition tracks whether the resource is started. + // The "Schedulable" condition tracks whether the resource is schedulable (not blocked). + // Each of these conditions is required, so the array must contain at least 8 items. + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MinItems=8 + // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Healthy')",message="conditions must contain a condition of type Healthy" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'InService')",message="conditions must contain a condition of type InService" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Managed')",message="conditions must contain a condition of type Managed" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Enabled')",message="conditions must contain a condition of type Enabled" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Operational')",message="conditions must contain a condition of type Operational" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Active')",message="conditions must contain a condition of type Active" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Started')",message="conditions must contain a condition of type Started" + // +kubebuilder:validation:XValidation:rule="self.exists(c, c.type == 'Schedulable')",message="conditions must contain a condition of type Schedulable" + // +required + Conditions []metav1.Condition `json:"conditions,omitempty"` + + // name is the name of the pacemaker resource. + // Valid values are "Kubelet" and "Etcd". + // The Kubelet resource is a prerequisite for etcd in Two Node OpenShift with Fencing deployments. + // The Etcd resource may temporarily transition to stopped during pacemaker quorum-recovery operations. + // Fencing agents are tracked separately in the node's fencingAgents field. + // +required + Name PacemakerClusterResourceName `json:"name,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// PacemakerClusterList contains a list of PacemakerCluster objects. PacemakerCluster is a cluster-scoped singleton +// resource; only one instance named "cluster" may exist. This list type exists only to satisfy Kubernetes API +// conventions. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type PacemakerClusterList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata,omitempty"` + + // items is a list of PacemakerCluster objects. + Items []PacemakerCluster `json:"items"` +} diff --git a/vendor/github.com/openshift/api/etcd/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/etcd/v1/zz_generated.deepcopy.go new file mode 100644 index 0000000000..c529240e40 --- /dev/null +++ b/vendor/github.com/openshift/api/etcd/v1/zz_generated.deepcopy.go @@ -0,0 +1,210 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +// Code generated by codegen. DO NOT EDIT. + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PacemakerCluster) DeepCopyInto(out *PacemakerCluster) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PacemakerCluster. +func (in *PacemakerCluster) DeepCopy() *PacemakerCluster { + if in == nil { + return nil + } + out := new(PacemakerCluster) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PacemakerCluster) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PacemakerClusterFencingAgentStatus) DeepCopyInto(out *PacemakerClusterFencingAgentStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PacemakerClusterFencingAgentStatus. +func (in *PacemakerClusterFencingAgentStatus) DeepCopy() *PacemakerClusterFencingAgentStatus { + if in == nil { + return nil + } + out := new(PacemakerClusterFencingAgentStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PacemakerClusterList) DeepCopyInto(out *PacemakerClusterList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]PacemakerCluster, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PacemakerClusterList. +func (in *PacemakerClusterList) DeepCopy() *PacemakerClusterList { + if in == nil { + return nil + } + out := new(PacemakerClusterList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PacemakerClusterList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PacemakerClusterNodeStatus) DeepCopyInto(out *PacemakerClusterNodeStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Addresses != nil { + in, out := &in.Addresses, &out.Addresses + *out = make([]PacemakerNodeAddress, len(*in)) + copy(*out, *in) + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]PacemakerClusterResourceStatus, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.FencingAgents != nil { + in, out := &in.FencingAgents, &out.FencingAgents + *out = make([]PacemakerClusterFencingAgentStatus, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PacemakerClusterNodeStatus. +func (in *PacemakerClusterNodeStatus) DeepCopy() *PacemakerClusterNodeStatus { + if in == nil { + return nil + } + out := new(PacemakerClusterNodeStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PacemakerClusterResourceStatus) DeepCopyInto(out *PacemakerClusterResourceStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PacemakerClusterResourceStatus. +func (in *PacemakerClusterResourceStatus) DeepCopy() *PacemakerClusterResourceStatus { + if in == nil { + return nil + } + out := new(PacemakerClusterResourceStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PacemakerClusterStatus) DeepCopyInto(out *PacemakerClusterStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + in.LastUpdated.DeepCopyInto(&out.LastUpdated) + if in.Nodes != nil { + in, out := &in.Nodes, &out.Nodes + *out = new([]PacemakerClusterNodeStatus) + if **in != nil { + in, out := *in, *out + *out = make([]PacemakerClusterNodeStatus, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PacemakerClusterStatus. +func (in *PacemakerClusterStatus) DeepCopy() *PacemakerClusterStatus { + if in == nil { + return nil + } + out := new(PacemakerClusterStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PacemakerNodeAddress) DeepCopyInto(out *PacemakerNodeAddress) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PacemakerNodeAddress. +func (in *PacemakerNodeAddress) DeepCopy() *PacemakerNodeAddress { + if in == nil { + return nil + } + out := new(PacemakerNodeAddress) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/github.com/openshift/api/etcd/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/etcd/v1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..1a11a877c4 --- /dev/null +++ b/vendor/github.com/openshift/api/etcd/v1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,23 @@ +pacemakerclusters.etcd.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/2544 + CRDName: pacemakerclusters.etcd.openshift.io + Capability: "" + Category: "" + FeatureGates: + - DualReplica + FilenameOperatorName: etcd + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_25" + GroupName: etcd.openshift.io + HasStatus: true + KindName: PacemakerCluster + Labels: {} + PluralName: pacemakerclusters + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: + - DualReplica + Version: v1 + diff --git a/vendor/github.com/openshift/api/etcd/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/etcd/v1/zz_generated.swagger_doc_generated.go new file mode 100644 index 0000000000..e9e47b47cf --- /dev/null +++ b/vendor/github.com/openshift/api/etcd/v1/zz_generated.swagger_doc_generated.go @@ -0,0 +1,89 @@ +package v1 + +// This file contains a collection of methods that can be used from go-restful to +// generate Swagger API documentation for its models. Please read this PR for more +// information on the implementation: https://github.com/emicklei/go-restful/pull/215 +// +// TODOs are ignored from the parser (e.g. TODO(andronat):... || TODO:...) if and only if +// they are on one line! For multiple line or blocks that you want to ignore use ---. +// Any context after a --- is ignored. +// +// Those methods can be generated by using hack/update-swagger-docs.sh + +// AUTO-GENERATED FUNCTIONS START HERE +var map_PacemakerCluster = map[string]string{ + "": "PacemakerCluster represents the current state of the pacemaker cluster as reported by the pcs status command. PacemakerCluster is a cluster-scoped singleton resource. The name of this instance is \"cluster\". This resource provides a view into the health and status of a pacemaker-managed cluster in Two Node OpenShift with Fencing deployments.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "status": "status contains the actual pacemaker cluster status information collected from the cluster. The goal of this status is to be able to quickly identify if pacemaker is in a healthy state. In Two Node OpenShift with Fencing, a healthy pacemaker cluster has 2 nodes, both of which have healthy kubelet, etcd, and fencing resources. This field is optional on creation - the status collector populates it immediately after creating the resource via the status subresource.", +} + +func (PacemakerCluster) SwaggerDoc() map[string]string { + return map_PacemakerCluster +} + +var map_PacemakerClusterFencingAgentStatus = map[string]string{ + "": "PacemakerClusterFencingAgentStatus represents the status of a fencing agent that can fence a node. Fencing agents are STONITH (Shoot The Other Node In The Head) devices used to isolate failed nodes. Unlike regular pacemaker resources, fencing agents are mapped to their target node (the node they can fence), not the node where their monitoring operations are scheduled.", + "conditions": "conditions represent the observations of the fencing agent's current state. Known condition types are: \"Healthy\", \"InService\", \"Managed\", \"Enabled\", \"Operational\", \"Active\", \"Started\", \"Schedulable\". The \"Healthy\" condition is an aggregate that tracks the overall health of the fencing agent. The \"InService\" condition tracks whether the fencing agent is in service (not in maintenance mode). The \"Managed\" condition tracks whether the fencing agent is managed by pacemaker. The \"Enabled\" condition tracks whether the fencing agent is enabled. The \"Operational\" condition tracks whether the fencing agent is operational (not failed). The \"Active\" condition tracks whether the fencing agent is active (available to be used). The \"Started\" condition tracks whether the fencing agent is started. The \"Schedulable\" condition tracks whether the fencing agent is schedulable (not blocked). Each of these conditions is required, so the array must contain at least 8 items.", + "name": "name is the unique identifier for this fencing agent (e.g., \"master-0_redfish\"). The name must be unique within the fencingAgents array for this node. It may contain alphanumeric characters, dots, hyphens, and underscores. Maximum length is 300 characters, providing headroom beyond the typical format of _ (253 for RFC 1123 node name + 1 underscore + type).", + "method": "method is the fencing method used by this agent. Valid values are \"Redfish\" and \"IPMI\". Redfish is a standard RESTful API for server management. IPMI (Intelligent Platform Management Interface) is a hardware management interface.", +} + +func (PacemakerClusterFencingAgentStatus) SwaggerDoc() map[string]string { + return map_PacemakerClusterFencingAgentStatus +} + +var map_PacemakerClusterList = map[string]string{ + "": "PacemakerClusterList contains a list of PacemakerCluster objects. PacemakerCluster is a cluster-scoped singleton resource; only one instance named \"cluster\" may exist. This list type exists only to satisfy Kubernetes API conventions.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "items": "items is a list of PacemakerCluster objects.", +} + +func (PacemakerClusterList) SwaggerDoc() map[string]string { + return map_PacemakerClusterList +} + +var map_PacemakerClusterNodeStatus = map[string]string{ + "": "PacemakerClusterNodeStatus represents the status of a single node in the pacemaker cluster including the node's conditions and the health of critical resources running on that node.", + "conditions": "conditions represent the observations of the node's current state. Known condition types are: \"Healthy\", \"Online\", \"InService\", \"Active\", \"Ready\", \"Clean\", \"Member\", \"FencingAvailable\", \"FencingHealthy\". The \"Healthy\" condition is an aggregate that tracks the overall health of the node. The \"Online\" condition tracks whether the node is online. The \"InService\" condition tracks whether the node is in service (not in maintenance mode). The \"Active\" condition tracks whether the node is active (not in standby mode). The \"Ready\" condition tracks whether the node is ready (not in a pending state). The \"Clean\" condition tracks whether the node is in a clean (status known) state. The \"Member\" condition tracks whether the node is a member of the cluster. The \"FencingAvailable\" condition tracks whether this node can be fenced by at least one healthy agent. The \"FencingHealthy\" condition tracks whether all fencing agents for this node are healthy. Each of these conditions is required, so the array must contain at least 9 items.", + "nodeName": "nodeName is the name of the node. This is expected to match the Kubernetes node's name, which must be a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length.", + "addresses": "addresses is a list of IP addresses for the node. Pacemaker allows multiple IP addresses for Corosync communication between nodes. The first address in this list is used for IP-based peer URLs for etcd membership. Each address must be a valid global unicast IPv4 or IPv6 address in canonical form (e.g., \"192.168.1.1\" not \"192.168.001.001\", or \"2001:db8::1\" not \"2001:0db8::1\"). This excludes loopback, link-local, and multicast addresses.", + "resources": "resources contains the status of pacemaker resources scheduled on this node. Each resource entry includes the resource name and its health conditions. For Two Node OpenShift with Fencing, we track Kubelet and Etcd resources per node. Both resources are required to be present, so the array must contain at least 2 items. Valid resource names are \"Kubelet\" and \"Etcd\". Fencing agents are tracked separately in the fencingAgents field.", + "fencingAgents": "fencingAgents contains the status of fencing agents that can fence this node. Unlike resources (which are scheduled to run on this node), fencing agents are mapped to the node they can fence (their target), not the node where monitoring operations run. Each fencing agent entry includes a unique name, fencing type, target node, and health conditions. A node is considered fence-capable if at least one fencing agent is healthy. A healthy node is expected to have at least 1 fencing agent, but the list may be empty when fencing agent discovery fails. Names must be unique within this array.", +} + +func (PacemakerClusterNodeStatus) SwaggerDoc() map[string]string { + return map_PacemakerClusterNodeStatus +} + +var map_PacemakerClusterResourceStatus = map[string]string{ + "": "PacemakerClusterResourceStatus represents the status of a pacemaker resource scheduled on a node. A pacemaker resource is a unit of work managed by pacemaker. In pacemaker terminology, resources are services or applications that pacemaker monitors, starts, stops, and moves between nodes to maintain high availability. For Two Node OpenShift with Fencing, we track two resources per node:\n - Kubelet (the Kubernetes node agent and a prerequisite for etcd)\n - Etcd (the distributed key-value store)\n\nFencing agents are tracked separately in the fencingAgents field because they are mapped to their target node (the node they can fence), not the node where monitoring operations are scheduled.", + "conditions": "conditions represent the observations of the resource's current state. Known condition types are: \"Healthy\", \"InService\", \"Managed\", \"Enabled\", \"Operational\", \"Active\", \"Started\", \"Schedulable\". The \"Healthy\" condition is an aggregate that tracks the overall health of the resource. The \"InService\" condition tracks whether the resource is in service (not in maintenance mode). The \"Managed\" condition tracks whether the resource is managed by pacemaker. The \"Enabled\" condition tracks whether the resource is enabled. The \"Operational\" condition tracks whether the resource is operational (not failed). The \"Active\" condition tracks whether the resource is active (available to be used). The \"Started\" condition tracks whether the resource is started. The \"Schedulable\" condition tracks whether the resource is schedulable (not blocked). Each of these conditions is required, so the array must contain at least 8 items.", + "name": "name is the name of the pacemaker resource. Valid values are \"Kubelet\" and \"Etcd\". The Kubelet resource is a prerequisite for etcd in Two Node OpenShift with Fencing deployments. The Etcd resource may temporarily transition to stopped during pacemaker quorum-recovery operations. Fencing agents are tracked separately in the node's fencingAgents field.", +} + +func (PacemakerClusterResourceStatus) SwaggerDoc() map[string]string { + return map_PacemakerClusterResourceStatus +} + +var map_PacemakerClusterStatus = map[string]string{ + "": "PacemakerClusterStatus contains the actual pacemaker cluster status information. As part of validating the status object, we need to ensure that the lastUpdated timestamp may not be set to an earlier timestamp than the current value. The validation rule checks if oldSelf has lastUpdated before comparing, to handle the initial status creation case.", + "conditions": "conditions represent the observations of the pacemaker cluster's current state. Known condition types are: \"Healthy\", \"InService\", \"NodeCountAsExpected\". The \"Healthy\" condition is an aggregate that tracks the overall health of the cluster. The \"InService\" condition tracks whether the cluster is in service (not in maintenance mode). The \"NodeCountAsExpected\" condition tracks whether the expected number of nodes are present. Each of these conditions is required, so the array must contain at least 3 items.", + "lastUpdated": "lastUpdated is the timestamp when this status was last updated. This is useful for identifying stale status reports. It must be a valid timestamp in RFC3339 format. Once set, this field cannot be removed and cannot be set to an earlier timestamp than the current value.", + "nodes": "nodes provides detailed status for each control-plane node in the Pacemaker cluster. While Pacemaker supports up to 32 nodes, the limit is set to 5 (max OpenShift control-plane nodes). For Two Node OpenShift with Fencing, exactly 2 nodes are expected in a healthy cluster. An empty list indicates a catastrophic failure where Pacemaker reports no nodes.", +} + +func (PacemakerClusterStatus) SwaggerDoc() map[string]string { + return map_PacemakerClusterStatus +} + +var map_PacemakerNodeAddress = map[string]string{ + "": "PacemakerNodeAddress contains information for a node's address. This is similar to corev1.NodeAddress but adds validation for IP addresses.", + "type": "type is the type of node address. Currently only \"InternalIP\" is supported.", + "address": "address is the node address. For InternalIP, this must be a valid global unicast IPv4 or IPv6 address in canonical form. Canonical form means the shortest standard representation (e.g., \"192.168.1.1\" not \"192.168.001.001\", or \"2001:db8::1\" not \"2001:0db8::1\"). Maximum length is 39 characters (full IPv6 address). Global unicast includes private/RFC1918 addresses but excludes loopback, link-local, and multicast.", +} + +func (PacemakerNodeAddress) SwaggerDoc() map[string]string { + return map_PacemakerNodeAddress +} + +// AUTO-GENERATED FUNCTIONS END HERE diff --git a/vendor/github.com/openshift/api/etcd/v1alpha1/types_pacemakercluster.go b/vendor/github.com/openshift/api/etcd/v1alpha1/types_pacemakercluster.go index ab06d0e390..b627413474 100644 --- a/vendor/github.com/openshift/api/etcd/v1alpha1/types_pacemakercluster.go +++ b/vendor/github.com/openshift/api/etcd/v1alpha1/types_pacemakercluster.go @@ -609,11 +609,12 @@ type PacemakerClusterNodeStatus struct { // to the node they can fence (their target), not the node where monitoring operations run. // Each fencing agent entry includes a unique name, fencing type, target node, and health conditions. // A node is considered fence-capable if at least one fencing agent is healthy. - // Expected to have 1 fencing agent per node, but up to 8 are supported for redundancy. + // A healthy node is expected to have at least 1 fencing agent, but the list may be empty + // when fencing agent discovery fails. // Names must be unique within this array. // +listType=map // +listMapKey=name - // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MinItems=0 // +kubebuilder:validation:MaxItems=8 // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x.name == y.name))",message="fencing agent names must be unique" // +required diff --git a/vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.swagger_doc_generated.go index 62e1c3ebd7..dc6f224288 100644 --- a/vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.swagger_doc_generated.go @@ -48,7 +48,7 @@ var map_PacemakerClusterNodeStatus = map[string]string{ "nodeName": "nodeName is the name of the node. This is expected to match the Kubernetes node's name, which must be a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length.", "addresses": "addresses is a list of IP addresses for the node. Pacemaker allows multiple IP addresses for Corosync communication between nodes. The first address in this list is used for IP-based peer URLs for etcd membership. Each address must be a valid global unicast IPv4 or IPv6 address in canonical form (e.g., \"192.168.1.1\" not \"192.168.001.001\", or \"2001:db8::1\" not \"2001:0db8::1\"). This excludes loopback, link-local, and multicast addresses.", "resources": "resources contains the status of pacemaker resources scheduled on this node. Each resource entry includes the resource name and its health conditions. For Two Node OpenShift with Fencing, we track Kubelet and Etcd resources per node. Both resources are required to be present, so the array must contain at least 2 items. Valid resource names are \"Kubelet\" and \"Etcd\". Fencing agents are tracked separately in the fencingAgents field.", - "fencingAgents": "fencingAgents contains the status of fencing agents that can fence this node. Unlike resources (which are scheduled to run on this node), fencing agents are mapped to the node they can fence (their target), not the node where monitoring operations run. Each fencing agent entry includes a unique name, fencing type, target node, and health conditions. A node is considered fence-capable if at least one fencing agent is healthy. Expected to have 1 fencing agent per node, but up to 8 are supported for redundancy. Names must be unique within this array.", + "fencingAgents": "fencingAgents contains the status of fencing agents that can fence this node. Unlike resources (which are scheduled to run on this node), fencing agents are mapped to the node they can fence (their target), not the node where monitoring operations run. Each fencing agent entry includes a unique name, fencing type, target node, and health conditions. A node is considered fence-capable if at least one fencing agent is healthy. A healthy node is expected to have at least 1 fencing agent, but the list may be empty when fencing agent discovery fails. Names must be unique within this array.", } func (PacemakerClusterNodeStatus) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/features.md b/vendor/github.com/openshift/api/features.md index 5259884ec6..8112c57f72 100644 --- a/vendor/github.com/openshift/api/features.md +++ b/vendor/github.com/openshift/api/features.md @@ -8,26 +8,32 @@ | ShortCertRotation| | | | | | | | | | ClusterAPIComputeInstall| | | Enabled | Enabled | | | | | | ClusterAPIControlPlaneInstall| | | Enabled | Enabled | | | | | +| ClusterUpdatePreflight| | | Enabled | Enabled | | | | | +| ConfidentialCluster| | | Enabled | Enabled | | | | | | Example2| | | Enabled | Enabled | | | | | +| ExternalOIDCExternalClaimsSourcing| | | Enabled | Enabled | | | | | | ExternalSnapshotMetadata| | | Enabled | Enabled | | | | | | KMSEncryptionProvider| | | Enabled | Enabled | | | | | +| MachineAPIMigrationVSphere| | | Enabled | Enabled | | | | | | NetworkConnect| | | Enabled | Enabled | | | | | | NewOLMBoxCutterRuntime| | | | Enabled | | | | Enabled | | NewOLMCatalogdAPIV1Metas| | | | Enabled | | | | Enabled | +| NewOLMConfigAPI| | | | Enabled | | | | Enabled | +| NewOLMOwnSingleNamespace| | | | Enabled | | | | Enabled | | NewOLMPreflightPermissionChecks| | | | Enabled | | | | Enabled | | NoRegistryClusterInstall| | | | Enabled | | | | Enabled | | ProvisioningRequestAvailable| | | Enabled | Enabled | | | | | +| VSphereMultiVCenterDay2| | | Enabled | Enabled | | | | | | AWSClusterHostedDNS| | | Enabled | Enabled | | | Enabled | Enabled | | AWSClusterHostedDNSInstall| | | Enabled | Enabled | | | Enabled | Enabled | | AWSDedicatedHosts| | | Enabled | Enabled | | | Enabled | Enabled | | AWSDualStackInstall| | | Enabled | Enabled | | | Enabled | Enabled | -| AWSServiceLBNetworkSecurityGroup| | | Enabled | Enabled | | | Enabled | Enabled | +| AWSEuropeanSovereignCloudInstall| | | Enabled | Enabled | | | Enabled | Enabled | +| AdditionalStorageConfig| | | Enabled | Enabled | | | Enabled | Enabled | | AutomatedEtcdBackup| | | Enabled | Enabled | | | Enabled | Enabled | -| AzureClusterHostedDNSInstall| | | Enabled | Enabled | | | Enabled | Enabled | | AzureDedicatedHosts| | | Enabled | Enabled | | | Enabled | Enabled | | AzureDualStackInstall| | | Enabled | Enabled | | | Enabled | Enabled | | AzureMultiDisk| | | Enabled | Enabled | | | Enabled | Enabled | -| BootImageSkewEnforcement| | | Enabled | Enabled | | | Enabled | Enabled | | BootcNodeManagement| | | Enabled | Enabled | | | Enabled | Enabled | | CBORServingAndStorage| | | Enabled | Enabled | | | Enabled | Enabled | | CRDCompatibilityRequirementOperator| | | Enabled | Enabled | | | Enabled | Enabled | @@ -48,18 +54,14 @@ | ConfigurablePKI| | | Enabled | Enabled | | | Enabled | Enabled | | DNSNameResolver| | | Enabled | Enabled | | | Enabled | Enabled | | DRAPartitionableDevices| | | Enabled | Enabled | | | Enabled | Enabled | -| DualReplica| | | Enabled | Enabled | | | Enabled | Enabled | | DyanmicServiceEndpointIBMCloud| | | Enabled | Enabled | | | Enabled | Enabled | | EVPN| | | Enabled | Enabled | | | Enabled | Enabled | | EtcdBackendQuota| | | Enabled | Enabled | | | Enabled | Enabled | -| EventTTL| | | Enabled | Enabled | | | Enabled | Enabled | | Example| | | Enabled | Enabled | | | Enabled | Enabled | | ExternalOIDCWithUpstreamParity| | | Enabled | Enabled | | | Enabled | Enabled | -| GCPClusterHostedDNS| | | Enabled | Enabled | | | Enabled | Enabled | | GCPCustomAPIEndpoints| | | Enabled | Enabled | | | Enabled | Enabled | | GCPCustomAPIEndpointsInstall| | | Enabled | Enabled | | | Enabled | Enabled | | GCPDualStackInstall| | | Enabled | Enabled | | | Enabled | Enabled | -| GatewayAPIWithoutOLM| | | Enabled | Enabled | | | Enabled | Enabled | | HyperShiftOnlyDynamicResourceAllocation| Enabled | | Enabled | | Enabled | | Enabled | | | ImageModeStatusReporting| | | Enabled | Enabled | | | Enabled | Enabled | | IngressControllerDynamicConfigurationManager| | | Enabled | Enabled | | | Enabled | Enabled | @@ -74,42 +76,37 @@ | MultiDiskSetup| | | Enabled | Enabled | | | Enabled | Enabled | | MutatingAdmissionPolicy| | | Enabled | Enabled | | | Enabled | Enabled | | NewOLM| | Enabled | | Enabled | | Enabled | | Enabled | -| NewOLMOwnSingleNamespace| | Enabled | | Enabled | | Enabled | | Enabled | | NewOLMWebhookProviderOpenshiftServiceCA| | Enabled | | Enabled | | Enabled | | Enabled | +| NoOverlayMode| | | Enabled | Enabled | | | Enabled | Enabled | | NutanixMultiSubnets| | | Enabled | Enabled | | | Enabled | Enabled | | OSStreams| | | Enabled | Enabled | | | Enabled | Enabled | | OVNObservability| | | Enabled | Enabled | | | Enabled | Enabled | | OnPremDNSRecords| | | Enabled | Enabled | | | Enabled | Enabled | | SELinuxMount| | | Enabled | Enabled | | | Enabled | Enabled | | SignatureStores| | | Enabled | Enabled | | | Enabled | Enabled | +| TLSAdherence| | | Enabled | Enabled | | | Enabled | Enabled | | VSphereConfigurableMaxAllowedBlockVolumesPerNode| | | Enabled | Enabled | | | Enabled | Enabled | -| VSphereHostVMGroupZonal| | | Enabled | Enabled | | | Enabled | Enabled | | VSphereMixedNodeEnv| | | Enabled | Enabled | | | Enabled | Enabled | | VolumeGroupSnapshot| | | Enabled | Enabled | | | Enabled | Enabled | +| AWSServiceLBNetworkSecurityGroup| | Enabled | Enabled | Enabled | | Enabled | Enabled | Enabled | +| AzureClusterHostedDNSInstall| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | AzureWorkloadIdentity| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| BootImageSkewEnforcement| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | BuildCSIVolumes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ConsolePluginContentSecurityPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| DualReplica| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| EventTTL| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ExternalOIDC| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ExternalOIDCWithUIDAndExtraClaimMappings| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| GCPClusterHostedDNSInstall| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| GatewayAPI| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| GatewayAPIController| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| HighlyAvailableArbiter| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| GatewayAPIWithoutOLM| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ImageStreamImportMode| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ImageVolume| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | InsightsConfig| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | InsightsOnDemandDataGather| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | KMSv1| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| MachineConfigNodes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ManagedBootImages| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ManagedBootImagesAWS| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ManagedBootImagesAzure| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ManagedBootImagesCPMS| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ManagedBootImagesvSphere| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | MetricsCollectionProfiles| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | MutableCSINodeAllocatableCount| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | OpenShiftPodSecurityAdmission| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| PinnedImages| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | RouteExternalCertificate| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ServiceAccountTokenNodeBinding| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | SigstoreImageVerification| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | @@ -118,5 +115,6 @@ | UpgradeStatus| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | UserNamespacesPodSecurityStandards| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | UserNamespacesSupport| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| VSphereHostVMGroupZonal| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | VSphereMultiDisk| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | VSphereMultiNetworks| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | diff --git a/vendor/github.com/openshift/api/features/features.go b/vendor/github.com/openshift/api/features/features.go index 3ba5f3113e..5d148165cc 100644 --- a/vendor/github.com/openshift/api/features/features.go +++ b/vendor/github.com/openshift/api/features/features.go @@ -99,14 +99,6 @@ var ( enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() - FeatureGateGatewayAPI = newFeatureGate("GatewayAPI"). - reportProblemsToJiraComponent("Routing"). - contactPerson("miciah"). - productScope(ocpSpecific). - enhancementPR(legacyFeatureGateWithoutEnhancement). - enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). - mustRegister() - FeatureGateOpenShiftPodSecurityAdmission = newFeatureGate("OpenShiftPodSecurityAdmission"). reportProblemsToJiraComponent("auth"). contactPerson("ibihim"). @@ -183,7 +175,7 @@ var ( contactPerson("jcpowermac"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1677"). - enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateVSphereMultiDisk = newFeatureGate("VSphereMultiDisk"). @@ -210,6 +202,14 @@ var ( enable(inDevPreviewNoUpgrade()). mustRegister() + FeatureGateNoOverlayMode = newFeatureGate("NoOverlayMode"). + reportProblemsToJiraComponent("Networking/ovn-kubernetes"). + contactPerson("pliurh"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1859"). + enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). + mustRegister() + FeatureGateEVPN = newFeatureGate("EVPN"). reportProblemsToJiraComponent("Networking/ovn-kubernetes"). contactPerson("jcaamano"). @@ -257,14 +257,6 @@ var ( enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() - FeatureGateMachineConfigNodes = newFeatureGate("MachineConfigNodes"). - reportProblemsToJiraComponent("MachineConfigOperator"). - contactPerson("ijanssen"). - productScope(ocpSpecific). - enhancementPR("https://github.com/openshift/enhancements/pull/1765"). - enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). - mustRegister() - FeatureGateImageModeStatusReporting = newFeatureGate("ImageModeStatusReporting"). reportProblemsToJiraComponent("MachineConfigOperator"). contactPerson("ijanssen"). @@ -280,14 +272,6 @@ var ( enhancementPR(legacyFeatureGateWithoutEnhancement). mustRegister() - FeatureGateGCPClusterHostedDNS = newFeatureGate("GCPClusterHostedDNS"). - reportProblemsToJiraComponent("Installer"). - contactPerson("barbacbd"). - productScope(ocpSpecific). - enhancementPR(legacyFeatureGateWithoutEnhancement). - enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). - mustRegister() - FeatureGateAWSClusterHostedDNS = newFeatureGate("AWSClusterHostedDNS"). reportProblemsToJiraComponent("Installer"). contactPerson("barbacbd"). @@ -301,7 +285,7 @@ var ( contactPerson("sadasu"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1468"). - enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateMixedCPUsAllocation = newFeatureGate("MixedCPUsAllocation"). @@ -312,38 +296,6 @@ var ( enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() - FeatureGateManagedBootImages = newFeatureGate("ManagedBootImages"). - reportProblemsToJiraComponent("MachineConfigOperator"). - contactPerson("djoshy"). - productScope(ocpSpecific). - enhancementPR(legacyFeatureGateWithoutEnhancement). - enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). - mustRegister() - - FeatureGateManagedBootImagesAWS = newFeatureGate("ManagedBootImagesAWS"). - reportProblemsToJiraComponent("MachineConfigOperator"). - contactPerson("djoshy"). - productScope(ocpSpecific). - enhancementPR(legacyFeatureGateWithoutEnhancement). - enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). - mustRegister() - - FeatureGateManagedBootImagesvSphere = newFeatureGate("ManagedBootImagesvSphere"). - reportProblemsToJiraComponent("MachineConfigOperator"). - contactPerson("rsaini"). - productScope(ocpSpecific). - enhancementPR("https://github.com/openshift/enhancements/pull/1496"). - enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). - mustRegister() - - FeatureGateManagedBootImagesAzure = newFeatureGate("ManagedBootImagesAzure"). - reportProblemsToJiraComponent("MachineConfigOperator"). - contactPerson("djoshy"). - productScope(ocpSpecific). - enhancementPR("https://github.com/openshift/enhancements/pull/1761"). - enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). - mustRegister() - FeatureGateManagedBootImagesCPMS = newFeatureGate("ManagedBootImagesCPMS"). reportProblemsToJiraComponent("MachineConfigOperator"). contactPerson("djoshy"). @@ -357,7 +309,7 @@ var ( contactPerson("djoshy"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1761"). - enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateBootcNodeManagement = newFeatureGate("BootcNodeManagement"). @@ -384,13 +336,13 @@ var ( enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() - FeatureGatePinnedImages = newFeatureGate("PinnedImages"). - reportProblemsToJiraComponent("MachineConfigOperator"). - contactPerson("RishabhSaini"). - productScope(ocpSpecific). - enhancementPR(legacyFeatureGateWithoutEnhancement). - enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). - mustRegister() + FeatureGateAdditionalStorageConfig = newFeatureGate("AdditionalStorageConfig"). + reportProblemsToJiraComponent("node"). + contactPerson("saschagrunert"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1934"). + enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). + mustRegister() FeatureGateUpgradeStatus = newFeatureGate("UpgradeStatus"). reportProblemsToJiraComponent("Cluster Version Operator"). @@ -440,6 +392,14 @@ var ( enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). mustRegister() + FeatureGateExternalOIDCExternalClaimsSourcing = newFeatureGate("ExternalOIDCExternalClaimsSourcing"). + reportProblemsToJiraComponent("authentication"). + contactPerson("bpalmer"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1907"). + enable(inDevPreviewNoUpgrade()). + mustRegister() + FeatureGateExample = newFeatureGate("Example"). reportProblemsToJiraComponent("cluster-config"). contactPerson("deads"). @@ -485,7 +445,7 @@ var ( contactPerson("nschieder"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1849"). - enable(inClusterProfile(SelfManaged), inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). + enable(inClusterProfile(SelfManaged), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateNewOLMWebhookProviderOpenshiftServiceCA = newFeatureGate("NewOLMWebhookProviderOpenshiftServiceCA"). @@ -504,6 +464,14 @@ var ( enable(inClusterProfile(SelfManaged), inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). mustRegister() + FeatureGateNewOLMConfigAPI = newFeatureGate("NewOLMConfigAPI"). + reportProblemsToJiraComponent("olm"). + contactPerson("tmshort"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1915"). + enable(inClusterProfile(SelfManaged), inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). + mustRegister() + FeatureGateInsightsOnDemandDataGather = newFeatureGate("InsightsOnDemandDataGather"). reportProblemsToJiraComponent("insights"). contactPerson("tremes"). @@ -559,6 +527,13 @@ var ( enhancementPR("https://github.com/openshift/enhancements/pull/1465"). enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() + FeatureGateMachineAPIMigrationVSphere = newFeatureGate("MachineAPIMigrationVSphere"). + reportProblemsToJiraComponent("SPLAT"). + contactPerson("jcpowermac"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1465"). + enable(inDevPreviewNoUpgrade()). + mustRegister() FeatureGateClusterAPIMachineManagement = newFeatureGate("ClusterAPIMachineManagement"). reportProblemsToJiraComponent("Cloud Compute / Cluster API Providers"). @@ -714,14 +689,6 @@ var ( enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). mustRegister() - FeatureGateHighlyAvailableArbiter = newFeatureGate("HighlyAvailableArbiter"). - reportProblemsToJiraComponent("Two Node with Arbiter"). - contactPerson("eggfoobar"). - productScope(ocpSpecific). - enhancementPR("https://github.com/openshift/enhancements/pull/1674"). - enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). - mustRegister() - FeatureGateCVOConfiguration = newFeatureGate("ClusterVersionOperatorConfiguration"). reportProblemsToJiraComponent("Cluster Version Operator"). contactPerson("dhurta"). @@ -738,6 +705,14 @@ var ( enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). mustRegister() + FeatureGateClusterUpdatePreflight = newFeatureGate("ClusterUpdatePreflight"). + reportProblemsToJiraComponent("Cluster Version Operator"). + contactPerson("fao89"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1930"). + enable(inDevPreviewNoUpgrade()). + mustRegister() + FeatureGateGCPCustomAPIEndpoints = newFeatureGate("GCPCustomAPIEndpoints"). reportProblemsToJiraComponent("Installer"). contactPerson("barbacbd"). @@ -767,22 +742,9 @@ var ( contactPerson("jaypoulz"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1675"). - enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() - FeatureGateGatewayAPIController = newFeatureGate("GatewayAPIController"). - reportProblemsToJiraComponent("Routing"). - contactPerson("miciah"). - productScope(ocpSpecific). - // Previously, the "GatewayAPI" feature gate managed both the GatewayAPI CRDs - // and the Gateway Controller. However, with the introduction of Gateway CRD - // lifecycle management (EP#1756), these responsibilities were separated. - // A dedicated feature gate now controls the Gateway Controller to distinguish - // its production readiness from that of the CRDs. - enhancementPR("https://github.com/openshift/enhancements/pull/1756"). - enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). - mustRegister() - FeatureShortCertRotation = newFeatureGate("ShortCertRotation"). reportProblemsToJiraComponent("kube-apiserver"). contactPerson("vrutkovs"). @@ -838,22 +800,23 @@ var ( enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() + FeatureGateVSphereMultiVCenterDay2 = newFeatureGate("VSphereMultiVCenterDay2"). + reportProblemsToJiraComponent("splat"). + contactPerson("vr4manta"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1961"). + enable(inDevPreviewNoUpgrade()). + mustRegister() + FeatureGateAWSServiceLBNetworkSecurityGroup = newFeatureGate("AWSServiceLBNetworkSecurityGroup"). reportProblemsToJiraComponent("Cloud Compute / Cloud Controller Manager"). contactPerson("mtulio"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1802"). - enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). + enable(inClusterProfile(SelfManaged), inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). + enable(inClusterProfile(Hypershift), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() - FeatureGateImageVolume = newFeatureGate("ImageVolume"). - reportProblemsToJiraComponent("Node"). - contactPerson("haircommander"). - productScope(kubernetes). - enhancementPR("https://github.com/openshift/enhancements/pull/1792"). - enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). - mustRegister() - FeatureGateNoRegistryClusterInstall = newFeatureGate("NoRegistryClusterInstall"). reportProblemsToJiraComponent("Installer / Agent based installation"). contactPerson("andfasano"). @@ -862,14 +825,6 @@ var ( enable(inClusterProfile(SelfManaged), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() - FeatureGateGCPClusterHostedDNSInstall = newFeatureGate("GCPClusterHostedDNSInstall"). - reportProblemsToJiraComponent("Installer"). - contactPerson("barbacbd"). - productScope(ocpSpecific). - enhancementPR("https://github.com/openshift/enhancements/pull/1468"). - enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). - mustRegister() - FeatureGateAWSClusterHostedDNSInstall = newFeatureGate("AWSClusterHostedDNSInstall"). reportProblemsToJiraComponent("Installer"). contactPerson("barbacbd"). @@ -945,7 +900,7 @@ var ( contactPerson("tjungblu"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1857"). - enable(inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). + enable(inDefault(), inOKD(), inTechPreviewNoUpgrade(), inDevPreviewNoUpgrade()). mustRegister() FeatureGateMutableCSINodeAllocatableCount = newFeatureGate("MutableCSINodeAllocatableCount"). @@ -1026,11 +981,35 @@ var ( enable(inDevPreviewNoUpgrade()). mustRegister() + FeatureGateAWSEuropeanSovereignCloudInstall = newFeatureGate("AWSEuropeanSovereignCloudInstall"). + reportProblemsToJiraComponent("Installer / openshift-installer"). + contactPerson("tthvo"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1952"). + enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). + mustRegister() + FeatureGateGatewayAPIWithoutOLM = newFeatureGate("GatewayAPIWithoutOLM"). reportProblemsToJiraComponent("Routing"). contactPerson("miciah"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1933"). - enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). + enable(inDefault(), inOKD(), inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). mustRegister() + + FeatureGateTLSAdherence = newFeatureGate("TLSAdherence"). + reportProblemsToJiraComponent("HPCASE / TLS Adherence"). + contactPerson("joelanford"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1910"). + enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). + mustRegister() + + FeatureGateConfidentialCluster = newFeatureGate("ConfidentialCluster"). + reportProblemsToJiraComponent("ConfidentialClusters"). + contactPerson("fjin"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1962"). + enable(inDevPreviewNoUpgrade()). + mustRegister() ) diff --git a/vendor/github.com/openshift/api/features/legacyfeaturegates.go b/vendor/github.com/openshift/api/features/legacyfeaturegates.go index a92c0b9bb9..a82089b9f7 100644 --- a/vendor/github.com/openshift/api/features/legacyfeaturegates.go +++ b/vendor/github.com/openshift/api/features/legacyfeaturegates.go @@ -33,8 +33,6 @@ var legacyFeatureGates = sets.New( // never add to this list, if you think you have an exception ask @deads2k "GCPClusterHostedDNS", // never add to this list, if you think you have an exception ask @deads2k - "GatewayAPI", - // never add to this list, if you think you have an exception ask @deads2k "HardwareSpeed", // never add to this list, if you think you have an exception ask @deads2k "ImageStreamImportMode", diff --git a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go index 53c71aabb6..52f5db78d5 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go @@ -163,7 +163,15 @@ type AWSCSIDriverConfigSpec struct { // kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, // rather than the default KMS key used by AWS. // The value may be either the ARN or Alias ARN of a KMS key. - // +kubebuilder:validation:Pattern:=`^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)\/.*$` + // + // The ARN must follow the format: arn::kms:::(key|alias)/, where: + // is the AWS partition (aws, aws-cn, aws-us-gov, aws-iso, aws-iso-b, aws-iso-e, aws-iso-f, or aws-eusc), + // is the AWS region, + // is a 12-digit numeric identifier for the AWS account, + // is the KMS key ID or alias name. + // + // +openshift:validation:FeatureGateAwareXValidation:featureGate="",rule=`matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.*$')`,message=`kmsKeyARN must be a valid AWS KMS key ARN in the format: arn::kms:::(key|alias)/` + // +openshift:validation:FeatureGateAwareXValidation:featureGate=AWSEuropeanSovereignCloudInstall,rule=`matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f|aws-eusc):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.*$')`,message=`kmsKeyARN must be a valid AWS KMS key ARN in the format: arn::kms:::(key|alias)/` // +optional KMSKeyARN string `json:"kmsKeyARN,omitempty"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_ingress.go b/vendor/github.com/openshift/api/operator/v1/types_ingress.go index d54352f2ce..0c5cf919e1 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/operator/v1/types_ingress.go @@ -2068,8 +2068,51 @@ type IngressControllerTuningOptions struct { // +kubebuilder:validation:Type:=string // +optional ReloadInterval metav1.Duration `json:"reloadInterval,omitempty"` + + // configurationManagement specifies how OpenShift router should update + // the HAProxy configuration. The following values are valid for this + // field: + // + // * "ForkAndReload". + // * "Dynamic". + // + // Omitting this field means that the user has no opinion and the + // platform may choose a reasonable default. This default is subject to + // change over time. The current default is "ForkAndReload". + // + // "ForkAndReload" means that OpenShift router should rewrite the + // HAProxy configuration file and instruct HAProxy to fork and reload. + // This is OpenShift router's traditional approach. + // + // "Dynamic" means that OpenShift router may use HAProxy's control + // socket for some configuration updates and fall back to fork and + // reload for other configuration updates. This is a newer approach, + // which may be less mature than ForkAndReload. This setting can + // improve load-balancing fairness and metrics accuracy and reduce CPU + // and memory usage if HAProxy has frequent configuration updates for + // route and endpoints updates. + // + // Note: The "Dynamic" option is currently experimental and should not + // be enabled on production clusters. + // + // +openshift:enable:FeatureGate=IngressControllerDynamicConfigurationManager + // +optional + ConfigurationManagement IngressControllerConfigurationManagement `json:"configurationManagement,omitempty"` } +// IngressControllerConfigurationManagement specifies whether always to use +// fork-and-reload to update the HAProxy configuration or whether to use +// HAProxy's control socket for some configuration updates. +// +// +enum +// +kubebuilder:validation:Enum=Dynamic;ForkAndReload +type IngressControllerConfigurationManagement string + +const ( + IngressControllerConfigurationManagementDynamic IngressControllerConfigurationManagement = "Dynamic" + IngressControllerConfigurationManagementForkAndReload IngressControllerConfigurationManagement = "ForkAndReload" +) + // HTTPEmptyRequestsPolicy indicates how HTTP connections for which no request // is received should be handled. // +kubebuilder:validation:Enum=Respond;Ignore diff --git a/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go b/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go index f5836af0f8..f0c1e01c78 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go +++ b/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go @@ -47,7 +47,6 @@ type MachineConfigurationSpec struct { // and the platform is left to choose a reasonable default, which is subject to change over time. // The default for each machine manager mode is All for GCP and AWS platforms, and None for all // other platforms. - // +openshift:enable:FeatureGate=ManagedBootImages // +optional ManagedBootImages ManagedBootImages `json:"managedBootImages"` @@ -288,7 +287,6 @@ type MachineConfigurationStatus struct { // managedBootImagesStatus reflects what the latest cluster-validated boot image configuration is // and will be used by Machine Config Controller while performing boot image updates. - // +openshift:enable:FeatureGate=ManagedBootImages // +optional ManagedBootImagesStatus ManagedBootImages `json:"managedBootImagesStatus"` @@ -367,7 +365,7 @@ type ManagedBootImages struct { // MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information // such as the resource type and the API Group of the resource. It also provides granular control via the selection field. -// +openshift:validation:FeatureGateAwareXValidation:requiredFeatureGate=ManagedBootImages;ManagedBootImagesCPMS,rule="self.resource != 'controlplanemachinesets' || self.selection.mode == 'All' || self.selection.mode == 'None'", message="Only All or None selection mode is permitted for ControlPlaneMachineSets" +// +openshift:validation:FeatureGateAwareXValidation:requiredFeatureGate=ManagedBootImagesCPMS,rule="self.resource != 'controlplanemachinesets' || self.selection.mode == 'All' || self.selection.mode == 'None'", message="Only All or None selection mode is permitted for ControlPlaneMachineSets" type MachineManager struct { // resource is the machine management resource's type. // Valid values are machinesets and controlplanemachinesets. @@ -431,8 +429,8 @@ const ( // MachineManagerManagedResourceType is a string enum used in the MachineManager type to describe the resource // type to be registered. -// +openshift:validation:FeatureGateAwareEnum:requiredFeatureGate=ManagedBootImages,enum=machinesets -// +openshift:validation:FeatureGateAwareEnum:requiredFeatureGate=ManagedBootImages;ManagedBootImagesCPMS,enum=machinesets;controlplanemachinesets +// +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=machinesets +// +openshift:validation:FeatureGateAwareEnum:featureGate=ManagedBootImagesCPMS,enum=machinesets;controlplanemachinesets type MachineManagerMachineSetsResourceType string const ( diff --git a/vendor/github.com/openshift/api/operator/v1/types_network.go b/vendor/github.com/openshift/api/operator/v1/types_network.go index 1cf56f549b..cd2e2f9e38 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_network.go +++ b/vendor/github.com/openshift/api/operator/v1/types_network.go @@ -398,6 +398,12 @@ type OpenShiftSDNConfig struct { // ovnKubernetesConfig contains the configuration parameters for networks // using the ovn-kubernetes network project +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="self.?transport.orValue('') == 'NoOverlay' ? self.?routeAdvertisements.orValue('') == 'Enabled' : true",message="routeAdvertisements must be Enabled when transport is NoOverlay" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="self.?transport.orValue('') == 'NoOverlay' ? has(self.noOverlayConfig) : !has(self.noOverlayConfig)",message="noOverlayConfig must be set if transport is NoOverlay, and is forbidden otherwise" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="self.?noOverlayConfig.routing.orValue('') == 'Managed' ? has(self.bgpManagedConfig) : true",message="bgpManagedConfig is required when noOverlayConfig.routing is Managed" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="!has(self.transport) || self.transport == 'Geneve' || has(oldSelf.transport)",message="transport can only be set to Geneve after installation" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="!has(oldSelf.transport) || has(self.transport)",message="transport may not be removed once set" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="!has(oldSelf.noOverlayConfig) || has(self.noOverlayConfig)",message="noOverlayConfig may not be removed once set" type OVNKubernetesConfig struct { // mtu is the MTU to use for the tunnel interface. This must be 100 // bytes smaller than the uplink mtu. @@ -466,6 +472,38 @@ type OVNKubernetesConfig struct { // current default is "Disabled". // +optional RouteAdvertisements RouteAdvertisementsEnablement `json:"routeAdvertisements,omitempty"` + + // transport sets the transport mode for pods on the default network. + // Allowed values are "NoOverlay" and "Geneve". + // "NoOverlay" avoids tunnel encapsulation, routing pod traffic directly between nodes. + // "Geneve" encapsulates pod traffic using Geneve tunnels between nodes. + // When omitted, this means the user has no opinion and the platform chooses + // a reasonable default which is subject to change over time. + // The current default is "Geneve". + // "NoOverlay" can only be set at installation time and cannot be changed afterwards. + // "Geneve" may be set explicitly at any time to lock in the current default. + // +openshift:enable:FeatureGate=NoOverlayMode + // +kubebuilder:validation:Enum=NoOverlay;Geneve + // +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="self == oldSelf",message="transport is immutable once set" + // +optional + Transport TransportOption `json:"transport,omitempty"` + + // noOverlayConfig contains configuration for no-overlay mode. + // This configuration applies to the default network only. + // It is required when transport is "NoOverlay". + // When omitted, this means the user does not configure no-overlay mode options. + // +openshift:enable:FeatureGate=NoOverlayMode + // +optional + NoOverlayConfig NoOverlayConfig `json:"noOverlayConfig,omitzero,omitempty"` + + // bgpManagedConfig configures the BGP properties for networks (default network or CUDNs) + // in no-overlay mode that specify routing="Managed" in their noOverlayConfig. + // It is required when noOverlayConfig.routing is set to "Managed". + // When omitted, this means the user does not configure BGP for managed routing. + // This field can be set at installation time or on day 2, and can be modified at any time. + // +openshift:enable:FeatureGate=NoOverlayMode + // +optional + BGPManagedConfig BGPManagedConfig `json:"bgpManagedConfig,omitzero,omitempty"` } type IPv4OVNKubernetesConfig struct { @@ -896,3 +934,80 @@ type AdditionalRoutingCapabilities struct { // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x == y))" Providers []RoutingCapabilitiesProvider `json:"providers"` } + +// TransportOption is the type for network transport options +type TransportOption string + +// SNATOption is the type for SNAT configuration options +type SNATOption string + +// RoutingOption is the type for routing configuration options +type RoutingOption string + +// BGPTopology is the type for BGP topology configuration +type BGPTopology string + +const ( + // TransportOptionNoOverlay indicates the network operates in no-overlay mode + TransportOptionNoOverlay TransportOption = "NoOverlay" + // TransportOptionGeneve indicates the network uses Geneve overlay + TransportOptionGeneve TransportOption = "Geneve" + + // SNATEnabled indicates outbound SNAT is enabled + SNATEnabled SNATOption = "Enabled" + // SNATDisabled indicates outbound SNAT is disabled + SNATDisabled SNATOption = "Disabled" + + // RoutingManaged indicates routing is managed by OVN-Kubernetes + RoutingManaged RoutingOption = "Managed" + // RoutingUnmanaged indicates routing is managed by users + RoutingUnmanaged RoutingOption = "Unmanaged" + + // BGPTopologyFullMesh indicates a full mesh BGP topology where every node peers directly with every other node + BGPTopologyFullMesh BGPTopology = "FullMesh" +) + +// NoOverlayConfig contains configuration options for networks operating in no-overlay mode. +type NoOverlayConfig struct { + // outboundSNAT defines the SNAT behavior for outbound traffic from pods. + // Allowed values are "Enabled" and "Disabled". + // When set to "Enabled", SNAT is performed on outbound traffic from pods. + // When set to "Disabled", SNAT is not performed and pod IPs are preserved in outbound traffic. + // This field is required when the network operates in no-overlay mode. + // This field can be set to any value at installation time and can be changed afterwards. + // +kubebuilder:validation:Enum=Enabled;Disabled + // +required + OutboundSNAT SNATOption `json:"outboundSNAT,omitempty"` + + // routing specifies whether the pod network routing is managed by OVN-Kubernetes or users. + // Allowed values are "Managed" and "Unmanaged". + // When set to "Managed", OVN-Kubernetes manages the pod network routing configuration through BGP. + // When set to "Unmanaged", users are responsible for configuring the pod network routing. + // This field is required when the network operates in no-overlay mode. + // This field is immutable once set. + // +kubebuilder:validation:Enum=Managed;Unmanaged + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="routing is immutable once set" + // +required + Routing RoutingOption `json:"routing,omitempty"` +} + +// BGPManagedConfig contains configuration options for BGP when routing is "Managed". +type BGPManagedConfig struct { + // asNumber is the 2-byte or 4-byte Autonomous System Number (ASN) + // to be used in the generated FRR configuration. + // Valid values are 1 to 4294967295. + // When omitted, this defaults to 64512. + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=4294967295 + // +default=64512 + // +optional + ASNumber int64 `json:"asNumber,omitempty"` + + // bgpTopology defines the BGP topology to be used. + // Allowed values are "FullMesh". + // When set to "FullMesh", every node peers directly with every other node via BGP. + // This field is required when BGPManagedConfig is specified. + // +kubebuilder:validation:Enum=FullMesh + // +required + BGPTopology BGPTopology `json:"bgpTopology,omitempty"` +} diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go index 3bc6b81de4..3d3c8f4f82 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go @@ -390,6 +390,22 @@ func (in *AzureDiskEncryptionSet) DeepCopy() *AzureDiskEncryptionSet { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BGPManagedConfig) DeepCopyInto(out *BGPManagedConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BGPManagedConfig. +func (in *BGPManagedConfig) DeepCopy() *BGPManagedConfig { + if in == nil { + return nil + } + out := new(BGPManagedConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BootImageSkewEnforcementConfig) DeepCopyInto(out *BootImageSkewEnforcementConfig) { *out = *in @@ -3665,6 +3681,22 @@ func (in *NetworkStatus) DeepCopy() *NetworkStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NoOverlayConfig) DeepCopyInto(out *NoOverlayConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NoOverlayConfig. +func (in *NoOverlayConfig) DeepCopy() *NoOverlayConfig { + if in == nil { + return nil + } + out := new(NoOverlayConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodeDisruptionPolicyClusterStatus) DeepCopyInto(out *NodeDisruptionPolicyClusterStatus) { *out = *in @@ -4158,6 +4190,8 @@ func (in *OVNKubernetesConfig) DeepCopyInto(out *OVNKubernetesConfig) { *out = new(IPv6OVNKubernetesConfig) **out = **in } + out.NoOverlayConfig = in.NoOverlayConfig + out.BGPManagedConfig = in.BGPManagedConfig return } diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml index 51a758804d..aaf0972908 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml @@ -69,6 +69,7 @@ clustercsidrivers.operator.openshift.io: Capability: "" Category: "" FeatureGates: + - AWSEuropeanSovereignCloudInstall - VSphereConfigurableMaxAllowedBlockVolumesPerNode FilenameOperatorName: csi-driver FilenameOperatorOrdering: "01" @@ -175,7 +176,8 @@ ingresscontrollers.operator.openshift.io: CRDName: ingresscontrollers.operator.openshift.io Capability: Ingress Category: "" - FeatureGates: [] + FeatureGates: + - IngressControllerDynamicConfigurationManager FilenameOperatorName: ingress FilenameOperatorOrdering: "00" FilenameRunLevel: "0000_50" @@ -305,8 +307,7 @@ machineconfigurations.operator.openshift.io: FeatureGates: - BootImageSkewEnforcement - IrreconcilableMachineConfig - - ManagedBootImages - - ManagedBootImages+ManagedBootImagesCPMS + - ManagedBootImagesCPMS FilenameOperatorName: machine-config FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_80" @@ -327,7 +328,8 @@ networks.operator.openshift.io: CRDName: networks.operator.openshift.io Capability: "" Category: "" - FeatureGates: [] + FeatureGates: + - NoOverlayMode FilenameOperatorName: network FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_70" diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index 64aac26eb3..c3ed726028 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -466,7 +466,7 @@ func (Theme) SwaggerDoc() map[string]string { var map_AWSCSIDriverConfigSpec = map[string]string{ "": "AWSCSIDriverConfigSpec defines properties that can be configured for the AWS CSI driver.", - "kmsKeyARN": "kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, rather than the default KMS key used by AWS. The value may be either the ARN or Alias ARN of a KMS key.", + "kmsKeyARN": "kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, rather than the default KMS key used by AWS. The value may be either the ARN or Alias ARN of a KMS key.\n\nThe ARN must follow the format: arn::kms:::(key|alias)/, where: is the AWS partition (aws, aws-cn, aws-us-gov, aws-iso, aws-iso-b, aws-iso-e, aws-iso-f, or aws-eusc), is the AWS region, is a 12-digit numeric identifier for the AWS account, is the KMS key ID or alias name.", "efsVolumeMetrics": "efsVolumeMetrics sets the configuration for collecting metrics from EFS volumes used by the EFS CSI Driver.", } @@ -1121,6 +1121,7 @@ var map_IngressControllerTuningOptions = map[string]string{ "healthCheckInterval": "healthCheckInterval defines how long the router waits between two consecutive health checks on its configured backends. This value is applied globally as a default for all routes, but may be overridden per-route by the route annotation \"router.openshift.io/haproxy.health.check.interval\".\n\nExpects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nSetting this to less than 5s can cause excess traffic due to too frequent TCP health checks and accompanying SYN packet storms. Alternatively, setting this too high can result in increased latency, due to backend servers that are no longer available, but haven't yet been detected as such.\n\nAn empty or zero healthCheckInterval means no opinion and IngressController chooses a default, which is subject to change over time. Currently the default healthCheckInterval value is 5s.\n\nCurrently the minimum allowed value is 1s and the maximum allowed value is 2147483647ms (24.85 days). Both are subject to change over time.", "maxConnections": "maxConnections defines the maximum number of simultaneous connections that can be established per HAProxy process. Increasing this value allows each ingress controller pod to handle more connections but at the cost of additional system resources being consumed.\n\nPermitted values are: empty, 0, -1, and the range 2000-2000000.\n\nIf this field is empty or 0, the IngressController will use the default value of 50000, but the default is subject to change in future releases.\n\nIf the value is -1 then HAProxy will dynamically compute a maximum value based on the available ulimits in the running container. Selecting -1 (i.e., auto) will result in a large value being computed (~520000 on OpenShift >=4.10 clusters) and therefore each HAProxy process will incur significant memory usage compared to the current default of 50000.\n\nSetting a value that is greater than the current operating system limit will prevent the HAProxy process from starting.\n\nIf you choose a discrete value (e.g., 750000) and the router pod is migrated to a new node, there's no guarantee that that new node has identical ulimits configured. In such a scenario the pod would fail to start. If you have nodes with different ulimits configured (e.g., different tuned profiles) and you choose a discrete value then the guidance is to use -1 and let the value be computed dynamically at runtime.\n\nYou can monitor memory usage for router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}'.\n\nYou can monitor memory usage of individual HAProxy processes in router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}/container_processes{container=\"router\",namespace=\"openshift-ingress\"}'.", "reloadInterval": "reloadInterval defines the minimum interval at which the router is allowed to reload to accept new changes. Increasing this value can prevent the accumulation of HAProxy processes, depending on the scenario. Increasing this interval can also lessen load imbalance on a backend's servers when using the roundrobin balancing algorithm. Alternatively, decreasing this value may decrease latency since updates to HAProxy's configuration can take effect more quickly.\n\nThe value must be a time duration value; see . Currently, the minimum value allowed is 1s, and the maximum allowed value is 120s. Minimum and maximum allowed values may change in future versions of OpenShift. Note that if a duration outside of these bounds is provided, the value of reloadInterval will be capped/floored and not rejected (e.g. a duration of over 120s will be capped to 120s; the IngressController will not reject and replace this disallowed value with the default).\n\nA zero value for reloadInterval tells the IngressController to choose the default, which is currently 5s and subject to change without notice.\n\nThis field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nNote: Setting a value significantly larger than the default of 5s can cause latency in observing updates to routes and their endpoints. HAProxy's configuration will be reloaded less frequently, and newly created routes will not be served until the subsequent reload.", + "configurationManagement": "configurationManagement specifies how OpenShift router should update the HAProxy configuration. The following values are valid for this field:\n\n* \"ForkAndReload\". * \"Dynamic\".\n\nOmitting this field means that the user has no opinion and the platform may choose a reasonable default. This default is subject to change over time. The current default is \"ForkAndReload\".\n\n\"ForkAndReload\" means that OpenShift router should rewrite the HAProxy configuration file and instruct HAProxy to fork and reload. This is OpenShift router's traditional approach.\n\n\"Dynamic\" means that OpenShift router may use HAProxy's control socket for some configuration updates and fall back to fork and reload for other configuration updates. This is a newer approach, which may be less mature than ForkAndReload. This setting can improve load-balancing fairness and metrics accuracy and reduce CPU and memory usage if HAProxy has frequent configuration updates for route and endpoints updates.\n\nNote: The \"Dynamic\" option is currently experimental and should not be enabled on production clusters.", } func (IngressControllerTuningOptions) SwaggerDoc() map[string]string { @@ -1669,6 +1670,16 @@ func (AdditionalRoutingCapabilities) SwaggerDoc() map[string]string { return map_AdditionalRoutingCapabilities } +var map_BGPManagedConfig = map[string]string{ + "": "BGPManagedConfig contains configuration options for BGP when routing is \"Managed\".", + "asNumber": "asNumber is the 2-byte or 4-byte Autonomous System Number (ASN) to be used in the generated FRR configuration. Valid values are 1 to 4294967295. When omitted, this defaults to 64512.", + "bgpTopology": "bgpTopology defines the BGP topology to be used. Allowed values are \"FullMesh\". When set to \"FullMesh\", every node peers directly with every other node via BGP. This field is required when BGPManagedConfig is specified.", +} + +func (BGPManagedConfig) SwaggerDoc() map[string]string { + return map_BGPManagedConfig +} + var map_ClusterNetworkEntry = map[string]string{ "": "ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks", } @@ -1896,6 +1907,16 @@ func (NetworkStatus) SwaggerDoc() map[string]string { return map_NetworkStatus } +var map_NoOverlayConfig = map[string]string{ + "": "NoOverlayConfig contains configuration options for networks operating in no-overlay mode.", + "outboundSNAT": "outboundSNAT defines the SNAT behavior for outbound traffic from pods. Allowed values are \"Enabled\" and \"Disabled\". When set to \"Enabled\", SNAT is performed on outbound traffic from pods. When set to \"Disabled\", SNAT is not performed and pod IPs are preserved in outbound traffic. This field is required when the network operates in no-overlay mode. This field can be set to any value at installation time and can be changed afterwards.", + "routing": "routing specifies whether the pod network routing is managed by OVN-Kubernetes or users. Allowed values are \"Managed\" and \"Unmanaged\". When set to \"Managed\", OVN-Kubernetes manages the pod network routing configuration through BGP. When set to \"Unmanaged\", users are responsible for configuring the pod network routing. This field is required when the network operates in no-overlay mode. This field is immutable once set.", +} + +func (NoOverlayConfig) SwaggerDoc() map[string]string { + return map_NoOverlayConfig +} + var map_OVNKubernetesConfig = map[string]string{ "": "ovnKubernetesConfig contains the configuration parameters for networks using the ovn-kubernetes network project", "mtu": "mtu is the MTU to use for the tunnel interface. This must be 100 bytes smaller than the uplink mtu. Default is 1400", @@ -1910,6 +1931,9 @@ var map_OVNKubernetesConfig = map[string]string{ "ipv4": "ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", "ipv6": "ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", "routeAdvertisements": "routeAdvertisements determines if the functionality to advertise cluster network routes through a dynamic routing protocol, such as BGP, is enabled or not. This functionality is configured through the ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing capability provider to be enabled as an additional routing capability. Allowed values are \"Enabled\", \"Disabled\" and ommited. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is \"Disabled\".", + "transport": "transport sets the transport mode for pods on the default network. Allowed values are \"NoOverlay\" and \"Geneve\". \"NoOverlay\" avoids tunnel encapsulation, routing pod traffic directly between nodes. \"Geneve\" encapsulates pod traffic using Geneve tunnels between nodes. When omitted, this means the user has no opinion and the platform chooses a reasonable default which is subject to change over time. The current default is \"Geneve\". \"NoOverlay\" can only be set at installation time and cannot be changed afterwards. \"Geneve\" may be set explicitly at any time to lock in the current default.", + "noOverlayConfig": "noOverlayConfig contains configuration for no-overlay mode. This configuration applies to the default network only. It is required when transport is \"NoOverlay\". When omitted, this means the user does not configure no-overlay mode options.", + "bgpManagedConfig": "bgpManagedConfig configures the BGP properties for networks (default network or CUDNs) in no-overlay mode that specify routing=\"Managed\" in their noOverlayConfig. It is required when noOverlayConfig.routing is set to \"Managed\". When omitted, this means the user does not configure BGP for managed routing. This field can be set at installation time or on day 2, and can be modified at any time.", } func (OVNKubernetesConfig) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/types_clusterapi.go b/vendor/github.com/openshift/api/operator/v1alpha1/types_clusterapi.go index 5816f93628..719893f8a5 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/types_clusterapi.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/types_clusterapi.go @@ -20,6 +20,7 @@ import ( // Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. // +openshift:compatibility-gen:level=4 // +kubebuilder:validation:XValidation:rule="self.metadata.name == 'cluster'",message="clusterapi is a singleton, .metadata.name must be 'cluster'" +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.status) || has(self.status)",message="status may not be removed once set" type ClusterAPI struct { metav1.TypeMeta `json:",inline"` @@ -78,6 +79,7 @@ type RevisionName string // ClusterAPIStatus describes the current state of the capi-operator. // +kubebuilder:validation:XValidation:rule="self.revisions.exists(r, r.name == self.desiredRevision && self.revisions.all(s, s.revision <= r.revision))",message="desiredRevision must be the name of the revision with the highest revision number" // +kubebuilder:validation:XValidation:rule="!has(self.currentRevision) || self.revisions.exists(r, r.name == self.currentRevision)",message="currentRevision must correspond to an entry in the revisions list" +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.observedRevisionGeneration) || has(self.observedRevisionGeneration)",message="observedRevisionGeneration may not be unset once set" type ClusterAPIStatus struct { // currentRevision is the name of the most recently fully applied revision. // It is written by the installer controller. If it is absent, it indicates @@ -111,6 +113,15 @@ type ClusterAPIStatus struct { // +kubebuilder:validation:XValidation:rule="self.all(new, oldSelf.exists(old, old.name == new.name) || oldSelf.all(old, new.revision > old.revision))",message="new revisions must have a revision number greater than all existing revisions" // +kubebuilder:validation:XValidation:rule="oldSelf.all(old, !self.exists(new, new.name == old.name) || self.exists(new, new == old))",message="existing revisions are immutable, but may be removed" Revisions []ClusterAPIInstallerRevision `json:"revisions,omitempty"` + + // observedRevisionGeneration is the generation of the ClusterAPI object that was last observed by the revision controller. + // If specified it must be greater than or equal to 1, and less than 2^53. It may not decrease or be unset once set. + // + // +optional + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=9007199254740991 + // +kubebuilder:validation:XValidation:rule="self >= oldSelf",message="observedRevisionGeneration may not decrease" + ObservedRevisionGeneration int64 `json:"observedRevisionGeneration,omitempty"` } // +structType=atomic @@ -144,6 +155,17 @@ type ClusterAPIInstallerRevision struct { // +optional UnmanagedCustomResourceDefinitions []string `json:"unmanagedCustomResourceDefinitions,omitempty"` + // manifestSubstitutions is a list of envsubst style substitutions which + // will be applied to manifests in the revision during rendering. If + // defined it must not be empty, and may not contain more than 32 items. + // Each manifest substitution must have a unique key. + // +optional + // +listType=map + // +listMapKey=key + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=32 + ManifestSubstitutions []ClusterAPIInstallerRevisionManifestSubstitution `json:"manifestSubstitutions,omitempty"` + // components is a list of components which will be installed by this // revision. Components will be installed in the order they are listed. If // omitted no components will be installed. @@ -157,6 +179,29 @@ type ClusterAPIInstallerRevision struct { Components []ClusterAPIInstallerComponent `json:"components,omitempty"` } +// ClusterAPIInstallerRevisionManifestSubstitution defines an envsubst style +// substitution which will be applied to manifests in a revision during +// rendering. +type ClusterAPIInstallerRevisionManifestSubstitution struct { + // key is the name of the envsubst variable to substitute. It must be a + // valid envsubst variable name, consisting of letters, digits, and + // underscores, and must start with a letter or underscore. The key must + // not be empty, and must not exceed 255 characters. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:XValidation:rule="self.matches('^[A-Za-z_][A-Za-z0-9_]*$')",message="key must start with a letter or underscore, followed by letters, digits, or underscores" + Key string `json:"key,omitempty"` + + // value is the value to substitute for the envsubst variable. It may be + // empty, in which case the variable will be substituted with an empty + // string. The value must not exceed 4096 characters. + // +required + // +kubebuilder:validation:MinLength=0 + // +kubebuilder:validation:MaxLength=4096 + Value *string `json:"value,omitempty"` +} + // InstallerComponentType is the type of component to install. // +kubebuilder:validation:Enum=Image // +enum @@ -168,9 +213,24 @@ const ( ) // ClusterAPIInstallerComponent defines a component which will be installed by this revision. +type ClusterAPIInstallerComponent struct { + // name is the human-readable name of the component. The value has no + // effect, and will not be set if the component does not define a name in + // its manifests. If set it must consist of alphanumeric characters, or + // '-', and may not exceed 255 characters. + // +optional + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:XValidation:rule="self.matches('^[A-Za-z0-9-]+$')",message="name must consist of alphanumeric characters or '-'" + Name string `json:"name,omitempty"` + + ClusterAPIInstallerComponentSource `json:",inline"` +} + +// ClusterAPIInstallerComponentSource defines the source of a component which will be installed by this revision. // +union // +kubebuilder:validation:XValidation:rule="self.type == 'Image' ? has(self.image) : !has(self.image)",message="image is required when type is Image, and forbidden otherwise" -type ClusterAPIInstallerComponent struct { +type ClusterAPIInstallerComponentSource struct { // type is the source type of the component. // The only valid value is Image. // When set to Image, the image field must be set and will define an image source for the component. diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.crd-manifests/0000_30_cluster-api_01_clusterapis.crd.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.crd-manifests/0000_30_cluster-api_01_clusterapis.crd.yaml index 6516a3ef0d..67d384d3eb 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.crd-manifests/0000_30_cluster-api_01_clusterapis.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.crd-manifests/0000_30_cluster-api_01_clusterapis.crd.yaml @@ -106,6 +106,17 @@ spec: maxLength: 255 minLength: 1 type: string + observedRevisionGeneration: + description: |- + observedRevisionGeneration is the generation of the ClusterAPI object that was last observed by the revision controller. + If specified it must be greater than or equal to 1, and less than 2^53. It may not decrease or be unset once set. + format: int64 + maximum: 9007199254740991 + minimum: 1 + type: integer + x-kubernetes-validations: + - message: observedRevisionGeneration may not decrease + rule: self >= oldSelf revisions: description: |- revisions is a list of all currently active revisions. A revision is @@ -168,6 +179,19 @@ spec: - profile - ref type: object + name: + description: |- + name is the human-readable name of the component. The value has no + effect, and will not be set if the component does not define a name in + its manifests. If set it must consist of alphanumeric characters, or + '-', and may not exceed 255 characters. + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: name must consist of alphanumeric characters + or '-' + rule: self.matches('^[A-Za-z0-9-]+$') type: description: |- type is the source type of the component. @@ -194,6 +218,49 @@ spec: maxLength: 255 minLength: 1 type: string + manifestSubstitutions: + description: |- + manifestSubstitutions is a list of envsubst style substitutions which + will be applied to manifests in the revision during rendering. If + defined it must not be empty, and may not contain more than 32 items. + Each manifest substitution must have a unique key. + items: + description: |- + ClusterAPIInstallerRevisionManifestSubstitution defines an envsubst style + substitution which will be applied to manifests in a revision during + rendering. + properties: + key: + description: |- + key is the name of the envsubst variable to substitute. It must be a + valid envsubst variable name, consisting of letters, digits, and + underscores, and must start with a letter or underscore. The key must + not be empty, and must not exceed 255 characters. + maxLength: 255 + minLength: 1 + type: string + x-kubernetes-validations: + - message: key must start with a letter or underscore, + followed by letters, digits, or underscores + rule: self.matches('^[A-Za-z_][A-Za-z0-9_]*$') + value: + description: |- + value is the value to substitute for the envsubst variable. It may be + empty, in which case the variable will be substituted with an empty + string. The value must not exceed 4096 characters. + maxLength: 4096 + minLength: 0 + type: string + required: + - key + - value + type: object + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map name: description: name is the name of a revision. maxLength: 255 @@ -259,6 +326,8 @@ spec: list rule: '!has(self.currentRevision) || self.revisions.exists(r, r.name == self.currentRevision)' + - message: observedRevisionGeneration may not be unset once set + rule: '!has(oldSelf.observedRevisionGeneration) || has(self.observedRevisionGeneration)' required: - metadata - spec @@ -266,6 +335,8 @@ spec: x-kubernetes-validations: - message: clusterapi is a singleton, .metadata.name must be 'cluster' rule: self.metadata.name == 'cluster' + - message: status may not be removed once set + rule: '!has(oldSelf.status) || has(self.status)' served: true storage: true subresources: diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go index 1f3fd281e1..3c3dc8e7a5 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go @@ -61,7 +61,7 @@ func (in *ClusterAPI) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterAPIInstallerComponent) DeepCopyInto(out *ClusterAPIInstallerComponent) { *out = *in - out.Image = in.Image + out.ClusterAPIInstallerComponentSource = in.ClusterAPIInstallerComponentSource return } @@ -91,6 +91,23 @@ func (in *ClusterAPIInstallerComponentImage) DeepCopy() *ClusterAPIInstallerComp return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterAPIInstallerComponentSource) DeepCopyInto(out *ClusterAPIInstallerComponentSource) { + *out = *in + out.Image = in.Image + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAPIInstallerComponentSource. +func (in *ClusterAPIInstallerComponentSource) DeepCopy() *ClusterAPIInstallerComponentSource { + if in == nil { + return nil + } + out := new(ClusterAPIInstallerComponentSource) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterAPIInstallerRevision) DeepCopyInto(out *ClusterAPIInstallerRevision) { *out = *in @@ -99,6 +116,13 @@ func (in *ClusterAPIInstallerRevision) DeepCopyInto(out *ClusterAPIInstallerRevi *out = make([]string, len(*in)) copy(*out, *in) } + if in.ManifestSubstitutions != nil { + in, out := &in.ManifestSubstitutions, &out.ManifestSubstitutions + *out = make([]ClusterAPIInstallerRevisionManifestSubstitution, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Components != nil { in, out := &in.Components, &out.Components *out = make([]ClusterAPIInstallerComponent, len(*in)) @@ -117,6 +141,27 @@ func (in *ClusterAPIInstallerRevision) DeepCopy() *ClusterAPIInstallerRevision { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterAPIInstallerRevisionManifestSubstitution) DeepCopyInto(out *ClusterAPIInstallerRevisionManifestSubstitution) { + *out = *in + if in.Value != nil { + in, out := &in.Value, &out.Value + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAPIInstallerRevisionManifestSubstitution. +func (in *ClusterAPIInstallerRevisionManifestSubstitution) DeepCopy() *ClusterAPIInstallerRevisionManifestSubstitution { + if in == nil { + return nil + } + out := new(ClusterAPIInstallerRevisionManifestSubstitution) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterAPIList) DeepCopyInto(out *ClusterAPIList) { *out = *in diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go index 92cef1421a..bf4117768d 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go @@ -147,9 +147,8 @@ func (ClusterAPI) SwaggerDoc() map[string]string { } var map_ClusterAPIInstallerComponent = map[string]string{ - "": "ClusterAPIInstallerComponent defines a component which will be installed by this revision.", - "type": "type is the source type of the component. The only valid value is Image. When set to Image, the image field must be set and will define an image source for the component.", - "image": "image defines an image source for a component. The image must contain a /capi-operator-installer directory containing the component manifests.", + "": "ClusterAPIInstallerComponent defines a component which will be installed by this revision.", + "name": "name is the human-readable name of the component. The value has no effect, and will not be set if the component does not define a name in its manifests. If set it must consist of alphanumeric characters, or '-', and may not exceed 255 characters.", } func (ClusterAPIInstallerComponent) SwaggerDoc() map[string]string { @@ -166,11 +165,22 @@ func (ClusterAPIInstallerComponentImage) SwaggerDoc() map[string]string { return map_ClusterAPIInstallerComponentImage } +var map_ClusterAPIInstallerComponentSource = map[string]string{ + "": "ClusterAPIInstallerComponentSource defines the source of a component which will be installed by this revision.", + "type": "type is the source type of the component. The only valid value is Image. When set to Image, the image field must be set and will define an image source for the component.", + "image": "image defines an image source for a component. The image must contain a /capi-operator-installer directory containing the component manifests.", +} + +func (ClusterAPIInstallerComponentSource) SwaggerDoc() map[string]string { + return map_ClusterAPIInstallerComponentSource +} + var map_ClusterAPIInstallerRevision = map[string]string{ "name": "name is the name of a revision.", "revision": "revision is a monotonically increasing number that is assigned to a revision.", "contentID": "contentID uniquely identifies the content of this revision. The contentID must be between 1 and 255 characters long.", "unmanagedCustomResourceDefinitions": "unmanagedCustomResourceDefinitions is a list of the names of ClusterResourceDefinition (CRD) objects which are included in this revision, but which should not be installed or updated. If not set, all CRDs in the revision will be managed by the CAPI operator.", + "manifestSubstitutions": "manifestSubstitutions is a list of envsubst style substitutions which will be applied to manifests in the revision during rendering. If defined it must not be empty, and may not contain more than 32 items. Each manifest substitution must have a unique key.", "components": "components is a list of components which will be installed by this revision. Components will be installed in the order they are listed. If omitted no components will be installed.\n\nThe maximum number of components is 32.", } @@ -178,6 +188,16 @@ func (ClusterAPIInstallerRevision) SwaggerDoc() map[string]string { return map_ClusterAPIInstallerRevision } +var map_ClusterAPIInstallerRevisionManifestSubstitution = map[string]string{ + "": "ClusterAPIInstallerRevisionManifestSubstitution defines an envsubst style substitution which will be applied to manifests in a revision during rendering.", + "key": "key is the name of the envsubst variable to substitute. It must be a valid envsubst variable name, consisting of letters, digits, and underscores, and must start with a letter or underscore. The key must not be empty, and must not exceed 255 characters.", + "value": "value is the value to substitute for the envsubst variable. It may be empty, in which case the variable will be substituted with an empty string. The value must not exceed 4096 characters.", +} + +func (ClusterAPIInstallerRevisionManifestSubstitution) SwaggerDoc() map[string]string { + return map_ClusterAPIInstallerRevisionManifestSubstitution +} + var map_ClusterAPIList = map[string]string{ "": "ClusterAPIList contains a list of ClusterAPI configurations\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", @@ -198,10 +218,11 @@ func (ClusterAPISpec) SwaggerDoc() map[string]string { } var map_ClusterAPIStatus = map[string]string{ - "": "ClusterAPIStatus describes the current state of the capi-operator.", - "currentRevision": "currentRevision is the name of the most recently fully applied revision. It is written by the installer controller. If it is absent, it indicates that no revision has been fully applied yet. If set, currentRevision must correspond to an entry in the revisions list.", - "desiredRevision": "desiredRevision is the name of the desired revision. It is written by the revision controller. It must be set to the name of the entry in the revisions list with the highest revision number.", - "revisions": "revisions is a list of all currently active revisions. A revision is active until the installer controller updates currentRevision to a later revision. It is written by the revision controller.\n\nThe maximum number of revisions is 16. All revisions must have a unique name. All revisions must have a unique revision number. When adding a revision, the revision number must be greater than the highest revision number in the list. Revisions are immutable, although they can be deleted.", + "": "ClusterAPIStatus describes the current state of the capi-operator.", + "currentRevision": "currentRevision is the name of the most recently fully applied revision. It is written by the installer controller. If it is absent, it indicates that no revision has been fully applied yet. If set, currentRevision must correspond to an entry in the revisions list.", + "desiredRevision": "desiredRevision is the name of the desired revision. It is written by the revision controller. It must be set to the name of the entry in the revisions list with the highest revision number.", + "revisions": "revisions is a list of all currently active revisions. A revision is active until the installer controller updates currentRevision to a later revision. It is written by the revision controller.\n\nThe maximum number of revisions is 16. All revisions must have a unique name. All revisions must have a unique revision number. When adding a revision, the revision number must be greater than the highest revision number in the list. Revisions are immutable, although they can be deleted.", + "observedRevisionGeneration": "observedRevisionGeneration is the generation of the ClusterAPI object that was last observed by the revision controller. If specified it must be greater than or equal to 1, and less than 2^53. It may not decrease or be unset once set.", } func (ClusterAPIStatus) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/quota/v1/generated.proto b/vendor/github.com/openshift/api/quota/v1/generated.proto index fb7fed242a..998c594732 100644 --- a/vendor/github.com/openshift/api/quota/v1/generated.proto +++ b/vendor/github.com/openshift/api/quota/v1/generated.proto @@ -51,7 +51,7 @@ message AppliedClusterResourceQuotaList { // +kubebuilder:resource:path=clusterresourcequotas,scope=Cluster // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 -// +openshift:file-pattern=cvoRunLevel=0000_03,operatorName=config-operator,operatorOrdering=01 +// +openshift:file-pattern=cvoRunLevel=0000_00,operatorName=apiserver,operatorOrdering=01 // +openshift:compatibility-gen:level=1 // +kubebuilder:metadata:annotations=release.openshift.io/bootstrap-required=true message ClusterResourceQuota { diff --git a/vendor/github.com/openshift/api/quota/v1/types.go b/vendor/github.com/openshift/api/quota/v1/types.go index 0cfb85f87e..9f60962146 100644 --- a/vendor/github.com/openshift/api/quota/v1/types.go +++ b/vendor/github.com/openshift/api/quota/v1/types.go @@ -17,7 +17,7 @@ import ( // +kubebuilder:resource:path=clusterresourcequotas,scope=Cluster // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 -// +openshift:file-pattern=cvoRunLevel=0000_03,operatorName=config-operator,operatorOrdering=01 +// +openshift:file-pattern=cvoRunLevel=0000_00,operatorName=apiserver,operatorOrdering=01 // +openshift:compatibility-gen:level=1 // +kubebuilder:metadata:annotations=release.openshift.io/bootstrap-required=true type ClusterResourceQuota struct { diff --git a/vendor/github.com/openshift/api/quota/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/quota/v1/zz_generated.featuregated-crd-manifests.yaml index b0fae46f7d..1a56a512d7 100644 --- a/vendor/github.com/openshift/api/quota/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/quota/v1/zz_generated.featuregated-crd-manifests.yaml @@ -6,9 +6,9 @@ clusterresourcequotas.quota.openshift.io: Capability: "" Category: "" FeatureGates: [] - FilenameOperatorName: config-operator + FilenameOperatorName: apiserver FilenameOperatorOrdering: "01" - FilenameRunLevel: "0000_03" + FilenameRunLevel: "0000_00" GroupName: quota.openshift.io HasStatus: true KindName: ClusterResourceQuota diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverspec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverspec.go index 5b674ae05d..42392a353e 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverspec.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverspec.go @@ -2,6 +2,10 @@ package v1 +import ( + configv1 "github.com/openshift/api/config/v1" +) + // APIServerSpecApplyConfiguration represents a declarative configuration of the APIServerSpec type for use // with apply. type APIServerSpecApplyConfiguration struct { @@ -26,6 +30,37 @@ type APIServerSpecApplyConfiguration struct { // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. // The current default is the Intermediate profile. TLSSecurityProfile *TLSSecurityProfileApplyConfiguration `json:"tlsSecurityProfile,omitempty"` + // tlsAdherence controls if components in the cluster adhere to the TLS security profile + // configured on this APIServer resource. + // + // Valid values are "LegacyAdheringComponentsOnly" and "StrictAllComponents". + // + // When set to "LegacyAdheringComponentsOnly", components that already honor the + // cluster-wide TLS profile continue to do so. Components that do not already honor + // it continue to use their individual TLS configurations. + // + // When set to "StrictAllComponents", all components must honor the configured TLS + // profile unless they have a component-specific TLS configuration that overrides + // it. This mode is recommended for security-conscious deployments and is required + // for certain compliance frameworks. + // + // Note: Some components such as Kubelet and IngressController have their own + // dedicated TLS configuration mechanisms via KubeletConfig and IngressController + // CRs respectively. When these component-specific TLS configurations are set, + // they take precedence over the cluster-wide tlsSecurityProfile. When not set, + // these components fall back to the cluster-wide default. + // + // Components that encounter an unknown value for tlsAdherence should treat it + // as "StrictAllComponents" and log a warning to ensure forward compatibility + // while defaulting to the more secure behavior. + // + // This field is optional. + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default is LegacyAdheringComponentsOnly. + // + // Once set, this field may be changed to a different value, but may not be removed. + TLSAdherence *configv1.TLSAdherencePolicy `json:"tlsAdherence,omitempty"` // audit specifies the settings for audit configuration to be applied to all OpenShift-provided // API servers in the cluster. Audit *AuditApplyConfiguration `json:"audit,omitempty"` @@ -79,6 +114,14 @@ func (b *APIServerSpecApplyConfiguration) WithTLSSecurityProfile(value *TLSSecur return b } +// WithTLSAdherence sets the TLSAdherence field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TLSAdherence field is set to the value of the last call. +func (b *APIServerSpecApplyConfiguration) WithTLSAdherence(value configv1.TLSAdherencePolicy) *APIServerSpecApplyConfiguration { + b.TLSAdherence = &value + return b +} + // WithAudit sets the Audit field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Audit field is set to the value of the last call. diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go index ec57615082..457cb43aca 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go @@ -10,6 +10,11 @@ type AWSDNSSpecApplyConfiguration struct { // privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing // operations on the cluster's private hosted zone specified in the cluster DNS config. // When left empty, no role should be assumed. + // + // The ARN must follow the format: arn::iam:::role/, where: + // is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc), + // is a 12-digit numeric identifier for the AWS account, + // is the IAM role name. PrivateZoneIAMRole *string `json:"privateZoneIAMRole,omitempty"` } diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurestatus.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurestatus.go index f5c63c6ae9..c01827c113 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurestatus.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/infrastructurestatus.go @@ -42,6 +42,8 @@ type InfrastructureStatusApplyConfiguration struct { // and the operators should not configure the operand for highly-available operation // The 'External' mode indicates that the control plane is hosted externally to the cluster and that // its components are not visible within the cluster. + // The 'HighlyAvailableArbiter' mode indicates that the control plane will consist of 2 control-plane nodes + // that run conventional services and 1 smaller sized arbiter node that runs a bare minimum of services to maintain quorum. ControlPlaneTopology *configv1.TopologyMode `json:"controlPlaneTopology,omitempty"` // infrastructureTopology expresses the expectations for infrastructure services that do not run on control // plane nodes, usually indicated by a node selector for a `role` value diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/prefixedclaimmapping.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/prefixedclaimmapping.go index 24d8261c9c..08ebf26a86 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/prefixedclaimmapping.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/prefixedclaimmapping.go @@ -11,7 +11,8 @@ type PrefixedClaimMappingApplyConfiguration struct { TokenClaimMappingApplyConfiguration `json:",inline"` // prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes. // - // When omitted (""), no prefix is applied to the cluster identity attribute. + // When omitted or set to an empty string (""), no prefix is applied to the cluster identity attribute. + // Must not be set to a non-empty value when expression is set. // // Example: if `prefix` is set to "myoidc:" and the `claim` in JWT contains an array of strings "a", "b" and "c", the mapping will result in an array of string "myoidc:a", "myoidc:b" and "myoidc:c". Prefix *string `json:"prefix,omitempty"` @@ -31,6 +32,14 @@ func (b *PrefixedClaimMappingApplyConfiguration) WithClaim(value string) *Prefix return b } +// WithExpression sets the Expression field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Expression field is set to the value of the last call. +func (b *PrefixedClaimMappingApplyConfiguration) WithExpression(value string) *PrefixedClaimMappingApplyConfiguration { + b.TokenClaimMappingApplyConfiguration.Expression = &value + return b +} + // WithPrefix sets the Prefix field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Prefix field is set to the value of the last call. diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmapping.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmapping.go index 7b1f0da780..bedd170ae4 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmapping.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmapping.go @@ -7,8 +7,21 @@ package v1 // // TokenClaimMapping allows specifying a JWT token claim to be used when mapping claims from an authentication token to cluster identities. type TokenClaimMappingApplyConfiguration struct { - // claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. + // claim is an optional field for specifying the JWT token claim that is used in the mapping. + // The value of this claim will be assigned to the field in which this mapping is associated. + // claim must not exceed 256 characters in length. + // When set to the empty string `""`, this means that no named claim should be used for the group mapping. + // claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. Claim *string `json:"claim,omitempty"` + // expression is an optional CEL expression used to derive + // group values from JWT claims. + // + // CEL expressions have access to the token claims through a CEL variable, 'claims'. + // + // expression must be at least 1 character and must not exceed 1024 characters in length . + // + // When specified, claim must not be set or be explicitly set to the empty string (`""`). + Expression *string `json:"expression,omitempty"` } // TokenClaimMappingApplyConfiguration constructs a declarative configuration of the TokenClaimMapping type for use with @@ -24,3 +37,11 @@ func (b *TokenClaimMappingApplyConfiguration) WithClaim(value string) *TokenClai b.Claim = &value return b } + +// WithExpression sets the Expression field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Expression field is set to the value of the last call. +func (b *TokenClaimMappingApplyConfiguration) WithExpression(value string) *TokenClaimMappingApplyConfiguration { + b.Expression = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/update.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/update.go index 6151b6b13a..db1128deb5 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/update.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/update.go @@ -47,6 +47,19 @@ type UpdateApplyConfiguration struct { // acceptRisks must not contain more than 1000 entries. // Entries in this list must be unique. AcceptRisks []AcceptRiskApplyConfiguration `json:"acceptRisks,omitempty"` + // mode determines how an update should be processed. + // The only valid value is "Preflight". + // When omitted, the cluster performs a normal update by applying the specified version or image to the cluster. + // This is the standard update behavior. + // When set to "Preflight", the cluster runs compatibility checks against the target release without + // performing an actual update. Compatibility results, including any detected risks, are reported + // in status.conditionalUpdates and status.conditionalUpdateRisks alongside risks from the update + // recommendation service. + // This allows administrators to assess update readiness and address issues before committing to the update. + // Preflight mode is particularly useful for skip-level updates where upgrade compatibility needs to be + // verified across multiple minor versions. + // When mode is set to "Preflight", the same rules for version, image, and architecture apply as for normal updates. + Mode *configv1.UpdateMode `json:"mode,omitempty"` } // UpdateApplyConfiguration constructs a declarative configuration of the Update type for use with @@ -99,3 +112,11 @@ func (b *UpdateApplyConfiguration) WithAcceptRisks(values ...*AcceptRiskApplyCon } return b } + +// WithMode sets the Mode field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Mode field is set to the value of the last call. +func (b *UpdateApplyConfiguration) WithMode(value configv1.UpdateMode) *UpdateApplyConfiguration { + b.Mode = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameclaimmapping.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameclaimmapping.go index dd359d69a6..8676ae891f 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameclaimmapping.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameclaimmapping.go @@ -9,20 +9,29 @@ import ( // UsernameClaimMappingApplyConfiguration represents a declarative configuration of the UsernameClaimMapping type for use // with apply. type UsernameClaimMappingApplyConfiguration struct { - // claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. + // claim is an optional field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. + // claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. + // When the ExternalOIDCWithUpstreamParity feature gate is enabled, claim must not be set when expression is set. // // claim must not be an empty string ("") and must not exceed 256 characters. Claim *string `json:"claim,omitempty"` + // expression is an optional CEL expression used to derive + // the username from JWT claims. + // + // CEL expressions have access to the token claims + // through a CEL variable, 'claims'. + // + // expression must be at least 1 character and must not exceed 1024 characters in length. + // expression must not be set when claim is set. + Expression *string `json:"expression,omitempty"` // prefixPolicy is an optional field that configures how a prefix should be applied to the value of the JWT claim specified in the 'claim' field. // // Allowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string). // // When set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim. - // // The prefix field must be set when prefixPolicy is 'Prefix'. - // + // Must not be set to 'Prefix' when expression is set. // When set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim. - // // When omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. // Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'. // @@ -54,6 +63,14 @@ func (b *UsernameClaimMappingApplyConfiguration) WithClaim(value string) *Userna return b } +// WithExpression sets the Expression field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Expression field is set to the value of the last call. +func (b *UsernameClaimMappingApplyConfiguration) WithExpression(value string) *UsernameClaimMappingApplyConfiguration { + b.Expression = &value + return b +} + // WithPrefixPolicy sets the PrefixPolicy field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the PrefixPolicy field is set to the value of the last call. diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/additionalalertmanagerconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/additionalalertmanagerconfig.go new file mode 100644 index 0000000000..6a699cd82a --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/additionalalertmanagerconfig.go @@ -0,0 +1,119 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" +) + +// AdditionalAlertmanagerConfigApplyConfiguration represents a declarative configuration of the AdditionalAlertmanagerConfig type for use +// with apply. +// +// AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. +// The `AdditionalAlertmanagerConfig` resource defines settings for how a +// component communicates with additional Alertmanager instances. +type AdditionalAlertmanagerConfigApplyConfiguration struct { + // name is a unique identifier for this Alertmanager configuration entry. + // The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, + // hyphens, or periods, and must start and end with an alphanumeric character. + // Minimum length is 1 character (empty string is invalid). + // Maximum length is 253 characters. + Name *string `json:"name,omitempty"` + // authorization configures the authentication method for Alertmanager connections. + // Supports bearer token authentication. When omitted, no authentication is used. + Authorization *AuthorizationConfigApplyConfiguration `json:"authorization,omitempty"` + // pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. + // For example, if your Alertmanager is behind a reverse proxy at "/alertmanager/", + // set this to "/alertmanager" so requests go to "/alertmanager/api/v1/alerts" instead of "/api/v1/alerts". + // This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. + // When no prefix is needed, omit this field; do not set it to "/" as that would produce paths with double slashes (e.g. "//api/v1/alerts"). + // Must start with "/", must not end with "/", and must not be exactly "/". + // Must not contain query strings ("?") or fragments ("#"). + PathPrefix *string `json:"pathPrefix,omitempty"` + // scheme defines the URL scheme to use when communicating with Alertmanager + // instances. + // Possible values are `HTTP` or `HTTPS`. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The current default value is `HTTP`. + Scheme *configv1alpha1.AlertmanagerScheme `json:"scheme,omitempty"` + // staticConfigs is a list of statically configured Alertmanager endpoints in the form + // of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address + // (in brackets) followed by a colon and a valid port number (1-65535). + // Examples: "alertmanager.example.com:9093", "192.168.1.100:9093", "[::1]:9093" + // At least one endpoint must be specified (minimum 1, maximum 10 endpoints). + // Each entry must be unique and non-empty (empty string is invalid). + StaticConfigs []string `json:"staticConfigs,omitempty"` + // timeoutSeconds defines the timeout in seconds for requests to Alertmanager. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Currently the default is 10 seconds. + // Minimum value is 1 second. + // Maximum value is 600 seconds (10 minutes). + TimeoutSeconds *int32 `json:"timeoutSeconds,omitempty"` + // tlsConfig defines the TLS settings to use for Alertmanager connections. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + TLSConfig *TLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` +} + +// AdditionalAlertmanagerConfigApplyConfiguration constructs a declarative configuration of the AdditionalAlertmanagerConfig type for use with +// apply. +func AdditionalAlertmanagerConfig() *AdditionalAlertmanagerConfigApplyConfiguration { + return &AdditionalAlertmanagerConfigApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *AdditionalAlertmanagerConfigApplyConfiguration) WithName(value string) *AdditionalAlertmanagerConfigApplyConfiguration { + b.Name = &value + return b +} + +// WithAuthorization sets the Authorization field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Authorization field is set to the value of the last call. +func (b *AdditionalAlertmanagerConfigApplyConfiguration) WithAuthorization(value *AuthorizationConfigApplyConfiguration) *AdditionalAlertmanagerConfigApplyConfiguration { + b.Authorization = value + return b +} + +// WithPathPrefix sets the PathPrefix field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the PathPrefix field is set to the value of the last call. +func (b *AdditionalAlertmanagerConfigApplyConfiguration) WithPathPrefix(value string) *AdditionalAlertmanagerConfigApplyConfiguration { + b.PathPrefix = &value + return b +} + +// WithScheme sets the Scheme field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Scheme field is set to the value of the last call. +func (b *AdditionalAlertmanagerConfigApplyConfiguration) WithScheme(value configv1alpha1.AlertmanagerScheme) *AdditionalAlertmanagerConfigApplyConfiguration { + b.Scheme = &value + return b +} + +// WithStaticConfigs adds the given value to the StaticConfigs field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the StaticConfigs field. +func (b *AdditionalAlertmanagerConfigApplyConfiguration) WithStaticConfigs(values ...string) *AdditionalAlertmanagerConfigApplyConfiguration { + for i := range values { + b.StaticConfigs = append(b.StaticConfigs, values[i]) + } + return b +} + +// WithTimeoutSeconds sets the TimeoutSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TimeoutSeconds field is set to the value of the last call. +func (b *AdditionalAlertmanagerConfigApplyConfiguration) WithTimeoutSeconds(value int32) *AdditionalAlertmanagerConfigApplyConfiguration { + b.TimeoutSeconds = &value + return b +} + +// WithTLSConfig sets the TLSConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TLSConfig field is set to the value of the last call. +func (b *AdditionalAlertmanagerConfigApplyConfiguration) WithTLSConfig(value *TLSConfigApplyConfiguration) *AdditionalAlertmanagerConfigApplyConfiguration { + b.TLSConfig = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/alertmanagercustomconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/alertmanagercustomconfig.go index ebc4e4a6be..c47130a180 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/alertmanagercustomconfig.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/alertmanagercustomconfig.go @@ -47,7 +47,7 @@ type AlertmanagerCustomConfigApplyConfiguration struct { // - name: memory // request: 40Mi // limit: null - // Maximum length for this list is 10. + // Maximum length for this list is 5. // Minimum length for this list is 1. // Each resource name must be unique within this list. Resources []ContainerResourceApplyConfiguration `json:"resources,omitempty"` @@ -90,12 +90,10 @@ type AlertmanagerCustomConfigApplyConfiguration struct { // Minimum length for this list is 1. // Entries must have unique topologyKey and whenUnsatisfiable pairs. TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` - // volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to - // configure the persistent volume claim, including storage class, volume - // size, and name. + // volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to + // configure the persistent volume claim, including storage class and volume size. // If omitted, the Pod uses ephemeral storage and alert data will not persist // across restarts. - // This field is optional. VolumeClaimTemplate *v1.PersistentVolumeClaim `json:"volumeClaimTemplate,omitempty"` } diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/authorizationconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/authorizationconfig.go new file mode 100644 index 0000000000..87d7c7eefe --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/authorizationconfig.go @@ -0,0 +1,44 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" +) + +// AuthorizationConfigApplyConfiguration represents a declarative configuration of the AuthorizationConfig type for use +// with apply. +// +// AuthorizationConfig defines the authentication method for Alertmanager connections. +type AuthorizationConfigApplyConfiguration struct { + // type specifies the authentication type to use. + // Valid value is "BearerToken" (bearer token authentication). + // When set to BearerToken, the bearerToken field must be specified. + Type *configv1alpha1.AuthorizationType `json:"type,omitempty"` + // bearerToken defines the secret reference containing the bearer token. + // Required when type is "BearerToken", and forbidden otherwise. + // The secret must exist in the openshift-monitoring namespace. + BearerToken *SecretKeySelectorApplyConfiguration `json:"bearerToken,omitempty"` +} + +// AuthorizationConfigApplyConfiguration constructs a declarative configuration of the AuthorizationConfig type for use with +// apply. +func AuthorizationConfig() *AuthorizationConfigApplyConfiguration { + return &AuthorizationConfigApplyConfiguration{} +} + +// WithType sets the Type field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Type field is set to the value of the last call. +func (b *AuthorizationConfigApplyConfiguration) WithType(value configv1alpha1.AuthorizationType) *AuthorizationConfigApplyConfiguration { + b.Type = &value + return b +} + +// WithBearerToken sets the BearerToken field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the BearerToken field is set to the value of the last call. +func (b *AuthorizationConfigApplyConfiguration) WithBearerToken(value *SecretKeySelectorApplyConfiguration) *AuthorizationConfigApplyConfiguration { + b.BearerToken = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/basicauth.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/basicauth.go new file mode 100644 index 0000000000..efad66668a --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/basicauth.go @@ -0,0 +1,38 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// BasicAuthApplyConfiguration represents a declarative configuration of the BasicAuth type for use +// with apply. +// +// BasicAuth defines basic authentication settings for the remote write endpoint URL. +type BasicAuthApplyConfiguration struct { + // username defines the secret reference containing the username for basic authentication. + // The secret must exist in the openshift-monitoring namespace. + Username *SecretKeySelectorApplyConfiguration `json:"username,omitempty"` + // password defines the secret reference containing the password for basic authentication. + // The secret must exist in the openshift-monitoring namespace. + Password *SecretKeySelectorApplyConfiguration `json:"password,omitempty"` +} + +// BasicAuthApplyConfiguration constructs a declarative configuration of the BasicAuth type for use with +// apply. +func BasicAuth() *BasicAuthApplyConfiguration { + return &BasicAuthApplyConfiguration{} +} + +// WithUsername sets the Username field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Username field is set to the value of the last call. +func (b *BasicAuthApplyConfiguration) WithUsername(value *SecretKeySelectorApplyConfiguration) *BasicAuthApplyConfiguration { + b.Username = value + return b +} + +// WithPassword sets the Password field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Password field is set to the value of the last call. +func (b *BasicAuthApplyConfiguration) WithPassword(value *SecretKeySelectorApplyConfiguration) *BasicAuthApplyConfiguration { + b.Password = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/certificateconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/certificateconfig.go new file mode 100644 index 0000000000..a4191ccb27 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/certificateconfig.go @@ -0,0 +1,29 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// CertificateConfigApplyConfiguration represents a declarative configuration of the CertificateConfig type for use +// with apply. +// +// CertificateConfig specifies configuration parameters for certificates. +// At least one property must be specified. +type CertificateConfigApplyConfiguration struct { + // key specifies the cryptographic parameters for the certificate's key pair. + // Currently this is the only configurable parameter. When omitted in an + // overrides entry, the key configuration from defaults is used. + Key *KeyConfigApplyConfiguration `json:"key,omitempty"` +} + +// CertificateConfigApplyConfiguration constructs a declarative configuration of the CertificateConfig type for use with +// apply. +func CertificateConfig() *CertificateConfigApplyConfiguration { + return &CertificateConfigApplyConfiguration{} +} + +// WithKey sets the Key field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Key field is set to the value of the last call. +func (b *CertificateConfigApplyConfiguration) WithKey(value *KeyConfigApplyConfiguration) *CertificateConfigApplyConfiguration { + b.Key = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clusterimagepolicy.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clusterimagepolicy.go deleted file mode 100644 index 19a6917f99..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clusterimagepolicy.go +++ /dev/null @@ -1,277 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - configv1alpha1 "github.com/openshift/api/config/v1alpha1" - internal "github.com/openshift/client-go/config/applyconfigurations/internal" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - managedfields "k8s.io/apimachinery/pkg/util/managedfields" - v1 "k8s.io/client-go/applyconfigurations/meta/v1" -) - -// ClusterImagePolicyApplyConfiguration represents a declarative configuration of the ClusterImagePolicy type for use -// with apply. -// -// # ClusterImagePolicy holds cluster-wide configuration for image signature verification -// -// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. -type ClusterImagePolicyApplyConfiguration struct { - v1.TypeMetaApplyConfiguration `json:",inline"` - // metadata is the standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - *v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` - // spec contains the configuration for the cluster image policy. - Spec *ClusterImagePolicySpecApplyConfiguration `json:"spec,omitempty"` - // status contains the observed state of the resource. - Status *ClusterImagePolicyStatusApplyConfiguration `json:"status,omitempty"` -} - -// ClusterImagePolicy constructs a declarative configuration of the ClusterImagePolicy type for use with -// apply. -func ClusterImagePolicy(name string) *ClusterImagePolicyApplyConfiguration { - b := &ClusterImagePolicyApplyConfiguration{} - b.WithName(name) - b.WithKind("ClusterImagePolicy") - b.WithAPIVersion("config.openshift.io/v1alpha1") - return b -} - -// ExtractClusterImagePolicyFrom extracts the applied configuration owned by fieldManager from -// clusterImagePolicy for the specified subresource. Pass an empty string for subresource to extract -// the main resource. Common subresources include "status", "scale", etc. -// clusterImagePolicy must be a unmodified ClusterImagePolicy API object that was retrieved from the Kubernetes API. -// ExtractClusterImagePolicyFrom provides a way to perform a extract/modify-in-place/apply workflow. -// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously -// applied if another fieldManager has updated or force applied any of the previously applied fields. -func ExtractClusterImagePolicyFrom(clusterImagePolicy *configv1alpha1.ClusterImagePolicy, fieldManager string, subresource string) (*ClusterImagePolicyApplyConfiguration, error) { - b := &ClusterImagePolicyApplyConfiguration{} - err := managedfields.ExtractInto(clusterImagePolicy, internal.Parser().Type("com.github.openshift.api.config.v1alpha1.ClusterImagePolicy"), fieldManager, b, subresource) - if err != nil { - return nil, err - } - b.WithName(clusterImagePolicy.Name) - - b.WithKind("ClusterImagePolicy") - b.WithAPIVersion("config.openshift.io/v1alpha1") - return b, nil -} - -// ExtractClusterImagePolicy extracts the applied configuration owned by fieldManager from -// clusterImagePolicy. If no managedFields are found in clusterImagePolicy for fieldManager, a -// ClusterImagePolicyApplyConfiguration is returned with only the Name, Namespace (if applicable), -// APIVersion and Kind populated. It is possible that no managed fields were found for because other -// field managers have taken ownership of all the fields previously owned by fieldManager, or because -// the fieldManager never owned fields any fields. -// clusterImagePolicy must be a unmodified ClusterImagePolicy API object that was retrieved from the Kubernetes API. -// ExtractClusterImagePolicy provides a way to perform a extract/modify-in-place/apply workflow. -// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously -// applied if another fieldManager has updated or force applied any of the previously applied fields. -func ExtractClusterImagePolicy(clusterImagePolicy *configv1alpha1.ClusterImagePolicy, fieldManager string) (*ClusterImagePolicyApplyConfiguration, error) { - return ExtractClusterImagePolicyFrom(clusterImagePolicy, fieldManager, "") -} - -// ExtractClusterImagePolicyStatus extracts the applied configuration owned by fieldManager from -// clusterImagePolicy for the status subresource. -func ExtractClusterImagePolicyStatus(clusterImagePolicy *configv1alpha1.ClusterImagePolicy, fieldManager string) (*ClusterImagePolicyApplyConfiguration, error) { - return ExtractClusterImagePolicyFrom(clusterImagePolicy, fieldManager, "status") -} - -func (b ClusterImagePolicyApplyConfiguration) IsApplyConfiguration() {} - -// WithKind sets the Kind field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Kind field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithKind(value string) *ClusterImagePolicyApplyConfiguration { - b.TypeMetaApplyConfiguration.Kind = &value - return b -} - -// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the APIVersion field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithAPIVersion(value string) *ClusterImagePolicyApplyConfiguration { - b.TypeMetaApplyConfiguration.APIVersion = &value - return b -} - -// WithName sets the Name field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Name field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithName(value string) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - b.ObjectMetaApplyConfiguration.Name = &value - return b -} - -// WithGenerateName sets the GenerateName field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the GenerateName field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithGenerateName(value string) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - b.ObjectMetaApplyConfiguration.GenerateName = &value - return b -} - -// WithNamespace sets the Namespace field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Namespace field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithNamespace(value string) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - b.ObjectMetaApplyConfiguration.Namespace = &value - return b -} - -// WithUID sets the UID field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the UID field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithUID(value types.UID) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - b.ObjectMetaApplyConfiguration.UID = &value - return b -} - -// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the ResourceVersion field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithResourceVersion(value string) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - b.ObjectMetaApplyConfiguration.ResourceVersion = &value - return b -} - -// WithGeneration sets the Generation field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Generation field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithGeneration(value int64) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - b.ObjectMetaApplyConfiguration.Generation = &value - return b -} - -// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the CreationTimestamp field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithCreationTimestamp(value metav1.Time) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - b.ObjectMetaApplyConfiguration.CreationTimestamp = &value - return b -} - -// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the DeletionTimestamp field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - b.ObjectMetaApplyConfiguration.DeletionTimestamp = &value - return b -} - -// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - b.ObjectMetaApplyConfiguration.DeletionGracePeriodSeconds = &value - return b -} - -// WithLabels puts the entries into the Labels field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, the entries provided by each call will be put on the Labels field, -// overwriting an existing map entries in Labels field with the same key. -func (b *ClusterImagePolicyApplyConfiguration) WithLabels(entries map[string]string) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - if b.ObjectMetaApplyConfiguration.Labels == nil && len(entries) > 0 { - b.ObjectMetaApplyConfiguration.Labels = make(map[string]string, len(entries)) - } - for k, v := range entries { - b.ObjectMetaApplyConfiguration.Labels[k] = v - } - return b -} - -// WithAnnotations puts the entries into the Annotations field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, the entries provided by each call will be put on the Annotations field, -// overwriting an existing map entries in Annotations field with the same key. -func (b *ClusterImagePolicyApplyConfiguration) WithAnnotations(entries map[string]string) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - if b.ObjectMetaApplyConfiguration.Annotations == nil && len(entries) > 0 { - b.ObjectMetaApplyConfiguration.Annotations = make(map[string]string, len(entries)) - } - for k, v := range entries { - b.ObjectMetaApplyConfiguration.Annotations[k] = v - } - return b -} - -// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the OwnerReferences field. -func (b *ClusterImagePolicyApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - for i := range values { - if values[i] == nil { - panic("nil value passed to WithOwnerReferences") - } - b.ObjectMetaApplyConfiguration.OwnerReferences = append(b.ObjectMetaApplyConfiguration.OwnerReferences, *values[i]) - } - return b -} - -// WithFinalizers adds the given value to the Finalizers field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the Finalizers field. -func (b *ClusterImagePolicyApplyConfiguration) WithFinalizers(values ...string) *ClusterImagePolicyApplyConfiguration { - b.ensureObjectMetaApplyConfigurationExists() - for i := range values { - b.ObjectMetaApplyConfiguration.Finalizers = append(b.ObjectMetaApplyConfiguration.Finalizers, values[i]) - } - return b -} - -func (b *ClusterImagePolicyApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { - if b.ObjectMetaApplyConfiguration == nil { - b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{} - } -} - -// WithSpec sets the Spec field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Spec field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithSpec(value *ClusterImagePolicySpecApplyConfiguration) *ClusterImagePolicyApplyConfiguration { - b.Spec = value - return b -} - -// WithStatus sets the Status field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Status field is set to the value of the last call. -func (b *ClusterImagePolicyApplyConfiguration) WithStatus(value *ClusterImagePolicyStatusApplyConfiguration) *ClusterImagePolicyApplyConfiguration { - b.Status = value - return b -} - -// GetKind retrieves the value of the Kind field in the declarative configuration. -func (b *ClusterImagePolicyApplyConfiguration) GetKind() *string { - return b.TypeMetaApplyConfiguration.Kind -} - -// GetAPIVersion retrieves the value of the APIVersion field in the declarative configuration. -func (b *ClusterImagePolicyApplyConfiguration) GetAPIVersion() *string { - return b.TypeMetaApplyConfiguration.APIVersion -} - -// GetName retrieves the value of the Name field in the declarative configuration. -func (b *ClusterImagePolicyApplyConfiguration) GetName() *string { - b.ensureObjectMetaApplyConfigurationExists() - return b.ObjectMetaApplyConfiguration.Name -} - -// GetNamespace retrieves the value of the Namespace field in the declarative configuration. -func (b *ClusterImagePolicyApplyConfiguration) GetNamespace() *string { - b.ensureObjectMetaApplyConfigurationExists() - return b.ObjectMetaApplyConfiguration.Namespace -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clusterimagepolicyspec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clusterimagepolicyspec.go deleted file mode 100644 index 135aa592aa..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clusterimagepolicyspec.go +++ /dev/null @@ -1,53 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - configv1alpha1 "github.com/openshift/api/config/v1alpha1" -) - -// ClusterImagePolicySpecApplyConfiguration represents a declarative configuration of the ClusterImagePolicySpec type for use -// with apply. -// -// CLusterImagePolicySpec is the specification of the ClusterImagePolicy custom resource. -type ClusterImagePolicySpecApplyConfiguration struct { - // scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the "Docker Registry HTTP API V2". - // Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). - // More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository - // namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). - // Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. - // If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. - // In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories - // quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. - // If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. - // For additional details about the format, please refer to the document explaining the docker transport field, - // which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker - Scopes []configv1alpha1.ImageScope `json:"scopes,omitempty"` - // policy contains configuration to allow scopes to be verified, and defines how - // images not matching the verification policy will be treated. - Policy *ImageSigstoreVerificationPolicyApplyConfiguration `json:"policy,omitempty"` -} - -// ClusterImagePolicySpecApplyConfiguration constructs a declarative configuration of the ClusterImagePolicySpec type for use with -// apply. -func ClusterImagePolicySpec() *ClusterImagePolicySpecApplyConfiguration { - return &ClusterImagePolicySpecApplyConfiguration{} -} - -// WithScopes adds the given value to the Scopes field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the Scopes field. -func (b *ClusterImagePolicySpecApplyConfiguration) WithScopes(values ...configv1alpha1.ImageScope) *ClusterImagePolicySpecApplyConfiguration { - for i := range values { - b.Scopes = append(b.Scopes, values[i]) - } - return b -} - -// WithPolicy sets the Policy field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Policy field is set to the value of the last call. -func (b *ClusterImagePolicySpecApplyConfiguration) WithPolicy(value *ImageSigstoreVerificationPolicyApplyConfiguration) *ClusterImagePolicySpecApplyConfiguration { - b.Policy = value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clusterimagepolicystatus.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clusterimagepolicystatus.go deleted file mode 100644 index e01b2cac34..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clusterimagepolicystatus.go +++ /dev/null @@ -1,33 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1 "k8s.io/client-go/applyconfigurations/meta/v1" -) - -// ClusterImagePolicyStatusApplyConfiguration represents a declarative configuration of the ClusterImagePolicyStatus type for use -// with apply. -type ClusterImagePolicyStatusApplyConfiguration struct { - // conditions provide details on the status of this API Resource. - Conditions []v1.ConditionApplyConfiguration `json:"conditions,omitempty"` -} - -// ClusterImagePolicyStatusApplyConfiguration constructs a declarative configuration of the ClusterImagePolicyStatus type for use with -// apply. -func ClusterImagePolicyStatus() *ClusterImagePolicyStatusApplyConfiguration { - return &ClusterImagePolicyStatusApplyConfiguration{} -} - -// WithConditions adds the given value to the Conditions field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the Conditions field. -func (b *ClusterImagePolicyStatusApplyConfiguration) WithConditions(values ...*v1.ConditionApplyConfiguration) *ClusterImagePolicyStatusApplyConfiguration { - for i := range values { - if values[i] == nil { - panic("nil value passed to WithConditions") - } - b.Conditions = append(b.Conditions, *values[i]) - } - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clustermonitoringspec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clustermonitoringspec.go index 53f29c3fdc..7638504d05 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clustermonitoringspec.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clustermonitoringspec.go @@ -18,6 +18,18 @@ type ClusterMonitoringSpecApplyConfiguration struct { // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. // The current default value is `DefaultConfig`. AlertmanagerConfig *AlertmanagerConfigApplyConfiguration `json:"alertmanagerConfig,omitempty"` + // prometheusConfig provides configuration options for the default platform Prometheus instance + // that runs in the `openshift-monitoring` namespace. This configuration applies only to the + // platform Prometheus instance; user-workload Prometheus instances are configured separately. + // + // This field allows you to customize how the platform Prometheus is deployed and operated, including: + // - Pod scheduling (node selectors, tolerations, topology spread constraints) + // - Resource allocation (CPU, memory requests/limits) + // - Retention policies (how long metrics are stored) + // - External integrations (remote write, additional alertmanagers) + // + // This field is optional. When omitted, the platform chooses reasonable defaults, which may change over time. + PrometheusConfig *PrometheusConfigApplyConfiguration `json:"prometheusConfig,omitempty"` // metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. // Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. @@ -33,6 +45,25 @@ type ClusterMonitoringSpecApplyConfiguration struct { // between API versions. // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. PrometheusOperatorAdmissionWebhookConfig *PrometheusOperatorAdmissionWebhookConfigApplyConfiguration `json:"prometheusOperatorAdmissionWebhookConfig,omitempty"` + // openShiftStateMetricsConfig is an optional field that can be used to configure the openshift-state-metrics + // agent that runs in the openshift-monitoring namespace. The openshift-state-metrics agent generates metrics + // about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + OpenShiftStateMetricsConfig *OpenShiftStateMetricsConfigApplyConfiguration `json:"openShiftStateMetricsConfig,omitempty"` + // telemeterClientConfig is an optional field that can be used to configure the Telemeter Client + // component that runs in the openshift-monitoring namespace. The Telemeter Client collects + // selected monitoring metrics and forwards them to Red Hat for telemetry purposes. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // When set, at least one field must be specified within telemeterClientConfig. + TelemeterClientConfig *TelemeterClientConfigApplyConfiguration `json:"telemeterClientConfig,omitempty"` + // thanosQuerierConfig is an optional field that can be used to configure the Thanos Querier + // component that runs in the openshift-monitoring namespace. The Thanos Querier provides + // a global query view by aggregating and deduplicating metrics from multiple Prometheus instances. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The current default deploys the Thanos Querier on linux nodes with 5m CPU and 12Mi memory + // requests, and no custom tolerations or topology spread constraints. + // When set, at least one field must be specified within thanosQuerierConfig. + ThanosQuerierConfig *ThanosQuerierConfigApplyConfiguration `json:"thanosQuerierConfig,omitempty"` } // ClusterMonitoringSpecApplyConfiguration constructs a declarative configuration of the ClusterMonitoringSpec type for use with @@ -57,6 +88,14 @@ func (b *ClusterMonitoringSpecApplyConfiguration) WithAlertmanagerConfig(value * return b } +// WithPrometheusConfig sets the PrometheusConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the PrometheusConfig field is set to the value of the last call. +func (b *ClusterMonitoringSpecApplyConfiguration) WithPrometheusConfig(value *PrometheusConfigApplyConfiguration) *ClusterMonitoringSpecApplyConfiguration { + b.PrometheusConfig = value + return b +} + // WithMetricsServerConfig sets the MetricsServerConfig field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the MetricsServerConfig field is set to the value of the last call. @@ -80,3 +119,27 @@ func (b *ClusterMonitoringSpecApplyConfiguration) WithPrometheusOperatorAdmissio b.PrometheusOperatorAdmissionWebhookConfig = value return b } + +// WithOpenShiftStateMetricsConfig sets the OpenShiftStateMetricsConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the OpenShiftStateMetricsConfig field is set to the value of the last call. +func (b *ClusterMonitoringSpecApplyConfiguration) WithOpenShiftStateMetricsConfig(value *OpenShiftStateMetricsConfigApplyConfiguration) *ClusterMonitoringSpecApplyConfiguration { + b.OpenShiftStateMetricsConfig = value + return b +} + +// WithTelemeterClientConfig sets the TelemeterClientConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TelemeterClientConfig field is set to the value of the last call. +func (b *ClusterMonitoringSpecApplyConfiguration) WithTelemeterClientConfig(value *TelemeterClientConfigApplyConfiguration) *ClusterMonitoringSpecApplyConfiguration { + b.TelemeterClientConfig = value + return b +} + +// WithThanosQuerierConfig sets the ThanosQuerierConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ThanosQuerierConfig field is set to the value of the last call. +func (b *ClusterMonitoringSpecApplyConfiguration) WithThanosQuerierConfig(value *ThanosQuerierConfigApplyConfiguration) *ClusterMonitoringSpecApplyConfiguration { + b.ThanosQuerierConfig = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/containerresource.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/containerresource.go index d600828b01..2240e1b154 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/containerresource.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/containerresource.go @@ -9,6 +9,12 @@ import ( // ContainerResourceApplyConfiguration represents a declarative configuration of the ContainerResource type for use // with apply. // +// MaxItems on []ContainerResource fields is kept at 5 to stay within the +// Kubernetes CRD CEL validation cost budget (StaticEstimatedCRDCostLimit). +// The quantity() CEL function has a high fixed estimated cost per invocation, +// and the limit-vs-request comparison rule is costed per maxItems per location. +// With multiple structs in ClusterMonitoringSpec embedding []ContainerResource, +// maxItems > 5 causes the total estimated rule cost to exceed the budget. // ContainerResource defines a single resource requirement for a container. type ContainerResourceApplyConfiguration struct { // name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). @@ -18,6 +24,7 @@ type ContainerResourceApplyConfiguration struct { // request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). // This field is optional. // When limit is specified, request cannot be greater than limit. + // The value must be greater than 0 when specified. Request *resource.Quantity `json:"request,omitempty"` // limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). // This field is optional. diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/custompkipolicy.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/custompkipolicy.go new file mode 100644 index 0000000000..5f689804ef --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/custompkipolicy.go @@ -0,0 +1,51 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// CustomPKIPolicyApplyConfiguration represents a declarative configuration of the CustomPKIPolicy type for use +// with apply. +// +// CustomPKIPolicy contains administrator-specified cryptographic configuration. +// Administrators must specify defaults for all certificates and may optionally +// override specific categories of certificates. +type CustomPKIPolicyApplyConfiguration struct { + PKIProfileApplyConfiguration `json:",inline"` +} + +// CustomPKIPolicyApplyConfiguration constructs a declarative configuration of the CustomPKIPolicy type for use with +// apply. +func CustomPKIPolicy() *CustomPKIPolicyApplyConfiguration { + return &CustomPKIPolicyApplyConfiguration{} +} + +// WithDefaults sets the Defaults field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Defaults field is set to the value of the last call. +func (b *CustomPKIPolicyApplyConfiguration) WithDefaults(value *DefaultCertificateConfigApplyConfiguration) *CustomPKIPolicyApplyConfiguration { + b.PKIProfileApplyConfiguration.Defaults = value + return b +} + +// WithSignerCertificates sets the SignerCertificates field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SignerCertificates field is set to the value of the last call. +func (b *CustomPKIPolicyApplyConfiguration) WithSignerCertificates(value *CertificateConfigApplyConfiguration) *CustomPKIPolicyApplyConfiguration { + b.PKIProfileApplyConfiguration.SignerCertificates = value + return b +} + +// WithServingCertificates sets the ServingCertificates field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ServingCertificates field is set to the value of the last call. +func (b *CustomPKIPolicyApplyConfiguration) WithServingCertificates(value *CertificateConfigApplyConfiguration) *CustomPKIPolicyApplyConfiguration { + b.PKIProfileApplyConfiguration.ServingCertificates = value + return b +} + +// WithClientCertificates sets the ClientCertificates field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ClientCertificates field is set to the value of the last call. +func (b *CustomPKIPolicyApplyConfiguration) WithClientCertificates(value *CertificateConfigApplyConfiguration) *CustomPKIPolicyApplyConfiguration { + b.PKIProfileApplyConfiguration.ClientCertificates = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/defaultcertificateconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/defaultcertificateconfig.go new file mode 100644 index 0000000000..3ddd6fb6a7 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/defaultcertificateconfig.go @@ -0,0 +1,30 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// DefaultCertificateConfigApplyConfiguration represents a declarative configuration of the DefaultCertificateConfig type for use +// with apply. +// +// DefaultCertificateConfig specifies the default certificate configuration +// parameters. All fields are required to ensure that defaults are fully +// specified for all certificates. +type DefaultCertificateConfigApplyConfiguration struct { + // key specifies the cryptographic parameters for the certificate's key pair. + // This field is required in defaults to ensure all certificates have a + // well-defined key configuration. + Key *KeyConfigApplyConfiguration `json:"key,omitempty"` +} + +// DefaultCertificateConfigApplyConfiguration constructs a declarative configuration of the DefaultCertificateConfig type for use with +// apply. +func DefaultCertificateConfig() *DefaultCertificateConfigApplyConfiguration { + return &DefaultCertificateConfigApplyConfiguration{} +} + +// WithKey sets the Key field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Key field is set to the value of the last call. +func (b *DefaultCertificateConfigApplyConfiguration) WithKey(value *KeyConfigApplyConfiguration) *DefaultCertificateConfigApplyConfiguration { + b.Key = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/dropequalactionconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/dropequalactionconfig.go new file mode 100644 index 0000000000..1e0a8e0014 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/dropequalactionconfig.go @@ -0,0 +1,29 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// DropEqualActionConfigApplyConfiguration represents a declarative configuration of the DropEqualActionConfig type for use +// with apply. +// +// DropEqualActionConfig configures the DropEqual action. +// Drops targets for which the concatenated source_labels do match the value of target_label. +// Requires Prometheus >= v2.41.0. +type DropEqualActionConfigApplyConfiguration struct { + // targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. + // Must be between 1 and 128 characters in length. + TargetLabel *string `json:"targetLabel,omitempty"` +} + +// DropEqualActionConfigApplyConfiguration constructs a declarative configuration of the DropEqualActionConfig type for use with +// apply. +func DropEqualActionConfig() *DropEqualActionConfigApplyConfiguration { + return &DropEqualActionConfigApplyConfiguration{} +} + +// WithTargetLabel sets the TargetLabel field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TargetLabel field is set to the value of the last call. +func (b *DropEqualActionConfigApplyConfiguration) WithTargetLabel(value string) *DropEqualActionConfigApplyConfiguration { + b.TargetLabel = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/ecdsakeyconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/ecdsakeyconfig.go new file mode 100644 index 0000000000..96c579a3af --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/ecdsakeyconfig.go @@ -0,0 +1,40 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" +) + +// ECDSAKeyConfigApplyConfiguration represents a declarative configuration of the ECDSAKeyConfig type for use +// with apply. +// +// ECDSAKeyConfig specifies parameters for ECDSA key generation. +type ECDSAKeyConfigApplyConfiguration struct { + // curve specifies the NIST elliptic curve for ECDSA keys. + // Valid values are "P256", "P384", and "P521". + // + // When set to P256, the NIST P-256 curve (also known as secp256r1) is used, + // providing 128-bit security. + // + // When set to P384, the NIST P-384 curve (also known as secp384r1) is used, + // providing 192-bit security. + // + // When set to P521, the NIST P-521 curve (also known as secp521r1) is used, + // providing 256-bit security. + Curve *configv1alpha1.ECDSACurve `json:"curve,omitempty"` +} + +// ECDSAKeyConfigApplyConfiguration constructs a declarative configuration of the ECDSAKeyConfig type for use with +// apply. +func ECDSAKeyConfig() *ECDSAKeyConfigApplyConfiguration { + return &ECDSAKeyConfigApplyConfiguration{} +} + +// WithCurve sets the Curve field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Curve field is set to the value of the last call. +func (b *ECDSAKeyConfigApplyConfiguration) WithCurve(value configv1alpha1.ECDSACurve) *ECDSAKeyConfigApplyConfiguration { + b.Curve = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/hashmodactionconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/hashmodactionconfig.go new file mode 100644 index 0000000000..453795b42b --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/hashmodactionconfig.go @@ -0,0 +1,40 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// HashModActionConfigApplyConfiguration represents a declarative configuration of the HashModActionConfig type for use +// with apply. +// +// HashModActionConfig configures the HashMod action. +// target_label is set to the modulus of a hash of the concatenated source_labels (target = hash % modulus). +type HashModActionConfigApplyConfiguration struct { + // targetLabel is the label name where the hash modulus result is written. + // Must be between 1 and 128 characters in length. + TargetLabel *string `json:"targetLabel,omitempty"` + // modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). + // Required when using the HashMod action so the intended behavior is explicit. + // Must be between 1 and 1000000. + Modulus *int64 `json:"modulus,omitempty"` +} + +// HashModActionConfigApplyConfiguration constructs a declarative configuration of the HashModActionConfig type for use with +// apply. +func HashModActionConfig() *HashModActionConfigApplyConfiguration { + return &HashModActionConfigApplyConfiguration{} +} + +// WithTargetLabel sets the TargetLabel field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TargetLabel field is set to the value of the last call. +func (b *HashModActionConfigApplyConfiguration) WithTargetLabel(value string) *HashModActionConfigApplyConfiguration { + b.TargetLabel = &value + return b +} + +// WithModulus sets the Modulus field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Modulus field is set to the value of the last call. +func (b *HashModActionConfigApplyConfiguration) WithModulus(value int64) *HashModActionConfigApplyConfiguration { + b.Modulus = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicyfulciocawithrekorrootoftrust.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicyfulciocawithrekorrootoftrust.go deleted file mode 100644 index c9299e5000..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicyfulciocawithrekorrootoftrust.go +++ /dev/null @@ -1,52 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -// ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration represents a declarative configuration of the ImagePolicyFulcioCAWithRekorRootOfTrust type for use -// with apply. -// -// ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key. -type ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration struct { - // fulcioCAData contains inline base64-encoded data for the PEM format fulcio CA. - // fulcioCAData must be at most 8192 characters. - FulcioCAData []byte `json:"fulcioCAData,omitempty"` - // rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. - // rekorKeyData must be at most 8192 characters. - RekorKeyData []byte `json:"rekorKeyData,omitempty"` - // fulcioSubject specifies OIDC issuer and the email of the Fulcio authentication configuration. - FulcioSubject *PolicyFulcioSubjectApplyConfiguration `json:"fulcioSubject,omitempty"` -} - -// ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration constructs a declarative configuration of the ImagePolicyFulcioCAWithRekorRootOfTrust type for use with -// apply. -func ImagePolicyFulcioCAWithRekorRootOfTrust() *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration { - return &ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration{} -} - -// WithFulcioCAData adds the given value to the FulcioCAData field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the FulcioCAData field. -func (b *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration) WithFulcioCAData(values ...byte) *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration { - for i := range values { - b.FulcioCAData = append(b.FulcioCAData, values[i]) - } - return b -} - -// WithRekorKeyData adds the given value to the RekorKeyData field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the RekorKeyData field. -func (b *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration) WithRekorKeyData(values ...byte) *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration { - for i := range values { - b.RekorKeyData = append(b.RekorKeyData, values[i]) - } - return b -} - -// WithFulcioSubject sets the FulcioSubject field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the FulcioSubject field is set to the value of the last call. -func (b *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration) WithFulcioSubject(value *PolicyFulcioSubjectApplyConfiguration) *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration { - b.FulcioSubject = value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicypkirootoftrust.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicypkirootoftrust.go deleted file mode 100644 index 42c3c0aa7c..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicypkirootoftrust.go +++ /dev/null @@ -1,51 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -// ImagePolicyPKIRootOfTrustApplyConfiguration represents a declarative configuration of the ImagePolicyPKIRootOfTrust type for use -// with apply. -// -// ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates. -type ImagePolicyPKIRootOfTrustApplyConfiguration struct { - // caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters. - CertificateAuthorityRootsData []byte `json:"caRootsData,omitempty"` - // caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. - // caIntermediatesData requires caRootsData to be set. - CertificateAuthorityIntermediatesData []byte `json:"caIntermediatesData,omitempty"` - // pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued. - PKICertificateSubject *PKICertificateSubjectApplyConfiguration `json:"pkiCertificateSubject,omitempty"` -} - -// ImagePolicyPKIRootOfTrustApplyConfiguration constructs a declarative configuration of the ImagePolicyPKIRootOfTrust type for use with -// apply. -func ImagePolicyPKIRootOfTrust() *ImagePolicyPKIRootOfTrustApplyConfiguration { - return &ImagePolicyPKIRootOfTrustApplyConfiguration{} -} - -// WithCertificateAuthorityRootsData adds the given value to the CertificateAuthorityRootsData field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the CertificateAuthorityRootsData field. -func (b *ImagePolicyPKIRootOfTrustApplyConfiguration) WithCertificateAuthorityRootsData(values ...byte) *ImagePolicyPKIRootOfTrustApplyConfiguration { - for i := range values { - b.CertificateAuthorityRootsData = append(b.CertificateAuthorityRootsData, values[i]) - } - return b -} - -// WithCertificateAuthorityIntermediatesData adds the given value to the CertificateAuthorityIntermediatesData field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the CertificateAuthorityIntermediatesData field. -func (b *ImagePolicyPKIRootOfTrustApplyConfiguration) WithCertificateAuthorityIntermediatesData(values ...byte) *ImagePolicyPKIRootOfTrustApplyConfiguration { - for i := range values { - b.CertificateAuthorityIntermediatesData = append(b.CertificateAuthorityIntermediatesData, values[i]) - } - return b -} - -// WithPKICertificateSubject sets the PKICertificateSubject field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the PKICertificateSubject field is set to the value of the last call. -func (b *ImagePolicyPKIRootOfTrustApplyConfiguration) WithPKICertificateSubject(value *PKICertificateSubjectApplyConfiguration) *ImagePolicyPKIRootOfTrustApplyConfiguration { - b.PKICertificateSubject = value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicypublickeyrootoftrust.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicypublickeyrootoftrust.go deleted file mode 100644 index 317b1be6ad..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicypublickeyrootoftrust.go +++ /dev/null @@ -1,42 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -// ImagePolicyPublicKeyRootOfTrustApplyConfiguration represents a declarative configuration of the ImagePolicyPublicKeyRootOfTrust type for use -// with apply. -// -// ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key. -type ImagePolicyPublicKeyRootOfTrustApplyConfiguration struct { - // keyData contains inline base64-encoded data for the PEM format public key. - // KeyData must be at most 8192 characters. - KeyData []byte `json:"keyData,omitempty"` - // rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. - // rekorKeyData must be at most 8192 characters. - RekorKeyData []byte `json:"rekorKeyData,omitempty"` -} - -// ImagePolicyPublicKeyRootOfTrustApplyConfiguration constructs a declarative configuration of the ImagePolicyPublicKeyRootOfTrust type for use with -// apply. -func ImagePolicyPublicKeyRootOfTrust() *ImagePolicyPublicKeyRootOfTrustApplyConfiguration { - return &ImagePolicyPublicKeyRootOfTrustApplyConfiguration{} -} - -// WithKeyData adds the given value to the KeyData field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the KeyData field. -func (b *ImagePolicyPublicKeyRootOfTrustApplyConfiguration) WithKeyData(values ...byte) *ImagePolicyPublicKeyRootOfTrustApplyConfiguration { - for i := range values { - b.KeyData = append(b.KeyData, values[i]) - } - return b -} - -// WithRekorKeyData adds the given value to the RekorKeyData field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the RekorKeyData field. -func (b *ImagePolicyPublicKeyRootOfTrustApplyConfiguration) WithRekorKeyData(values ...byte) *ImagePolicyPublicKeyRootOfTrustApplyConfiguration { - for i := range values { - b.RekorKeyData = append(b.RekorKeyData, values[i]) - } - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicyspec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicyspec.go deleted file mode 100644 index 0d8cbf64b7..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicyspec.go +++ /dev/null @@ -1,53 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - configv1alpha1 "github.com/openshift/api/config/v1alpha1" -) - -// ImagePolicySpecApplyConfiguration represents a declarative configuration of the ImagePolicySpec type for use -// with apply. -// -// ImagePolicySpec is the specification of the ImagePolicy CRD. -type ImagePolicySpecApplyConfiguration struct { - // scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the "Docker Registry HTTP API V2". - // Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). - // More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository - // namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). - // Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. - // If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. - // In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories - // quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. - // If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. - // For additional details about the format, please refer to the document explaining the docker transport field, - // which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker - Scopes []configv1alpha1.ImageScope `json:"scopes,omitempty"` - // policy contains configuration to allow scopes to be verified, and defines how - // images not matching the verification policy will be treated. - Policy *ImageSigstoreVerificationPolicyApplyConfiguration `json:"policy,omitempty"` -} - -// ImagePolicySpecApplyConfiguration constructs a declarative configuration of the ImagePolicySpec type for use with -// apply. -func ImagePolicySpec() *ImagePolicySpecApplyConfiguration { - return &ImagePolicySpecApplyConfiguration{} -} - -// WithScopes adds the given value to the Scopes field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the Scopes field. -func (b *ImagePolicySpecApplyConfiguration) WithScopes(values ...configv1alpha1.ImageScope) *ImagePolicySpecApplyConfiguration { - for i := range values { - b.Scopes = append(b.Scopes, values[i]) - } - return b -} - -// WithPolicy sets the Policy field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Policy field is set to the value of the last call. -func (b *ImagePolicySpecApplyConfiguration) WithPolicy(value *ImageSigstoreVerificationPolicyApplyConfiguration) *ImagePolicySpecApplyConfiguration { - b.Policy = value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicystatus.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicystatus.go deleted file mode 100644 index 59fc118561..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicystatus.go +++ /dev/null @@ -1,33 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - v1 "k8s.io/client-go/applyconfigurations/meta/v1" -) - -// ImagePolicyStatusApplyConfiguration represents a declarative configuration of the ImagePolicyStatus type for use -// with apply. -type ImagePolicyStatusApplyConfiguration struct { - // conditions provide details on the status of this API Resource. - Conditions []v1.ConditionApplyConfiguration `json:"conditions,omitempty"` -} - -// ImagePolicyStatusApplyConfiguration constructs a declarative configuration of the ImagePolicyStatus type for use with -// apply. -func ImagePolicyStatus() *ImagePolicyStatusApplyConfiguration { - return &ImagePolicyStatusApplyConfiguration{} -} - -// WithConditions adds the given value to the Conditions field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the Conditions field. -func (b *ImagePolicyStatusApplyConfiguration) WithConditions(values ...*v1.ConditionApplyConfiguration) *ImagePolicyStatusApplyConfiguration { - for i := range values { - if values[i] == nil { - panic("nil value passed to WithConditions") - } - b.Conditions = append(b.Conditions, *values[i]) - } - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagesigstoreverificationpolicy.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagesigstoreverificationpolicy.go deleted file mode 100644 index 3fa4e27478..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagesigstoreverificationpolicy.go +++ /dev/null @@ -1,36 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -// ImageSigstoreVerificationPolicyApplyConfiguration represents a declarative configuration of the ImageSigstoreVerificationPolicy type for use -// with apply. -// -// ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list. -type ImageSigstoreVerificationPolicyApplyConfiguration struct { - // rootOfTrust specifies the root of trust for the policy. - RootOfTrust *PolicyRootOfTrustApplyConfiguration `json:"rootOfTrust,omitempty"` - // signedIdentity specifies what image identity the signature claims about the image. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is "MatchRepoDigestOrExact". - SignedIdentity *PolicyIdentityApplyConfiguration `json:"signedIdentity,omitempty"` -} - -// ImageSigstoreVerificationPolicyApplyConfiguration constructs a declarative configuration of the ImageSigstoreVerificationPolicy type for use with -// apply. -func ImageSigstoreVerificationPolicy() *ImageSigstoreVerificationPolicyApplyConfiguration { - return &ImageSigstoreVerificationPolicyApplyConfiguration{} -} - -// WithRootOfTrust sets the RootOfTrust field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the RootOfTrust field is set to the value of the last call. -func (b *ImageSigstoreVerificationPolicyApplyConfiguration) WithRootOfTrust(value *PolicyRootOfTrustApplyConfiguration) *ImageSigstoreVerificationPolicyApplyConfiguration { - b.RootOfTrust = value - return b -} - -// WithSignedIdentity sets the SignedIdentity field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the SignedIdentity field is set to the value of the last call. -func (b *ImageSigstoreVerificationPolicyApplyConfiguration) WithSignedIdentity(value *PolicyIdentityApplyConfiguration) *ImageSigstoreVerificationPolicyApplyConfiguration { - b.SignedIdentity = value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/keepequalactionconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/keepequalactionconfig.go new file mode 100644 index 0000000000..a560a662a8 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/keepequalactionconfig.go @@ -0,0 +1,29 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// KeepEqualActionConfigApplyConfiguration represents a declarative configuration of the KeepEqualActionConfig type for use +// with apply. +// +// KeepEqualActionConfig configures the KeepEqual action. +// Drops targets for which the concatenated source_labels do not match the value of target_label. +// Requires Prometheus >= v2.41.0. +type KeepEqualActionConfigApplyConfiguration struct { + // targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. + // Must be between 1 and 128 characters in length. + TargetLabel *string `json:"targetLabel,omitempty"` +} + +// KeepEqualActionConfigApplyConfiguration constructs a declarative configuration of the KeepEqualActionConfig type for use with +// apply. +func KeepEqualActionConfig() *KeepEqualActionConfigApplyConfiguration { + return &KeepEqualActionConfigApplyConfiguration{} +} + +// WithTargetLabel sets the TargetLabel field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TargetLabel field is set to the value of the last call. +func (b *KeepEqualActionConfigApplyConfiguration) WithTargetLabel(value string) *KeepEqualActionConfigApplyConfiguration { + b.TargetLabel = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/keyconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/keyconfig.go new file mode 100644 index 0000000000..340d395cec --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/keyconfig.go @@ -0,0 +1,59 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" +) + +// KeyConfigApplyConfiguration represents a declarative configuration of the KeyConfig type for use +// with apply. +// +// KeyConfig specifies cryptographic parameters for key generation. +type KeyConfigApplyConfiguration struct { + // algorithm specifies the key generation algorithm. + // Valid values are "RSA" and "ECDSA". + // + // When set to RSA, the rsa field must be specified and the generated key + // will be an RSA key with the configured key size. + // + // When set to ECDSA, the ecdsa field must be specified and the generated key + // will be an ECDSA key using the configured elliptic curve. + Algorithm *configv1alpha1.KeyAlgorithm `json:"algorithm,omitempty"` + // rsa specifies RSA key parameters. + // Required when algorithm is RSA, and forbidden otherwise. + RSA *RSAKeyConfigApplyConfiguration `json:"rsa,omitempty"` + // ecdsa specifies ECDSA key parameters. + // Required when algorithm is ECDSA, and forbidden otherwise. + ECDSA *ECDSAKeyConfigApplyConfiguration `json:"ecdsa,omitempty"` +} + +// KeyConfigApplyConfiguration constructs a declarative configuration of the KeyConfig type for use with +// apply. +func KeyConfig() *KeyConfigApplyConfiguration { + return &KeyConfigApplyConfiguration{} +} + +// WithAlgorithm sets the Algorithm field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Algorithm field is set to the value of the last call. +func (b *KeyConfigApplyConfiguration) WithAlgorithm(value configv1alpha1.KeyAlgorithm) *KeyConfigApplyConfiguration { + b.Algorithm = &value + return b +} + +// WithRSA sets the RSA field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RSA field is set to the value of the last call. +func (b *KeyConfigApplyConfiguration) WithRSA(value *RSAKeyConfigApplyConfiguration) *KeyConfigApplyConfiguration { + b.RSA = value + return b +} + +// WithECDSA sets the ECDSA field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ECDSA field is set to the value of the last call. +func (b *KeyConfigApplyConfiguration) WithECDSA(value *ECDSAKeyConfigApplyConfiguration) *KeyConfigApplyConfiguration { + b.ECDSA = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/label.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/label.go new file mode 100644 index 0000000000..d1710cc9ab --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/label.go @@ -0,0 +1,39 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// LabelApplyConfiguration represents a declarative configuration of the Label type for use +// with apply. +// +// Label represents a key/value pair for external labels. +type LabelApplyConfiguration struct { + // key is the name of the label. + // Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. + // Must be between 1 and 128 characters in length. + Key *string `json:"key,omitempty"` + // value is the value of the label. + // Must be between 1 and 128 characters in length. + Value *string `json:"value,omitempty"` +} + +// LabelApplyConfiguration constructs a declarative configuration of the Label type for use with +// apply. +func Label() *LabelApplyConfiguration { + return &LabelApplyConfiguration{} +} + +// WithKey sets the Key field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Key field is set to the value of the last call. +func (b *LabelApplyConfiguration) WithKey(value string) *LabelApplyConfiguration { + b.Key = &value + return b +} + +// WithValue sets the Value field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Value field is set to the value of the last call. +func (b *LabelApplyConfiguration) WithValue(value string) *LabelApplyConfiguration { + b.Value = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/labelmapactionconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/labelmapactionconfig.go new file mode 100644 index 0000000000..a16bd78779 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/labelmapactionconfig.go @@ -0,0 +1,30 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// LabelMapActionConfigApplyConfiguration represents a declarative configuration of the LabelMapActionConfig type for use +// with apply. +// +// LabelMapActionConfig configures the LabelMap action. +// Regex is matched against all source label names (not just source_labels). Matching label values are copied to new label names given by replacement, with match group references (${1}, ${2}, ...) substituted. +type LabelMapActionConfigApplyConfiguration struct { + // replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. + // Required when using the LabelMap action so the intended behavior is explicit and the platform does not need to apply defaults. + // Use "$1" for the first capture group, "$2" for the second, etc. + // Must be between 1 and 255 characters in length. Empty string is invalid as it would produce invalid label names. + Replacement *string `json:"replacement,omitempty"` +} + +// LabelMapActionConfigApplyConfiguration constructs a declarative configuration of the LabelMapActionConfig type for use with +// apply. +func LabelMapActionConfig() *LabelMapActionConfigApplyConfiguration { + return &LabelMapActionConfigApplyConfiguration{} +} + +// WithReplacement sets the Replacement field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Replacement field is set to the value of the last call. +func (b *LabelMapActionConfigApplyConfiguration) WithReplacement(value string) *LabelMapActionConfigApplyConfiguration { + b.Replacement = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/lowercaseactionconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/lowercaseactionconfig.go new file mode 100644 index 0000000000..17fa48139a --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/lowercaseactionconfig.go @@ -0,0 +1,29 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// LowercaseActionConfigApplyConfiguration represents a declarative configuration of the LowercaseActionConfig type for use +// with apply. +// +// LowercaseActionConfig configures the Lowercase action. +// Maps the concatenated source_labels to their lower case and writes to target_label. +// Requires Prometheus >= v2.36.0. +type LowercaseActionConfigApplyConfiguration struct { + // targetLabel is the label name where the lower-cased value is written. + // Must be between 1 and 128 characters in length. + TargetLabel *string `json:"targetLabel,omitempty"` +} + +// LowercaseActionConfigApplyConfiguration constructs a declarative configuration of the LowercaseActionConfig type for use with +// apply. +func LowercaseActionConfig() *LowercaseActionConfigApplyConfiguration { + return &LowercaseActionConfigApplyConfiguration{} +} + +// WithTargetLabel sets the TargetLabel field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TargetLabel field is set to the value of the last call. +func (b *LowercaseActionConfigApplyConfiguration) WithTargetLabel(value string) *LowercaseActionConfigApplyConfiguration { + b.TargetLabel = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/metadataconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/metadataconfig.go new file mode 100644 index 0000000000..f8e1627816 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/metadataconfig.go @@ -0,0 +1,42 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" +) + +// MetadataConfigApplyConfiguration represents a declarative configuration of the MetadataConfig type for use +// with apply. +// +// MetadataConfig defines whether and how to send series metadata to remote write storage. +type MetadataConfigApplyConfiguration struct { + // sendPolicy specifies whether to send metadata and how it is configured. + // Default: send metadata using platform-chosen defaults (e.g. send interval 30 seconds). + // Custom: send metadata using the settings in the custom field. + SendPolicy *configv1alpha1.MetadataConfigSendPolicy `json:"sendPolicy,omitempty"` + // custom defines custom metadata send settings. Required when sendPolicy is Custom (must have at least one property), and forbidden when sendPolicy is Default. + Custom *MetadataConfigCustomApplyConfiguration `json:"custom,omitempty"` +} + +// MetadataConfigApplyConfiguration constructs a declarative configuration of the MetadataConfig type for use with +// apply. +func MetadataConfig() *MetadataConfigApplyConfiguration { + return &MetadataConfigApplyConfiguration{} +} + +// WithSendPolicy sets the SendPolicy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SendPolicy field is set to the value of the last call. +func (b *MetadataConfigApplyConfiguration) WithSendPolicy(value configv1alpha1.MetadataConfigSendPolicy) *MetadataConfigApplyConfiguration { + b.SendPolicy = &value + return b +} + +// WithCustom sets the Custom field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Custom field is set to the value of the last call. +func (b *MetadataConfigApplyConfiguration) WithCustom(value *MetadataConfigCustomApplyConfiguration) *MetadataConfigApplyConfiguration { + b.Custom = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/metadataconfigcustom.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/metadataconfigcustom.go new file mode 100644 index 0000000000..3f5e050697 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/metadataconfigcustom.go @@ -0,0 +1,29 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// MetadataConfigCustomApplyConfiguration represents a declarative configuration of the MetadataConfigCustom type for use +// with apply. +// +// MetadataConfigCustom defines custom settings for sending series metadata when sendPolicy is Custom. +// At least one property must be set when sendPolicy is Custom (e.g. sendIntervalSeconds). +type MetadataConfigCustomApplyConfiguration struct { + // sendIntervalSeconds is the interval in seconds at which metadata is sent. + // When omitted, the platform chooses a reasonable default (e.g. 30 seconds). + // Minimum value is 1 second. Maximum value is 86400 seconds (24 hours). + SendIntervalSeconds *int32 `json:"sendIntervalSeconds,omitempty"` +} + +// MetadataConfigCustomApplyConfiguration constructs a declarative configuration of the MetadataConfigCustom type for use with +// apply. +func MetadataConfigCustom() *MetadataConfigCustomApplyConfiguration { + return &MetadataConfigCustomApplyConfiguration{} +} + +// WithSendIntervalSeconds sets the SendIntervalSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SendIntervalSeconds field is set to the value of the last call. +func (b *MetadataConfigCustomApplyConfiguration) WithSendIntervalSeconds(value int32) *MetadataConfigCustomApplyConfiguration { + b.SendIntervalSeconds = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/metricsserverconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/metricsserverconfig.go index ea4d945563..bc77df9d2f 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/metricsserverconfig.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/metricsserverconfig.go @@ -58,7 +58,7 @@ type MetricsServerConfigApplyConfiguration struct { // - name: memory // request: 40Mi // limit: null - // Maximum length for this list is 10. + // Maximum length for this list is 5. // Minimum length for this list is 1. // Each resource name must be unique within this list. Resources []ContainerResourceApplyConfiguration `json:"resources,omitempty"` diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/oauth2.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/oauth2.go new file mode 100644 index 0000000000..d58cc3e513 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/oauth2.go @@ -0,0 +1,82 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// OAuth2ApplyConfiguration represents a declarative configuration of the OAuth2 type for use +// with apply. +// +// OAuth2 defines OAuth2 authentication settings for the remote write endpoint. +type OAuth2ApplyConfiguration struct { + // clientId defines the secret reference containing the OAuth2 client ID. + // The secret must exist in the openshift-monitoring namespace. + ClientID *SecretKeySelectorApplyConfiguration `json:"clientId,omitempty"` + // clientSecret defines the secret reference containing the OAuth2 client secret. + // The secret must exist in the openshift-monitoring namespace. + ClientSecret *SecretKeySelectorApplyConfiguration `json:"clientSecret,omitempty"` + // tokenUrl is the URL to fetch the token from. + // Must be a valid URL with http or https scheme. + // Must be between 1 and 2048 characters in length. + TokenURL *string `json:"tokenUrl,omitempty"` + // scopes is a list of OAuth2 scopes to request. + // When omitted, no scopes are requested. + // Maximum of 20 scopes can be specified. + // Each scope must be between 1 and 256 characters. + Scopes []string `json:"scopes,omitempty"` + // endpointParams defines additional parameters to append to the token URL. + // When omitted, no additional parameters are sent. + // Maximum of 20 parameters can be specified. Entries must have unique names (name is the list key). + EndpointParams []OAuth2EndpointParamApplyConfiguration `json:"endpointParams,omitempty"` +} + +// OAuth2ApplyConfiguration constructs a declarative configuration of the OAuth2 type for use with +// apply. +func OAuth2() *OAuth2ApplyConfiguration { + return &OAuth2ApplyConfiguration{} +} + +// WithClientID sets the ClientID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ClientID field is set to the value of the last call. +func (b *OAuth2ApplyConfiguration) WithClientID(value *SecretKeySelectorApplyConfiguration) *OAuth2ApplyConfiguration { + b.ClientID = value + return b +} + +// WithClientSecret sets the ClientSecret field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ClientSecret field is set to the value of the last call. +func (b *OAuth2ApplyConfiguration) WithClientSecret(value *SecretKeySelectorApplyConfiguration) *OAuth2ApplyConfiguration { + b.ClientSecret = value + return b +} + +// WithTokenURL sets the TokenURL field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TokenURL field is set to the value of the last call. +func (b *OAuth2ApplyConfiguration) WithTokenURL(value string) *OAuth2ApplyConfiguration { + b.TokenURL = &value + return b +} + +// WithScopes adds the given value to the Scopes field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Scopes field. +func (b *OAuth2ApplyConfiguration) WithScopes(values ...string) *OAuth2ApplyConfiguration { + for i := range values { + b.Scopes = append(b.Scopes, values[i]) + } + return b +} + +// WithEndpointParams adds the given value to the EndpointParams field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the EndpointParams field. +func (b *OAuth2ApplyConfiguration) WithEndpointParams(values ...*OAuth2EndpointParamApplyConfiguration) *OAuth2ApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithEndpointParams") + } + b.EndpointParams = append(b.EndpointParams, *values[i]) + } + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/oauth2endpointparam.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/oauth2endpointparam.go new file mode 100644 index 0000000000..8372d30f8c --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/oauth2endpointparam.go @@ -0,0 +1,39 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// OAuth2EndpointParamApplyConfiguration represents a declarative configuration of the OAuth2EndpointParam type for use +// with apply. +// +// OAuth2EndpointParam defines a name/value parameter for the OAuth2 token URL. +type OAuth2EndpointParamApplyConfiguration struct { + // name is the parameter name. Must be between 1 and 256 characters. + Name *string `json:"name,omitempty"` + // value is the optional parameter value. When omitted, the query parameter is applied as ?name (no value). + // When set (including to the empty string), it is applied as ?name=value. Empty string may be used when the + // external system expects a parameter with an empty value (e.g. ?parameter=""). + // Must be between 0 and 2048 characters when present (aligned with common URL length recommendations). + Value *string `json:"value,omitempty"` +} + +// OAuth2EndpointParamApplyConfiguration constructs a declarative configuration of the OAuth2EndpointParam type for use with +// apply. +func OAuth2EndpointParam() *OAuth2EndpointParamApplyConfiguration { + return &OAuth2EndpointParamApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *OAuth2EndpointParamApplyConfiguration) WithName(value string) *OAuth2EndpointParamApplyConfiguration { + b.Name = &value + return b +} + +// WithValue sets the Value field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Value field is set to the value of the last call. +func (b *OAuth2EndpointParamApplyConfiguration) WithValue(value string) *OAuth2EndpointParamApplyConfiguration { + b.Value = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/openshiftstatemetricsconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/openshiftstatemetricsconfig.go new file mode 100644 index 0000000000..daef85c244 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/openshiftstatemetricsconfig.go @@ -0,0 +1,117 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1 "k8s.io/api/core/v1" +) + +// OpenShiftStateMetricsConfigApplyConfiguration represents a declarative configuration of the OpenShiftStateMetricsConfig type for use +// with apply. +// +// OpenShiftStateMetricsConfig provides configuration options for the openshift-state-metrics agent +// that runs in the `openshift-monitoring` namespace. The openshift-state-metrics agent generates +// metrics about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments. +type OpenShiftStateMetricsConfigApplyConfiguration struct { + // nodeSelector defines the nodes on which the Pods are scheduled. + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries. + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // resources defines the compute resource requests and limits for the openshift-state-metrics container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // This field is optional. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // This is a simplified API that maps to Kubernetes ResourceRequirements. + // The current default values are: + // resources: + // - name: cpu + // request: 1m + // limit: null + // - name: memory + // request: 32Mi + // limit: null + // Maximum length for this list is 5. + // Minimum length for this list is 1. + // Each resource name must be unique within this list. + Resources []ContainerResourceApplyConfiguration `json:"resources,omitempty"` + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Defaults are empty/unset. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // topologySpreadConstraints defines rules for how openshift-state-metrics Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Default is empty list. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` +} + +// OpenShiftStateMetricsConfigApplyConfiguration constructs a declarative configuration of the OpenShiftStateMetricsConfig type for use with +// apply. +func OpenShiftStateMetricsConfig() *OpenShiftStateMetricsConfigApplyConfiguration { + return &OpenShiftStateMetricsConfigApplyConfiguration{} +} + +// WithNodeSelector puts the entries into the NodeSelector field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the NodeSelector field, +// overwriting an existing map entries in NodeSelector field with the same key. +func (b *OpenShiftStateMetricsConfigApplyConfiguration) WithNodeSelector(entries map[string]string) *OpenShiftStateMetricsConfigApplyConfiguration { + if b.NodeSelector == nil && len(entries) > 0 { + b.NodeSelector = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.NodeSelector[k] = v + } + return b +} + +// WithResources adds the given value to the Resources field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Resources field. +func (b *OpenShiftStateMetricsConfigApplyConfiguration) WithResources(values ...*ContainerResourceApplyConfiguration) *OpenShiftStateMetricsConfigApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithResources") + } + b.Resources = append(b.Resources, *values[i]) + } + return b +} + +// WithTolerations adds the given value to the Tolerations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Tolerations field. +func (b *OpenShiftStateMetricsConfigApplyConfiguration) WithTolerations(values ...v1.Toleration) *OpenShiftStateMetricsConfigApplyConfiguration { + for i := range values { + b.Tolerations = append(b.Tolerations, values[i]) + } + return b +} + +// WithTopologySpreadConstraints adds the given value to the TopologySpreadConstraints field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the TopologySpreadConstraints field. +func (b *OpenShiftStateMetricsConfigApplyConfiguration) WithTopologySpreadConstraints(values ...v1.TopologySpreadConstraint) *OpenShiftStateMetricsConfigApplyConfiguration { + for i := range values { + b.TopologySpreadConstraints = append(b.TopologySpreadConstraints, values[i]) + } + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicy.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pki.go similarity index 65% rename from vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicy.go rename to vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pki.go index 68a813c1af..01a5b33266 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/imagepolicy.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pki.go @@ -11,81 +11,72 @@ import ( v1 "k8s.io/client-go/applyconfigurations/meta/v1" ) -// ImagePolicyApplyConfiguration represents a declarative configuration of the ImagePolicy type for use +// PKIApplyConfiguration represents a declarative configuration of the PKI type for use // with apply. // -// # ImagePolicy holds namespace-wide configuration for image signature verification +// PKI configures cryptographic parameters for certificates generated +// internally by OpenShift components. // // Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. -type ImagePolicyApplyConfiguration struct { +type PKIApplyConfiguration struct { v1.TypeMetaApplyConfiguration `json:",inline"` // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata *v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` // spec holds user settable values for configuration - Spec *ImagePolicySpecApplyConfiguration `json:"spec,omitempty"` - // status contains the observed state of the resource. - Status *ImagePolicyStatusApplyConfiguration `json:"status,omitempty"` + Spec *PKISpecApplyConfiguration `json:"spec,omitempty"` } -// ImagePolicy constructs a declarative configuration of the ImagePolicy type for use with +// PKI constructs a declarative configuration of the PKI type for use with // apply. -func ImagePolicy(name, namespace string) *ImagePolicyApplyConfiguration { - b := &ImagePolicyApplyConfiguration{} +func PKI(name string) *PKIApplyConfiguration { + b := &PKIApplyConfiguration{} b.WithName(name) - b.WithNamespace(namespace) - b.WithKind("ImagePolicy") + b.WithKind("PKI") b.WithAPIVersion("config.openshift.io/v1alpha1") return b } -// ExtractImagePolicyFrom extracts the applied configuration owned by fieldManager from -// imagePolicy for the specified subresource. Pass an empty string for subresource to extract +// ExtractPKIFrom extracts the applied configuration owned by fieldManager from +// pKI for the specified subresource. Pass an empty string for subresource to extract // the main resource. Common subresources include "status", "scale", etc. -// imagePolicy must be a unmodified ImagePolicy API object that was retrieved from the Kubernetes API. -// ExtractImagePolicyFrom provides a way to perform a extract/modify-in-place/apply workflow. +// pKI must be a unmodified PKI API object that was retrieved from the Kubernetes API. +// ExtractPKIFrom provides a way to perform a extract/modify-in-place/apply workflow. // Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously // applied if another fieldManager has updated or force applied any of the previously applied fields. -func ExtractImagePolicyFrom(imagePolicy *configv1alpha1.ImagePolicy, fieldManager string, subresource string) (*ImagePolicyApplyConfiguration, error) { - b := &ImagePolicyApplyConfiguration{} - err := managedfields.ExtractInto(imagePolicy, internal.Parser().Type("com.github.openshift.api.config.v1alpha1.ImagePolicy"), fieldManager, b, subresource) +func ExtractPKIFrom(pKI *configv1alpha1.PKI, fieldManager string, subresource string) (*PKIApplyConfiguration, error) { + b := &PKIApplyConfiguration{} + err := managedfields.ExtractInto(pKI, internal.Parser().Type("com.github.openshift.api.config.v1alpha1.PKI"), fieldManager, b, subresource) if err != nil { return nil, err } - b.WithName(imagePolicy.Name) - b.WithNamespace(imagePolicy.Namespace) + b.WithName(pKI.Name) - b.WithKind("ImagePolicy") + b.WithKind("PKI") b.WithAPIVersion("config.openshift.io/v1alpha1") return b, nil } -// ExtractImagePolicy extracts the applied configuration owned by fieldManager from -// imagePolicy. If no managedFields are found in imagePolicy for fieldManager, a -// ImagePolicyApplyConfiguration is returned with only the Name, Namespace (if applicable), +// ExtractPKI extracts the applied configuration owned by fieldManager from +// pKI. If no managedFields are found in pKI for fieldManager, a +// PKIApplyConfiguration is returned with only the Name, Namespace (if applicable), // APIVersion and Kind populated. It is possible that no managed fields were found for because other // field managers have taken ownership of all the fields previously owned by fieldManager, or because // the fieldManager never owned fields any fields. -// imagePolicy must be a unmodified ImagePolicy API object that was retrieved from the Kubernetes API. -// ExtractImagePolicy provides a way to perform a extract/modify-in-place/apply workflow. +// pKI must be a unmodified PKI API object that was retrieved from the Kubernetes API. +// ExtractPKI provides a way to perform a extract/modify-in-place/apply workflow. // Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously // applied if another fieldManager has updated or force applied any of the previously applied fields. -func ExtractImagePolicy(imagePolicy *configv1alpha1.ImagePolicy, fieldManager string) (*ImagePolicyApplyConfiguration, error) { - return ExtractImagePolicyFrom(imagePolicy, fieldManager, "") +func ExtractPKI(pKI *configv1alpha1.PKI, fieldManager string) (*PKIApplyConfiguration, error) { + return ExtractPKIFrom(pKI, fieldManager, "") } -// ExtractImagePolicyStatus extracts the applied configuration owned by fieldManager from -// imagePolicy for the status subresource. -func ExtractImagePolicyStatus(imagePolicy *configv1alpha1.ImagePolicy, fieldManager string) (*ImagePolicyApplyConfiguration, error) { - return ExtractImagePolicyFrom(imagePolicy, fieldManager, "status") -} - -func (b ImagePolicyApplyConfiguration) IsApplyConfiguration() {} +func (b PKIApplyConfiguration) IsApplyConfiguration() {} // WithKind sets the Kind field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Kind field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithKind(value string) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithKind(value string) *PKIApplyConfiguration { b.TypeMetaApplyConfiguration.Kind = &value return b } @@ -93,7 +84,7 @@ func (b *ImagePolicyApplyConfiguration) WithKind(value string) *ImagePolicyApply // WithAPIVersion sets the APIVersion field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the APIVersion field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithAPIVersion(value string) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithAPIVersion(value string) *PKIApplyConfiguration { b.TypeMetaApplyConfiguration.APIVersion = &value return b } @@ -101,7 +92,7 @@ func (b *ImagePolicyApplyConfiguration) WithAPIVersion(value string) *ImagePolic // WithName sets the Name field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Name field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithName(value string) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithName(value string) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.Name = &value return b @@ -110,7 +101,7 @@ func (b *ImagePolicyApplyConfiguration) WithName(value string) *ImagePolicyApply // WithGenerateName sets the GenerateName field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the GenerateName field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithGenerateName(value string) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithGenerateName(value string) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.GenerateName = &value return b @@ -119,7 +110,7 @@ func (b *ImagePolicyApplyConfiguration) WithGenerateName(value string) *ImagePol // WithNamespace sets the Namespace field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Namespace field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithNamespace(value string) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithNamespace(value string) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.Namespace = &value return b @@ -128,7 +119,7 @@ func (b *ImagePolicyApplyConfiguration) WithNamespace(value string) *ImagePolicy // WithUID sets the UID field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the UID field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithUID(value types.UID) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithUID(value types.UID) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.UID = &value return b @@ -137,7 +128,7 @@ func (b *ImagePolicyApplyConfiguration) WithUID(value types.UID) *ImagePolicyApp // WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the ResourceVersion field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithResourceVersion(value string) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithResourceVersion(value string) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.ResourceVersion = &value return b @@ -146,7 +137,7 @@ func (b *ImagePolicyApplyConfiguration) WithResourceVersion(value string) *Image // WithGeneration sets the Generation field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Generation field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithGeneration(value int64) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithGeneration(value int64) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.Generation = &value return b @@ -155,7 +146,7 @@ func (b *ImagePolicyApplyConfiguration) WithGeneration(value int64) *ImagePolicy // WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the CreationTimestamp field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithCreationTimestamp(value metav1.Time) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithCreationTimestamp(value metav1.Time) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.CreationTimestamp = &value return b @@ -164,7 +155,7 @@ func (b *ImagePolicyApplyConfiguration) WithCreationTimestamp(value metav1.Time) // WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the DeletionTimestamp field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.DeletionTimestamp = &value return b @@ -173,7 +164,7 @@ func (b *ImagePolicyApplyConfiguration) WithDeletionTimestamp(value metav1.Time) // WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.DeletionGracePeriodSeconds = &value return b @@ -183,7 +174,7 @@ func (b *ImagePolicyApplyConfiguration) WithDeletionGracePeriodSeconds(value int // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, the entries provided by each call will be put on the Labels field, // overwriting an existing map entries in Labels field with the same key. -func (b *ImagePolicyApplyConfiguration) WithLabels(entries map[string]string) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithLabels(entries map[string]string) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() if b.ObjectMetaApplyConfiguration.Labels == nil && len(entries) > 0 { b.ObjectMetaApplyConfiguration.Labels = make(map[string]string, len(entries)) @@ -198,7 +189,7 @@ func (b *ImagePolicyApplyConfiguration) WithLabels(entries map[string]string) *I // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, the entries provided by each call will be put on the Annotations field, // overwriting an existing map entries in Annotations field with the same key. -func (b *ImagePolicyApplyConfiguration) WithAnnotations(entries map[string]string) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithAnnotations(entries map[string]string) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() if b.ObjectMetaApplyConfiguration.Annotations == nil && len(entries) > 0 { b.ObjectMetaApplyConfiguration.Annotations = make(map[string]string, len(entries)) @@ -212,7 +203,7 @@ func (b *ImagePolicyApplyConfiguration) WithAnnotations(entries map[string]strin // WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the OwnerReferences field. -func (b *ImagePolicyApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() for i := range values { if values[i] == nil { @@ -226,7 +217,7 @@ func (b *ImagePolicyApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerR // WithFinalizers adds the given value to the Finalizers field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the Finalizers field. -func (b *ImagePolicyApplyConfiguration) WithFinalizers(values ...string) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithFinalizers(values ...string) *PKIApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() for i := range values { b.ObjectMetaApplyConfiguration.Finalizers = append(b.ObjectMetaApplyConfiguration.Finalizers, values[i]) @@ -234,7 +225,7 @@ func (b *ImagePolicyApplyConfiguration) WithFinalizers(values ...string) *ImageP return b } -func (b *ImagePolicyApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { +func (b *PKIApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { if b.ObjectMetaApplyConfiguration == nil { b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{} } @@ -243,37 +234,29 @@ func (b *ImagePolicyApplyConfiguration) ensureObjectMetaApplyConfigurationExists // WithSpec sets the Spec field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Spec field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithSpec(value *ImagePolicySpecApplyConfiguration) *ImagePolicyApplyConfiguration { +func (b *PKIApplyConfiguration) WithSpec(value *PKISpecApplyConfiguration) *PKIApplyConfiguration { b.Spec = value return b } -// WithStatus sets the Status field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Status field is set to the value of the last call. -func (b *ImagePolicyApplyConfiguration) WithStatus(value *ImagePolicyStatusApplyConfiguration) *ImagePolicyApplyConfiguration { - b.Status = value - return b -} - // GetKind retrieves the value of the Kind field in the declarative configuration. -func (b *ImagePolicyApplyConfiguration) GetKind() *string { +func (b *PKIApplyConfiguration) GetKind() *string { return b.TypeMetaApplyConfiguration.Kind } // GetAPIVersion retrieves the value of the APIVersion field in the declarative configuration. -func (b *ImagePolicyApplyConfiguration) GetAPIVersion() *string { +func (b *PKIApplyConfiguration) GetAPIVersion() *string { return b.TypeMetaApplyConfiguration.APIVersion } // GetName retrieves the value of the Name field in the declarative configuration. -func (b *ImagePolicyApplyConfiguration) GetName() *string { +func (b *PKIApplyConfiguration) GetName() *string { b.ensureObjectMetaApplyConfigurationExists() return b.ObjectMetaApplyConfiguration.Name } // GetNamespace retrieves the value of the Namespace field in the declarative configuration. -func (b *ImagePolicyApplyConfiguration) GetNamespace() *string { +func (b *PKIApplyConfiguration) GetNamespace() *string { b.ensureObjectMetaApplyConfigurationExists() return b.ObjectMetaApplyConfiguration.Namespace } diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkicertificatemanagement.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkicertificatemanagement.go new file mode 100644 index 0000000000..203b73bb6a --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkicertificatemanagement.go @@ -0,0 +1,65 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" +) + +// PKICertificateManagementApplyConfiguration represents a declarative configuration of the PKICertificateManagement type for use +// with apply. +// +// PKICertificateManagement determines whether components use hardcoded defaults (Unmanaged), follow +// OpenShift best practices (Default), or use administrator-specified cryptographic parameters (Custom). +// This provides flexibility for organizations with specific compliance requirements or security policies +// while maintaining backwards compatibility for existing clusters. +type PKICertificateManagementApplyConfiguration struct { + // mode determines how PKI configuration is managed. + // Valid values are "Unmanaged", "Default", and "Custom". + // + // When set to Unmanaged, components use their existing hardcoded certificate + // generation behavior, exactly as if this feature did not exist. Each component + // generates certificates using whatever parameters it was using before this + // feature. While most components use RSA 2048, some may use different + // parameters. Use of this mode might prevent upgrading to the next major + // OpenShift release. + // + // When set to Default, OpenShift-recommended best practices for certificate + // generation are applied. The specific parameters may evolve across OpenShift + // releases to adopt improved cryptographic standards. In the initial release, + // this matches Unmanaged behavior for each component. In future releases, this + // may adopt ECDSA or larger RSA keys based on industry best practices. + // Recommended for most customers who want to benefit from security improvements + // automatically. + // + // When set to Custom, the certificate management parameters can be set + // explicitly. Use the custom field to specify certificate generation parameters. + Mode *configv1alpha1.PKICertificateManagementMode `json:"mode,omitempty"` + // custom contains administrator-specified cryptographic configuration. + // Use the defaults and category override fields + // to specify certificate generation parameters. + // Required when mode is Custom, and forbidden otherwise. + Custom *CustomPKIPolicyApplyConfiguration `json:"custom,omitempty"` +} + +// PKICertificateManagementApplyConfiguration constructs a declarative configuration of the PKICertificateManagement type for use with +// apply. +func PKICertificateManagement() *PKICertificateManagementApplyConfiguration { + return &PKICertificateManagementApplyConfiguration{} +} + +// WithMode sets the Mode field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Mode field is set to the value of the last call. +func (b *PKICertificateManagementApplyConfiguration) WithMode(value configv1alpha1.PKICertificateManagementMode) *PKICertificateManagementApplyConfiguration { + b.Mode = &value + return b +} + +// WithCustom sets the Custom field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Custom field is set to the value of the last call. +func (b *PKICertificateManagementApplyConfiguration) WithCustom(value *CustomPKIPolicyApplyConfiguration) *PKICertificateManagementApplyConfiguration { + b.Custom = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkicertificatesubject.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkicertificatesubject.go deleted file mode 100644 index c9c93a2806..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkicertificatesubject.go +++ /dev/null @@ -1,39 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -// PKICertificateSubjectApplyConfiguration represents a declarative configuration of the PKICertificateSubject type for use -// with apply. -// -// PKICertificateSubject defines the requirements imposed on the subject to which the certificate was issued. -type PKICertificateSubjectApplyConfiguration struct { - // email specifies the expected email address imposed on the subject to which the certificate was issued, and must match the email address listed in the Subject Alternative Name (SAN) field of the certificate. - // The email should be a valid email address and at most 320 characters in length. - Email *string `json:"email,omitempty"` - // hostname specifies the expected hostname imposed on the subject to which the certificate was issued, and it must match the hostname listed in the Subject Alternative Name (SAN) DNS field of the certificate. - // The hostname should be a valid dns 1123 subdomain name, optionally prefixed by '*.', and at most 253 characters in length. - // It should consist only of lowercase alphanumeric characters, hyphens, periods and the optional preceding asterisk. - Hostname *string `json:"hostname,omitempty"` -} - -// PKICertificateSubjectApplyConfiguration constructs a declarative configuration of the PKICertificateSubject type for use with -// apply. -func PKICertificateSubject() *PKICertificateSubjectApplyConfiguration { - return &PKICertificateSubjectApplyConfiguration{} -} - -// WithEmail sets the Email field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Email field is set to the value of the last call. -func (b *PKICertificateSubjectApplyConfiguration) WithEmail(value string) *PKICertificateSubjectApplyConfiguration { - b.Email = &value - return b -} - -// WithHostname sets the Hostname field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Hostname field is set to the value of the last call. -func (b *PKICertificateSubjectApplyConfiguration) WithHostname(value string) *PKICertificateSubjectApplyConfiguration { - b.Hostname = &value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkiprofile.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkiprofile.go new file mode 100644 index 0000000000..735b7ca1d2 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkiprofile.go @@ -0,0 +1,68 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// PKIProfileApplyConfiguration represents a declarative configuration of the PKIProfile type for use +// with apply. +// +// PKIProfile defines the certificate generation parameters that OpenShift +// components use to create certificates. Category overrides take precedence +// over defaults. +type PKIProfileApplyConfiguration struct { + // defaults specifies the default certificate configuration that applies + // to all certificates unless overridden by a category override. + Defaults *DefaultCertificateConfigApplyConfiguration `json:"defaults,omitempty"` + // signerCertificates optionally overrides certificate parameters for + // certificate authority (CA) certificates that sign other certificates. + // When set, these parameters take precedence over defaults for all signer certificates. + // When omitted, the defaults are used for signer certificates. + SignerCertificates *CertificateConfigApplyConfiguration `json:"signerCertificates,omitempty"` + // servingCertificates optionally overrides certificate parameters for + // TLS server certificates used to serve HTTPS endpoints. + // When set, these parameters take precedence over defaults for all serving certificates. + // When omitted, the defaults are used for serving certificates. + ServingCertificates *CertificateConfigApplyConfiguration `json:"servingCertificates,omitempty"` + // clientCertificates optionally overrides certificate parameters for + // client authentication certificates used to authenticate to servers. + // When set, these parameters take precedence over defaults for all client certificates. + // When omitted, the defaults are used for client certificates. + ClientCertificates *CertificateConfigApplyConfiguration `json:"clientCertificates,omitempty"` +} + +// PKIProfileApplyConfiguration constructs a declarative configuration of the PKIProfile type for use with +// apply. +func PKIProfile() *PKIProfileApplyConfiguration { + return &PKIProfileApplyConfiguration{} +} + +// WithDefaults sets the Defaults field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Defaults field is set to the value of the last call. +func (b *PKIProfileApplyConfiguration) WithDefaults(value *DefaultCertificateConfigApplyConfiguration) *PKIProfileApplyConfiguration { + b.Defaults = value + return b +} + +// WithSignerCertificates sets the SignerCertificates field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SignerCertificates field is set to the value of the last call. +func (b *PKIProfileApplyConfiguration) WithSignerCertificates(value *CertificateConfigApplyConfiguration) *PKIProfileApplyConfiguration { + b.SignerCertificates = value + return b +} + +// WithServingCertificates sets the ServingCertificates field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ServingCertificates field is set to the value of the last call. +func (b *PKIProfileApplyConfiguration) WithServingCertificates(value *CertificateConfigApplyConfiguration) *PKIProfileApplyConfiguration { + b.ServingCertificates = value + return b +} + +// WithClientCertificates sets the ClientCertificates field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ClientCertificates field is set to the value of the last call. +func (b *PKIProfileApplyConfiguration) WithClientCertificates(value *CertificateConfigApplyConfiguration) *PKIProfileApplyConfiguration { + b.ClientCertificates = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkispec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkispec.go new file mode 100644 index 0000000000..3158b96c7d --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/pkispec.go @@ -0,0 +1,28 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// PKISpecApplyConfiguration represents a declarative configuration of the PKISpec type for use +// with apply. +// +// PKISpec holds the specification for PKI configuration. +type PKISpecApplyConfiguration struct { + // certificateManagement specifies how PKI configuration is managed for internally-generated certificates. + // This controls the certificate generation approach for all OpenShift components that create + // certificates internally, including certificate authorities, serving certificates, and client certificates. + CertificateManagement *PKICertificateManagementApplyConfiguration `json:"certificateManagement,omitempty"` +} + +// PKISpecApplyConfiguration constructs a declarative configuration of the PKISpec type for use with +// apply. +func PKISpec() *PKISpecApplyConfiguration { + return &PKISpecApplyConfiguration{} +} + +// WithCertificateManagement sets the CertificateManagement field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CertificateManagement field is set to the value of the last call. +func (b *PKISpecApplyConfiguration) WithCertificateManagement(value *PKICertificateManagementApplyConfiguration) *PKISpecApplyConfiguration { + b.CertificateManagement = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policyfulciosubject.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policyfulciosubject.go deleted file mode 100644 index 5c7bd5ed9e..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policyfulciosubject.go +++ /dev/null @@ -1,38 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -// PolicyFulcioSubjectApplyConfiguration represents a declarative configuration of the PolicyFulcioSubject type for use -// with apply. -// -// PolicyFulcioSubject defines the OIDC issuer and the email of the Fulcio authentication configuration. -type PolicyFulcioSubjectApplyConfiguration struct { - // oidcIssuer contains the expected OIDC issuer. It will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL. When Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token. - // Example: "https://expected.OIDC.issuer/" - OIDCIssuer *string `json:"oidcIssuer,omitempty"` - // signedEmail holds the email address the the Fulcio certificate is issued for. - // Example: "expected-signing-user@example.com" - SignedEmail *string `json:"signedEmail,omitempty"` -} - -// PolicyFulcioSubjectApplyConfiguration constructs a declarative configuration of the PolicyFulcioSubject type for use with -// apply. -func PolicyFulcioSubject() *PolicyFulcioSubjectApplyConfiguration { - return &PolicyFulcioSubjectApplyConfiguration{} -} - -// WithOIDCIssuer sets the OIDCIssuer field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the OIDCIssuer field is set to the value of the last call. -func (b *PolicyFulcioSubjectApplyConfiguration) WithOIDCIssuer(value string) *PolicyFulcioSubjectApplyConfiguration { - b.OIDCIssuer = &value - return b -} - -// WithSignedEmail sets the SignedEmail field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the SignedEmail field is set to the value of the last call. -func (b *PolicyFulcioSubjectApplyConfiguration) WithSignedEmail(value string) *PolicyFulcioSubjectApplyConfiguration { - b.SignedEmail = &value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policyidentity.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policyidentity.go deleted file mode 100644 index 822e756774..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policyidentity.go +++ /dev/null @@ -1,57 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - configv1alpha1 "github.com/openshift/api/config/v1alpha1" -) - -// PolicyIdentityApplyConfiguration represents a declarative configuration of the PolicyIdentity type for use -// with apply. -// -// PolicyIdentity defines image identity the signature claims about the image. When omitted, the default matchPolicy is "MatchRepoDigestOrExact". -type PolicyIdentityApplyConfiguration struct { - // matchPolicy sets the type of matching to be used. - // Valid values are "MatchRepoDigestOrExact", "MatchRepository", "ExactRepository", "RemapIdentity". When omitted, the default value is "MatchRepoDigestOrExact". - // If set matchPolicy to ExactRepository, then the exactRepository must be specified. - // If set matchPolicy to RemapIdentity, then the remapIdentity must be specified. - // "MatchRepoDigestOrExact" means that the identity in the signature must be in the same repository as the image identity if the image identity is referenced by a digest. Otherwise, the identity in the signature must be the same as the image identity. - // "MatchRepository" means that the identity in the signature must be in the same repository as the image identity. - // "ExactRepository" means that the identity in the signature must be in the same repository as a specific identity specified by "repository". - // "RemapIdentity" means that the signature must be in the same as the remapped image identity. Remapped image identity is obtained by replacing the "prefix" with the specified “signedPrefix” if the the image identity matches the specified remapPrefix. - MatchPolicy *configv1alpha1.IdentityMatchPolicy `json:"matchPolicy,omitempty"` - // exactRepository is required if matchPolicy is set to "ExactRepository". - PolicyMatchExactRepository *PolicyMatchExactRepositoryApplyConfiguration `json:"exactRepository,omitempty"` - // remapIdentity is required if matchPolicy is set to "RemapIdentity". - PolicyMatchRemapIdentity *PolicyMatchRemapIdentityApplyConfiguration `json:"remapIdentity,omitempty"` -} - -// PolicyIdentityApplyConfiguration constructs a declarative configuration of the PolicyIdentity type for use with -// apply. -func PolicyIdentity() *PolicyIdentityApplyConfiguration { - return &PolicyIdentityApplyConfiguration{} -} - -// WithMatchPolicy sets the MatchPolicy field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the MatchPolicy field is set to the value of the last call. -func (b *PolicyIdentityApplyConfiguration) WithMatchPolicy(value configv1alpha1.IdentityMatchPolicy) *PolicyIdentityApplyConfiguration { - b.MatchPolicy = &value - return b -} - -// WithPolicyMatchExactRepository sets the PolicyMatchExactRepository field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the PolicyMatchExactRepository field is set to the value of the last call. -func (b *PolicyIdentityApplyConfiguration) WithPolicyMatchExactRepository(value *PolicyMatchExactRepositoryApplyConfiguration) *PolicyIdentityApplyConfiguration { - b.PolicyMatchExactRepository = value - return b -} - -// WithPolicyMatchRemapIdentity sets the PolicyMatchRemapIdentity field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the PolicyMatchRemapIdentity field is set to the value of the last call. -func (b *PolicyIdentityApplyConfiguration) WithPolicyMatchRemapIdentity(value *PolicyMatchRemapIdentityApplyConfiguration) *PolicyIdentityApplyConfiguration { - b.PolicyMatchRemapIdentity = value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policymatchexactrepository.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policymatchexactrepository.go deleted file mode 100644 index 6420b8ed9e..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policymatchexactrepository.go +++ /dev/null @@ -1,29 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - configv1alpha1 "github.com/openshift/api/config/v1alpha1" -) - -// PolicyMatchExactRepositoryApplyConfiguration represents a declarative configuration of the PolicyMatchExactRepository type for use -// with apply. -type PolicyMatchExactRepositoryApplyConfiguration struct { - // repository is the reference of the image identity to be matched. - // The value should be a repository name (by omitting the tag or digest) in a registry implementing the "Docker Registry HTTP API V2". For example, docker.io/library/busybox - Repository *configv1alpha1.IdentityRepositoryPrefix `json:"repository,omitempty"` -} - -// PolicyMatchExactRepositoryApplyConfiguration constructs a declarative configuration of the PolicyMatchExactRepository type for use with -// apply. -func PolicyMatchExactRepository() *PolicyMatchExactRepositoryApplyConfiguration { - return &PolicyMatchExactRepositoryApplyConfiguration{} -} - -// WithRepository sets the Repository field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Repository field is set to the value of the last call. -func (b *PolicyMatchExactRepositoryApplyConfiguration) WithRepository(value configv1alpha1.IdentityRepositoryPrefix) *PolicyMatchExactRepositoryApplyConfiguration { - b.Repository = &value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policymatchremapidentity.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policymatchremapidentity.go deleted file mode 100644 index 0b1a5098fa..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policymatchremapidentity.go +++ /dev/null @@ -1,45 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - configv1alpha1 "github.com/openshift/api/config/v1alpha1" -) - -// PolicyMatchRemapIdentityApplyConfiguration represents a declarative configuration of the PolicyMatchRemapIdentity type for use -// with apply. -type PolicyMatchRemapIdentityApplyConfiguration struct { - // prefix is the prefix of the image identity to be matched. - // If the image identity matches the specified prefix, that prefix is replaced by the specified “signedPrefix” (otherwise it is used as unchanged and no remapping takes place). - // This useful when verifying signatures for a mirror of some other repository namespace that preserves the vendor’s repository structure. - // The prefix and signedPrefix values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, - // or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. - // For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox. - Prefix *configv1alpha1.IdentityRepositoryPrefix `json:"prefix,omitempty"` - // signedPrefix is the prefix of the image identity to be matched in the signature. The format is the same as "prefix". The values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, - // or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. - // For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox. - SignedPrefix *configv1alpha1.IdentityRepositoryPrefix `json:"signedPrefix,omitempty"` -} - -// PolicyMatchRemapIdentityApplyConfiguration constructs a declarative configuration of the PolicyMatchRemapIdentity type for use with -// apply. -func PolicyMatchRemapIdentity() *PolicyMatchRemapIdentityApplyConfiguration { - return &PolicyMatchRemapIdentityApplyConfiguration{} -} - -// WithPrefix sets the Prefix field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Prefix field is set to the value of the last call. -func (b *PolicyMatchRemapIdentityApplyConfiguration) WithPrefix(value configv1alpha1.IdentityRepositoryPrefix) *PolicyMatchRemapIdentityApplyConfiguration { - b.Prefix = &value - return b -} - -// WithSignedPrefix sets the SignedPrefix field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the SignedPrefix field is set to the value of the last call. -func (b *PolicyMatchRemapIdentityApplyConfiguration) WithSignedPrefix(value configv1alpha1.IdentityRepositoryPrefix) *PolicyMatchRemapIdentityApplyConfiguration { - b.SignedPrefix = &value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policyrootoftrust.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policyrootoftrust.go deleted file mode 100644 index b7a1877fc4..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/policyrootoftrust.go +++ /dev/null @@ -1,65 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - configv1alpha1 "github.com/openshift/api/config/v1alpha1" -) - -// PolicyRootOfTrustApplyConfiguration represents a declarative configuration of the PolicyRootOfTrust type for use -// with apply. -// -// PolicyRootOfTrust defines the root of trust based on the selected policyType. -type PolicyRootOfTrustApplyConfiguration struct { - // policyType serves as the union's discriminator. Users are required to assign a value to this field, choosing one of the policy types that define the root of trust. - // "PublicKey" indicates that the policy relies on a sigstore publicKey and may optionally use a Rekor verification. - // "FulcioCAWithRekor" indicates that the policy is based on the Fulcio certification and incorporates a Rekor verification. - // "PKI" indicates that the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate. - PolicyType *configv1alpha1.PolicyType `json:"policyType,omitempty"` - // publicKey defines the root of trust based on a sigstore public key. - PublicKey *ImagePolicyPublicKeyRootOfTrustApplyConfiguration `json:"publicKey,omitempty"` - // fulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key. - // For more information about Fulcio and Rekor, please refer to the document at: - // https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor - FulcioCAWithRekor *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration `json:"fulcioCAWithRekor,omitempty"` - // pki defines the root of trust based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates. - PKI *ImagePolicyPKIRootOfTrustApplyConfiguration `json:"pki,omitempty"` -} - -// PolicyRootOfTrustApplyConfiguration constructs a declarative configuration of the PolicyRootOfTrust type for use with -// apply. -func PolicyRootOfTrust() *PolicyRootOfTrustApplyConfiguration { - return &PolicyRootOfTrustApplyConfiguration{} -} - -// WithPolicyType sets the PolicyType field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the PolicyType field is set to the value of the last call. -func (b *PolicyRootOfTrustApplyConfiguration) WithPolicyType(value configv1alpha1.PolicyType) *PolicyRootOfTrustApplyConfiguration { - b.PolicyType = &value - return b -} - -// WithPublicKey sets the PublicKey field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the PublicKey field is set to the value of the last call. -func (b *PolicyRootOfTrustApplyConfiguration) WithPublicKey(value *ImagePolicyPublicKeyRootOfTrustApplyConfiguration) *PolicyRootOfTrustApplyConfiguration { - b.PublicKey = value - return b -} - -// WithFulcioCAWithRekor sets the FulcioCAWithRekor field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the FulcioCAWithRekor field is set to the value of the last call. -func (b *PolicyRootOfTrustApplyConfiguration) WithFulcioCAWithRekor(value *ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration) *PolicyRootOfTrustApplyConfiguration { - b.FulcioCAWithRekor = value - return b -} - -// WithPKI sets the PKI field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the PKI field is set to the value of the last call. -func (b *PolicyRootOfTrustApplyConfiguration) WithPKI(value *ImagePolicyPKIRootOfTrustApplyConfiguration) *PolicyRootOfTrustApplyConfiguration { - b.PKI = value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusconfig.go new file mode 100644 index 0000000000..31d3b9f58e --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusconfig.go @@ -0,0 +1,282 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" + v1 "k8s.io/api/core/v1" +) + +// PrometheusConfigApplyConfiguration represents a declarative configuration of the PrometheusConfig type for use +// with apply. +// +// PrometheusConfig provides configuration options for the Prometheus instance. +// Use this configuration to control +// Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations. +type PrometheusConfigApplyConfiguration struct { + // additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from + // the Prometheus component. This is useful for organizations that need to: + // - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks) + // - Route different types of alerts to different teams or systems + // - Integrate with existing enterprise alerting infrastructure + // - Maintain separate alert routing for compliance or organizational requirements + // When omitted, no additional Alertmanager instances are configured (default behavior). + // When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + // Entries must have unique names (name is the list key). + AdditionalAlertmanagerConfigs []AdditionalAlertmanagerConfigApplyConfiguration `json:"additionalAlertmanagerConfigs,omitempty"` + // enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. + // If a scraped target's body response is larger than the limit, the scrape will fail. + // This helps protect Prometheus from targets that return excessively large responses. + // The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). + // When omitted, the Cluster Monitoring Operator automatically calculates an appropriate + // limit based on cluster capacity. Set an explicit value to override the automatic calculation. + // Minimum value is 10240 (10kB). + // Maximum value is 1073741824 (1GB). + EnforcedBodySizeLimitBytes *int64 `json:"enforcedBodySizeLimitBytes,omitempty"` + // externalLabels defines labels to be attached to time series and alerts + // when communicating with external systems such as federation, remote storage, + // and Alertmanager. These labels are not stored with metrics on disk; they are + // only added when data leaves Prometheus (e.g., during federation queries, + // remote write, or alert notifications). + // At least 1 label must be specified when set, with a maximum of 50 labels allowed. + // Each label key must be unique within this list. + // When omitted, no external labels are applied. + ExternalLabels []LabelApplyConfiguration `json:"externalLabels,omitempty"` + // logLevel defines the verbosity of logs emitted by Prometheus. + // This field allows users to control the amount and severity of logs generated, which can be useful + // for debugging issues or reducing noise in production environments. + // Allowed values are Error, Warn, Info, and Debug. + // When set to Error, only errors will be logged. + // When set to Warn, both warnings and errors will be logged. + // When set to Info, general information, warnings, and errors will all be logged. + // When set to Debug, detailed debugging information will be logged. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + // The current default value is `Info`. + LogLevel *configv1alpha1.LogLevel `json:"logLevel,omitempty"` + // nodeSelector defines the nodes on which the Pods are scheduled. + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // When specified, nodeSelector must contain at least one key-value pair (minimum of 1) + // and must not contain more than 10 entries. + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // queryLogFile specifies the file to which PromQL queries are logged. + // This setting can be either a filename, in which + // case the queries are saved to an `emptyDir` volume + // at `/var/log/prometheus`, or a full path to a location where + // an `emptyDir` volume will be mounted and the queries saved. + // Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but + // writing to any other `/dev/` path is not supported. Relative paths are + // also not supported. + // By default, PromQL queries are not logged. + // Must be an absolute path starting with `/` or a simple filename without path separators. + // Must not contain consecutive slashes, end with a slash, or include '..' path traversal. + // Must contain only alphanumeric characters, '.', '_', '-', or '/'. + // Must be between 1 and 255 characters in length. + QueryLogFile *string `json:"queryLogFile,omitempty"` + // remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. + // Remote write allows Prometheus to send metrics it collects to external long-term storage systems. + // When omitted, no remote write endpoints are configured. + // When provided, at least one configuration must be specified (minimum 1, maximum 10 items). + // Entries must have unique names (name is the list key). + RemoteWrite []RemoteWriteSpecApplyConfiguration `json:"remoteWrite,omitempty"` + // resources defines the compute resource requests and limits for the Prometheus container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // This field is optional. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // This is a simplified API that maps to Kubernetes ResourceRequirements. + // The current default values are: + // resources: + // - name: cpu + // request: 4m + // limit: null + // - name: memory + // request: 40Mi + // limit: null + // Maximum length for this list is 5. + // Minimum length for this list is 1. + // Each resource name must be unique within this list. + Resources []ContainerResourceApplyConfiguration `json:"resources,omitempty"` + // retention configures how long Prometheus retains metrics data and how much storage it can use. + // When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit). + Retention *RetentionApplyConfiguration `json:"retention,omitempty"` + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Defaults are empty/unset. + // Maximum length for this list is 10 + // Minimum length for this list is 1 + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // topologySpreadConstraints defines rules for how Prometheus Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Default is empty list. + // Maximum length for this list is 10. + // Minimum length for this list is 1 + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` + // collectionProfile defines the metrics collection profile that Prometheus uses to collect + // metrics from the platform components. Supported values are `Full` or + // `Minimal`. In the `Full` profile (default), Prometheus collects all + // metrics that are exposed by the platform components. In the `Minimal` + // profile, Prometheus only collects metrics necessary for the default + // platform alerts, recording rules, telemetry and console dashboards. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is `Full`. + CollectionProfile *configv1alpha1.CollectionProfile `json:"collectionProfile,omitempty"` + // volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to + // configure the persistent volume claim, including storage class and volume size. + // If omitted, the Pod uses ephemeral storage and Prometheus data will not persist + // across restarts. + VolumeClaimTemplate *v1.PersistentVolumeClaim `json:"volumeClaimTemplate,omitempty"` +} + +// PrometheusConfigApplyConfiguration constructs a declarative configuration of the PrometheusConfig type for use with +// apply. +func PrometheusConfig() *PrometheusConfigApplyConfiguration { + return &PrometheusConfigApplyConfiguration{} +} + +// WithAdditionalAlertmanagerConfigs adds the given value to the AdditionalAlertmanagerConfigs field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the AdditionalAlertmanagerConfigs field. +func (b *PrometheusConfigApplyConfiguration) WithAdditionalAlertmanagerConfigs(values ...*AdditionalAlertmanagerConfigApplyConfiguration) *PrometheusConfigApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithAdditionalAlertmanagerConfigs") + } + b.AdditionalAlertmanagerConfigs = append(b.AdditionalAlertmanagerConfigs, *values[i]) + } + return b +} + +// WithEnforcedBodySizeLimitBytes sets the EnforcedBodySizeLimitBytes field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the EnforcedBodySizeLimitBytes field is set to the value of the last call. +func (b *PrometheusConfigApplyConfiguration) WithEnforcedBodySizeLimitBytes(value int64) *PrometheusConfigApplyConfiguration { + b.EnforcedBodySizeLimitBytes = &value + return b +} + +// WithExternalLabels adds the given value to the ExternalLabels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the ExternalLabels field. +func (b *PrometheusConfigApplyConfiguration) WithExternalLabels(values ...*LabelApplyConfiguration) *PrometheusConfigApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithExternalLabels") + } + b.ExternalLabels = append(b.ExternalLabels, *values[i]) + } + return b +} + +// WithLogLevel sets the LogLevel field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the LogLevel field is set to the value of the last call. +func (b *PrometheusConfigApplyConfiguration) WithLogLevel(value configv1alpha1.LogLevel) *PrometheusConfigApplyConfiguration { + b.LogLevel = &value + return b +} + +// WithNodeSelector puts the entries into the NodeSelector field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the NodeSelector field, +// overwriting an existing map entries in NodeSelector field with the same key. +func (b *PrometheusConfigApplyConfiguration) WithNodeSelector(entries map[string]string) *PrometheusConfigApplyConfiguration { + if b.NodeSelector == nil && len(entries) > 0 { + b.NodeSelector = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.NodeSelector[k] = v + } + return b +} + +// WithQueryLogFile sets the QueryLogFile field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the QueryLogFile field is set to the value of the last call. +func (b *PrometheusConfigApplyConfiguration) WithQueryLogFile(value string) *PrometheusConfigApplyConfiguration { + b.QueryLogFile = &value + return b +} + +// WithRemoteWrite adds the given value to the RemoteWrite field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the RemoteWrite field. +func (b *PrometheusConfigApplyConfiguration) WithRemoteWrite(values ...*RemoteWriteSpecApplyConfiguration) *PrometheusConfigApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithRemoteWrite") + } + b.RemoteWrite = append(b.RemoteWrite, *values[i]) + } + return b +} + +// WithResources adds the given value to the Resources field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Resources field. +func (b *PrometheusConfigApplyConfiguration) WithResources(values ...*ContainerResourceApplyConfiguration) *PrometheusConfigApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithResources") + } + b.Resources = append(b.Resources, *values[i]) + } + return b +} + +// WithRetention sets the Retention field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Retention field is set to the value of the last call. +func (b *PrometheusConfigApplyConfiguration) WithRetention(value *RetentionApplyConfiguration) *PrometheusConfigApplyConfiguration { + b.Retention = value + return b +} + +// WithTolerations adds the given value to the Tolerations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Tolerations field. +func (b *PrometheusConfigApplyConfiguration) WithTolerations(values ...v1.Toleration) *PrometheusConfigApplyConfiguration { + for i := range values { + b.Tolerations = append(b.Tolerations, values[i]) + } + return b +} + +// WithTopologySpreadConstraints adds the given value to the TopologySpreadConstraints field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the TopologySpreadConstraints field. +func (b *PrometheusConfigApplyConfiguration) WithTopologySpreadConstraints(values ...v1.TopologySpreadConstraint) *PrometheusConfigApplyConfiguration { + for i := range values { + b.TopologySpreadConstraints = append(b.TopologySpreadConstraints, values[i]) + } + return b +} + +// WithCollectionProfile sets the CollectionProfile field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CollectionProfile field is set to the value of the last call. +func (b *PrometheusConfigApplyConfiguration) WithCollectionProfile(value configv1alpha1.CollectionProfile) *PrometheusConfigApplyConfiguration { + b.CollectionProfile = &value + return b +} + +// WithVolumeClaimTemplate sets the VolumeClaimTemplate field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the VolumeClaimTemplate field is set to the value of the last call. +func (b *PrometheusConfigApplyConfiguration) WithVolumeClaimTemplate(value v1.PersistentVolumeClaim) *PrometheusConfigApplyConfiguration { + b.VolumeClaimTemplate = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusoperatoradmissionwebhookconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusoperatoradmissionwebhookconfig.go index b35fb15fef..9eadb023ec 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusoperatoradmissionwebhookconfig.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusoperatoradmissionwebhookconfig.go @@ -29,7 +29,7 @@ type PrometheusOperatorAdmissionWebhookConfigApplyConfiguration struct { // - name: memory // request: 30Mi // limit: null - // Maximum length for this list is 10. + // Maximum length for this list is 5. // Minimum length for this list is 1. // Each resource name must be unique within this list. Resources []ContainerResourceApplyConfiguration `json:"resources,omitempty"` diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusoperatorconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusoperatorconfig.go index 2612926255..a0bac703d0 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusoperatorconfig.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusoperatorconfig.go @@ -46,7 +46,7 @@ type PrometheusOperatorConfigApplyConfiguration struct { // - name: memory // request: 40Mi // limit: null - // Maximum length for this list is 10. + // Maximum length for this list is 5. // Minimum length for this list is 1. // Each resource name must be unique within this list. Resources []ContainerResourceApplyConfiguration `json:"resources,omitempty"` diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusremotewriteheader.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusremotewriteheader.go new file mode 100644 index 0000000000..53e21d1f9d --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusremotewriteheader.go @@ -0,0 +1,40 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// PrometheusRemoteWriteHeaderApplyConfiguration represents a declarative configuration of the PrometheusRemoteWriteHeader type for use +// with apply. +// +// PrometheusRemoteWriteHeader defines a custom HTTP header for remote write requests. +// The header name must not be one of the reserved headers set by Prometheus (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). +// Header names must contain only case-insensitive alphanumeric characters, hyphens (-), and underscores (_); other characters (e.g. emoji) are rejected by validation. +// Validation is enforced on the Headers field in RemoteWriteSpec. +type PrometheusRemoteWriteHeaderApplyConfiguration struct { + // name is the HTTP header name. Must not be a reserved header (see type documentation). + // Must contain only alphanumeric characters, hyphens, and underscores; invalid characters are rejected. Must be between 1 and 256 characters. + Name *string `json:"name,omitempty"` + // value is the HTTP header value. Must be at most 4096 characters. + Value *string `json:"value,omitempty"` +} + +// PrometheusRemoteWriteHeaderApplyConfiguration constructs a declarative configuration of the PrometheusRemoteWriteHeader type for use with +// apply. +func PrometheusRemoteWriteHeader() *PrometheusRemoteWriteHeaderApplyConfiguration { + return &PrometheusRemoteWriteHeaderApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *PrometheusRemoteWriteHeaderApplyConfiguration) WithName(value string) *PrometheusRemoteWriteHeaderApplyConfiguration { + b.Name = &value + return b +} + +// WithValue sets the Value field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Value field is set to the value of the last call. +func (b *PrometheusRemoteWriteHeaderApplyConfiguration) WithValue(value string) *PrometheusRemoteWriteHeaderApplyConfiguration { + b.Value = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/queueconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/queueconfig.go new file mode 100644 index 0000000000..a24ff44ace --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/queueconfig.go @@ -0,0 +1,129 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" +) + +// QueueConfigApplyConfiguration represents a declarative configuration of the QueueConfig type for use +// with apply. +// +// QueueConfig allows tuning configuration for remote write queue parameters. +// Configure this when you need to control throughput, backpressure, or retry behavior—for example to avoid overloading the remote endpoint, to reduce memory usage, or to tune for high-cardinality workloads. Consider capacity, maxShards, and batchSendDeadlineSeconds for throughput; minBackoffMilliseconds and maxBackoffMilliseconds for retries; and rateLimitedAction when the remote returns HTTP 429. +type QueueConfigApplyConfiguration struct { + // capacity is the number of samples to buffer per shard before we start dropping them. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 10000. + // Minimum value is 1. + // Maximum value is 1000000. + Capacity *int32 `json:"capacity,omitempty"` + // maxShards is the maximum number of shards, i.e. amount of concurrency. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 200. + // Minimum value is 1. + // Maximum value is 10000. + MaxShards *int32 `json:"maxShards,omitempty"` + // minShards is the minimum number of shards, i.e. amount of concurrency. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 1. + // Minimum value is 1. + // Maximum value is 10000. + MinShards *int32 `json:"minShards,omitempty"` + // maxSamplesPerSend is the maximum number of samples per send. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 1000. + // Minimum value is 1. + // Maximum value is 100000. + MaxSamplesPerSend *int32 `json:"maxSamplesPerSend,omitempty"` + // batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Minimum value is 1 second. + // Maximum value is 3600 seconds (1 hour). + BatchSendDeadlineSeconds *int32 `json:"batchSendDeadlineSeconds,omitempty"` + // minBackoffMilliseconds is the minimum retry delay in milliseconds. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Minimum value is 1 millisecond. + // Maximum value is 3600000 milliseconds (1 hour). + MinBackoffMilliseconds *int32 `json:"minBackoffMilliseconds,omitempty"` + // maxBackoffMilliseconds is the maximum retry delay in milliseconds. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Minimum value is 1 millisecond. + // Maximum value is 3600000 milliseconds (1 hour). + MaxBackoffMilliseconds *int32 `json:"maxBackoffMilliseconds,omitempty"` + // rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). + // When omitted, no retries are performed on rate limit responses. + // When set to "Retry", Prometheus will retry such requests using the backoff settings above. + // Valid value when set is "Retry". + RateLimitedAction *configv1alpha1.RateLimitedAction `json:"rateLimitedAction,omitempty"` +} + +// QueueConfigApplyConfiguration constructs a declarative configuration of the QueueConfig type for use with +// apply. +func QueueConfig() *QueueConfigApplyConfiguration { + return &QueueConfigApplyConfiguration{} +} + +// WithCapacity sets the Capacity field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Capacity field is set to the value of the last call. +func (b *QueueConfigApplyConfiguration) WithCapacity(value int32) *QueueConfigApplyConfiguration { + b.Capacity = &value + return b +} + +// WithMaxShards sets the MaxShards field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the MaxShards field is set to the value of the last call. +func (b *QueueConfigApplyConfiguration) WithMaxShards(value int32) *QueueConfigApplyConfiguration { + b.MaxShards = &value + return b +} + +// WithMinShards sets the MinShards field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the MinShards field is set to the value of the last call. +func (b *QueueConfigApplyConfiguration) WithMinShards(value int32) *QueueConfigApplyConfiguration { + b.MinShards = &value + return b +} + +// WithMaxSamplesPerSend sets the MaxSamplesPerSend field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the MaxSamplesPerSend field is set to the value of the last call. +func (b *QueueConfigApplyConfiguration) WithMaxSamplesPerSend(value int32) *QueueConfigApplyConfiguration { + b.MaxSamplesPerSend = &value + return b +} + +// WithBatchSendDeadlineSeconds sets the BatchSendDeadlineSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the BatchSendDeadlineSeconds field is set to the value of the last call. +func (b *QueueConfigApplyConfiguration) WithBatchSendDeadlineSeconds(value int32) *QueueConfigApplyConfiguration { + b.BatchSendDeadlineSeconds = &value + return b +} + +// WithMinBackoffMilliseconds sets the MinBackoffMilliseconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the MinBackoffMilliseconds field is set to the value of the last call. +func (b *QueueConfigApplyConfiguration) WithMinBackoffMilliseconds(value int32) *QueueConfigApplyConfiguration { + b.MinBackoffMilliseconds = &value + return b +} + +// WithMaxBackoffMilliseconds sets the MaxBackoffMilliseconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the MaxBackoffMilliseconds field is set to the value of the last call. +func (b *QueueConfigApplyConfiguration) WithMaxBackoffMilliseconds(value int32) *QueueConfigApplyConfiguration { + b.MaxBackoffMilliseconds = &value + return b +} + +// WithRateLimitedAction sets the RateLimitedAction field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RateLimitedAction field is set to the value of the last call. +func (b *QueueConfigApplyConfiguration) WithRateLimitedAction(value configv1alpha1.RateLimitedAction) *QueueConfigApplyConfiguration { + b.RateLimitedAction = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/relabelactionconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/relabelactionconfig.go new file mode 100644 index 0000000000..cfcfc7b5cc --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/relabelactionconfig.go @@ -0,0 +1,135 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" +) + +// RelabelActionConfigApplyConfiguration represents a declarative configuration of the RelabelActionConfig type for use +// with apply. +// +// RelabelActionConfig represents the action to perform and its configuration. +// Exactly one action-specific configuration must be specified based on the action type. +type RelabelActionConfigApplyConfiguration struct { + // type specifies the action to perform on the matched labels. + // Allowed values are Replace, Lowercase, Uppercase, Keep, Drop, KeepEqual, DropEqual, HashMod, LabelMap, LabelDrop, LabelKeep. + // + // When set to Replace, regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place. + // + // When set to Lowercase, the concatenated source_labels are mapped to their lower case. Requires Prometheus >= v2.36.0. + // + // When set to Uppercase, the concatenated source_labels are mapped to their upper case. Requires Prometheus >= v2.36.0. + // + // When set to Keep, targets for which regex does not match the concatenated source_labels are dropped. + // + // When set to Drop, targets for which regex matches the concatenated source_labels are dropped. + // + // When set to KeepEqual, targets for which the concatenated source_labels do not match target_label are dropped. Requires Prometheus >= v2.41.0. + // + // When set to DropEqual, targets for which the concatenated source_labels do match target_label are dropped. Requires Prometheus >= v2.41.0. + // + // When set to HashMod, target_label is set to the modulus of a hash of the concatenated source_labels. + // + // When set to LabelMap, regex is matched against all source label names (not just source_labels); matching label values are copied to new names given by replacement with ${1}, ${2}, ... substituted. + // + // When set to LabelDrop, regex is matched against all label names; any label that matches is removed. + // + // When set to LabelKeep, regex is matched against all label names; any label that does not match is removed. + Type *configv1alpha1.RelabelAction `json:"type,omitempty"` + // replace configures the Replace action. + // Required when type is Replace, and forbidden otherwise. + Replace *ReplaceActionConfigApplyConfiguration `json:"replace,omitempty"` + // hashMod configures the HashMod action. + // Required when type is HashMod, and forbidden otherwise. + HashMod *HashModActionConfigApplyConfiguration `json:"hashMod,omitempty"` + // labelMap configures the LabelMap action. + // Required when type is LabelMap, and forbidden otherwise. + LabelMap *LabelMapActionConfigApplyConfiguration `json:"labelMap,omitempty"` + // lowercase configures the Lowercase action. + // Required when type is Lowercase, and forbidden otherwise. + // Requires Prometheus >= v2.36.0. + Lowercase *LowercaseActionConfigApplyConfiguration `json:"lowercase,omitempty"` + // uppercase configures the Uppercase action. + // Required when type is Uppercase, and forbidden otherwise. + // Requires Prometheus >= v2.36.0. + Uppercase *UppercaseActionConfigApplyConfiguration `json:"uppercase,omitempty"` + // keepEqual configures the KeepEqual action. + // Required when type is KeepEqual, and forbidden otherwise. + // Requires Prometheus >= v2.41.0. + KeepEqual *KeepEqualActionConfigApplyConfiguration `json:"keepEqual,omitempty"` + // dropEqual configures the DropEqual action. + // Required when type is DropEqual, and forbidden otherwise. + // Requires Prometheus >= v2.41.0. + DropEqual *DropEqualActionConfigApplyConfiguration `json:"dropEqual,omitempty"` +} + +// RelabelActionConfigApplyConfiguration constructs a declarative configuration of the RelabelActionConfig type for use with +// apply. +func RelabelActionConfig() *RelabelActionConfigApplyConfiguration { + return &RelabelActionConfigApplyConfiguration{} +} + +// WithType sets the Type field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Type field is set to the value of the last call. +func (b *RelabelActionConfigApplyConfiguration) WithType(value configv1alpha1.RelabelAction) *RelabelActionConfigApplyConfiguration { + b.Type = &value + return b +} + +// WithReplace sets the Replace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Replace field is set to the value of the last call. +func (b *RelabelActionConfigApplyConfiguration) WithReplace(value *ReplaceActionConfigApplyConfiguration) *RelabelActionConfigApplyConfiguration { + b.Replace = value + return b +} + +// WithHashMod sets the HashMod field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the HashMod field is set to the value of the last call. +func (b *RelabelActionConfigApplyConfiguration) WithHashMod(value *HashModActionConfigApplyConfiguration) *RelabelActionConfigApplyConfiguration { + b.HashMod = value + return b +} + +// WithLabelMap sets the LabelMap field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the LabelMap field is set to the value of the last call. +func (b *RelabelActionConfigApplyConfiguration) WithLabelMap(value *LabelMapActionConfigApplyConfiguration) *RelabelActionConfigApplyConfiguration { + b.LabelMap = value + return b +} + +// WithLowercase sets the Lowercase field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Lowercase field is set to the value of the last call. +func (b *RelabelActionConfigApplyConfiguration) WithLowercase(value *LowercaseActionConfigApplyConfiguration) *RelabelActionConfigApplyConfiguration { + b.Lowercase = value + return b +} + +// WithUppercase sets the Uppercase field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Uppercase field is set to the value of the last call. +func (b *RelabelActionConfigApplyConfiguration) WithUppercase(value *UppercaseActionConfigApplyConfiguration) *RelabelActionConfigApplyConfiguration { + b.Uppercase = value + return b +} + +// WithKeepEqual sets the KeepEqual field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the KeepEqual field is set to the value of the last call. +func (b *RelabelActionConfigApplyConfiguration) WithKeepEqual(value *KeepEqualActionConfigApplyConfiguration) *RelabelActionConfigApplyConfiguration { + b.KeepEqual = value + return b +} + +// WithDropEqual sets the DropEqual field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DropEqual field is set to the value of the last call. +func (b *RelabelActionConfigApplyConfiguration) WithDropEqual(value *DropEqualActionConfigApplyConfiguration) *RelabelActionConfigApplyConfiguration { + b.DropEqual = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/relabelconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/relabelconfig.go new file mode 100644 index 0000000000..efe191727e --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/relabelconfig.go @@ -0,0 +1,89 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// RelabelConfigApplyConfiguration represents a declarative configuration of the RelabelConfig type for use +// with apply. +// +// RelabelConfig represents a relabeling rule. +type RelabelConfigApplyConfiguration struct { + // name is a unique identifier for this relabel configuration. + // Must contain only alphanumeric characters, hyphens, and underscores. + // Must be between 1 and 63 characters in length. + Name *string `json:"name,omitempty"` + // sourceLabels specifies which label names to extract from each series for this relabeling rule. + // The values of these labels are joined together using the configured separator, + // and the resulting string is then matched against the regular expression. + // If a referenced label does not exist on a series, Prometheus substitutes an empty string. + // When omitted, the rule operates without extracting source labels (useful for actions like labelmap). + // Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. + // Each entry must be unique. + // Label names beginning with "__" (two underscores) are reserved for internal Prometheus use and are not allowed. + // Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. + // While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set + // ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.). + SourceLabels []string `json:"sourceLabels,omitempty"` + // separator is the character sequence used to join source label values. + // Common examples: ";", ",", "::", "|||". + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is ";". + // Must be between 1 and 5 characters in length when specified. + Separator *string `json:"separator,omitempty"` + // regex is the regular expression to match against the concatenated source label values. + // Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is "(.*)" to match everything. + // Must be between 1 and 1000 characters in length when specified. + Regex *string `json:"regex,omitempty"` + // action defines the action to perform on the matched labels and its configuration. + // Exactly one action-specific configuration must be specified based on the action type. + Action *RelabelActionConfigApplyConfiguration `json:"action,omitempty"` +} + +// RelabelConfigApplyConfiguration constructs a declarative configuration of the RelabelConfig type for use with +// apply. +func RelabelConfig() *RelabelConfigApplyConfiguration { + return &RelabelConfigApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *RelabelConfigApplyConfiguration) WithName(value string) *RelabelConfigApplyConfiguration { + b.Name = &value + return b +} + +// WithSourceLabels adds the given value to the SourceLabels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the SourceLabels field. +func (b *RelabelConfigApplyConfiguration) WithSourceLabels(values ...string) *RelabelConfigApplyConfiguration { + for i := range values { + b.SourceLabels = append(b.SourceLabels, values[i]) + } + return b +} + +// WithSeparator sets the Separator field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Separator field is set to the value of the last call. +func (b *RelabelConfigApplyConfiguration) WithSeparator(value string) *RelabelConfigApplyConfiguration { + b.Separator = &value + return b +} + +// WithRegex sets the Regex field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Regex field is set to the value of the last call. +func (b *RelabelConfigApplyConfiguration) WithRegex(value string) *RelabelConfigApplyConfiguration { + b.Regex = &value + return b +} + +// WithAction sets the Action field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Action field is set to the value of the last call. +func (b *RelabelConfigApplyConfiguration) WithAction(value *RelabelActionConfigApplyConfiguration) *RelabelConfigApplyConfiguration { + b.Action = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/remotewriteauthorization.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/remotewriteauthorization.go new file mode 100644 index 0000000000..c32870d760 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/remotewriteauthorization.go @@ -0,0 +1,100 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" + v1 "k8s.io/api/core/v1" +) + +// RemoteWriteAuthorizationApplyConfiguration represents a declarative configuration of the RemoteWriteAuthorization type for use +// with apply. +// +// RemoteWriteAuthorization defines the authorization method for a remote write endpoint. +// Exactly one of the nested configs must be set according to the type discriminator. +type RemoteWriteAuthorizationApplyConfiguration struct { + // type specifies the authorization method to use. + // Allowed values are BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, ServiceAccount. + // + // When set to BearerToken, the bearer token is read from a Secret referenced by the bearerToken field. + // + // When set to BasicAuth, HTTP basic authentication is used; the basicAuth field (username and password from Secrets) must be set. + // + // When set to OAuth2, OAuth2 client credentials flow is used; the oauth2 field (clientId, clientSecret, tokenUrl) must be set. + // + // When set to SigV4, AWS Signature Version 4 is used for authentication; the sigv4 field must be set. + // + // When set to SafeAuthorization, credentials are read from a single Secret key (Prometheus SafeAuthorization pattern). The secret key typically contains a Bearer token. Use the safeAuthorization field. + // + // When set to ServiceAccount, the pod's service account token is used for machine identity. No additional field is required; the operator configures the token path. + Type *configv1alpha1.RemoteWriteAuthorizationType `json:"type,omitempty"` + // safeAuthorization defines the secret reference containing the credentials for authentication (e.g. Bearer token). + // Required when type is "SafeAuthorization", and forbidden otherwise. Maps to Prometheus SafeAuthorization. The secret must exist in the openshift-monitoring namespace. + SafeAuthorization *v1.SecretKeySelector `json:"safeAuthorization,omitempty"` + // bearerToken defines the secret reference containing the bearer token. + // Required when type is "BearerToken", and forbidden otherwise. + BearerToken *SecretKeySelectorApplyConfiguration `json:"bearerToken,omitempty"` + // basicAuth defines HTTP basic authentication credentials. + // Required when type is "BasicAuth", and forbidden otherwise. + BasicAuth *BasicAuthApplyConfiguration `json:"basicAuth,omitempty"` + // oauth2 defines OAuth2 client credentials authentication. + // Required when type is "OAuth2", and forbidden otherwise. + OAuth2 *OAuth2ApplyConfiguration `json:"oauth2,omitempty"` + // sigv4 defines AWS Signature Version 4 authentication. + // Required when type is "SigV4", and forbidden otherwise. + Sigv4 *Sigv4ApplyConfiguration `json:"sigv4,omitempty"` +} + +// RemoteWriteAuthorizationApplyConfiguration constructs a declarative configuration of the RemoteWriteAuthorization type for use with +// apply. +func RemoteWriteAuthorization() *RemoteWriteAuthorizationApplyConfiguration { + return &RemoteWriteAuthorizationApplyConfiguration{} +} + +// WithType sets the Type field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Type field is set to the value of the last call. +func (b *RemoteWriteAuthorizationApplyConfiguration) WithType(value configv1alpha1.RemoteWriteAuthorizationType) *RemoteWriteAuthorizationApplyConfiguration { + b.Type = &value + return b +} + +// WithSafeAuthorization sets the SafeAuthorization field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SafeAuthorization field is set to the value of the last call. +func (b *RemoteWriteAuthorizationApplyConfiguration) WithSafeAuthorization(value v1.SecretKeySelector) *RemoteWriteAuthorizationApplyConfiguration { + b.SafeAuthorization = &value + return b +} + +// WithBearerToken sets the BearerToken field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the BearerToken field is set to the value of the last call. +func (b *RemoteWriteAuthorizationApplyConfiguration) WithBearerToken(value *SecretKeySelectorApplyConfiguration) *RemoteWriteAuthorizationApplyConfiguration { + b.BearerToken = value + return b +} + +// WithBasicAuth sets the BasicAuth field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the BasicAuth field is set to the value of the last call. +func (b *RemoteWriteAuthorizationApplyConfiguration) WithBasicAuth(value *BasicAuthApplyConfiguration) *RemoteWriteAuthorizationApplyConfiguration { + b.BasicAuth = value + return b +} + +// WithOAuth2 sets the OAuth2 field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the OAuth2 field is set to the value of the last call. +func (b *RemoteWriteAuthorizationApplyConfiguration) WithOAuth2(value *OAuth2ApplyConfiguration) *RemoteWriteAuthorizationApplyConfiguration { + b.OAuth2 = value + return b +} + +// WithSigv4 sets the Sigv4 field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Sigv4 field is set to the value of the last call. +func (b *RemoteWriteAuthorizationApplyConfiguration) WithSigv4(value *Sigv4ApplyConfiguration) *RemoteWriteAuthorizationApplyConfiguration { + b.Sigv4 = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/remotewritespec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/remotewritespec.go new file mode 100644 index 0000000000..cbb3c0dbcf --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/remotewritespec.go @@ -0,0 +1,175 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" +) + +// RemoteWriteSpecApplyConfiguration represents a declarative configuration of the RemoteWriteSpec type for use +// with apply. +// +// RemoteWriteSpec represents configuration for remote write endpoints. +type RemoteWriteSpecApplyConfiguration struct { + // url is the URL of the remote write endpoint. + // Must be a valid URL with http or https scheme and a non-empty hostname. + // Query parameters, fragments, and user information (e.g. user:password@host) are not allowed. + // Empty string is invalid. Must be between 1 and 2048 characters in length. + URL *string `json:"url,omitempty"` + // name is a required identifier for this remote write configuration (name is the list key for the remoteWrite list). + // This name is used in metrics and logging to differentiate remote write queues. + // Must contain only alphanumeric characters, hyphens, and underscores. + // Must be between 1 and 63 characters in length. + Name *string `json:"name,omitempty"` + // authorization defines the authorization method for the remote write endpoint. + // When omitted, no authorization is performed. + // When set, type must be one of BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, or ServiceAccount; the corresponding nested config must be set (ServiceAccount has no config). + AuthorizationConfig *RemoteWriteAuthorizationApplyConfiguration `json:"authorization,omitempty"` + // headers specifies the custom HTTP headers to be sent along with each remote write request. + // Sending custom headers makes the configuration of a proxy in between optional and helps the + // receiver recognize the given source better. + // Clients MAY allow users to send custom HTTP headers; they MUST NOT allow users to configure + // them in such a way as to send reserved headers. Headers set by Prometheus cannot be overwritten. + // When omitted, no custom headers are sent. + // Maximum of 50 headers can be specified. Each header name must be unique. + // Each header name must contain only alphanumeric characters, hyphens, and underscores, and must not be a reserved Prometheus header (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). + Headers []PrometheusRemoteWriteHeaderApplyConfiguration `json:"headers,omitempty"` + // metadataConfig configures the sending of series metadata to remote storage. + // When omitted, no metadata is sent. + // When set to sendPolicy: Default, metadata is sent using platform-chosen defaults (e.g. send interval 30 seconds). + // When set to sendPolicy: Custom, metadata is sent using the settings in the custom field (e.g. custom.sendIntervalSeconds). + MetadataConfig *MetadataConfigApplyConfiguration `json:"metadataConfig,omitempty"` + // proxyUrl defines an optional proxy URL. + // If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. + // The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. + // When omitted, no proxy is used. + // Must be a valid URL with http or https scheme. + // Must be between 1 and 2048 characters in length. + ProxyURL *string `json:"proxyUrl,omitempty"` + // queueConfig allows tuning configuration for remote write queue parameters. + // When omitted, default queue configuration is used. + QueueConfig *QueueConfigApplyConfiguration `json:"queueConfig,omitempty"` + // remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // Minimum value is 1 second. + // Maximum value is 600 seconds (10 minutes). + RemoteTimeoutSeconds *int32 `json:"remoteTimeoutSeconds,omitempty"` + // exemplarsMode controls whether exemplars are sent via remote write. + // Valid values are "Send", "DoNotSend" and omitted. + // When set to "Send", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. + // Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. + // When omitted or set to "DoNotSend", exemplars are not sent. + ExemplarsMode *configv1alpha1.ExemplarsMode `json:"exemplarsMode,omitempty"` + // tlsConfig defines TLS authentication settings for the remote write endpoint. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + TLSConfig *TLSConfigApplyConfiguration `json:"tlsConfig,omitempty"` + // writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. + // When omitted, no relabeling is performed and all metrics are sent as-is. + // Minimum of 1 and maximum of 10 relabeling rules can be specified. + // Each rule must have a unique name. + WriteRelabelConfigs []RelabelConfigApplyConfiguration `json:"writeRelabelConfigs,omitempty"` +} + +// RemoteWriteSpecApplyConfiguration constructs a declarative configuration of the RemoteWriteSpec type for use with +// apply. +func RemoteWriteSpec() *RemoteWriteSpecApplyConfiguration { + return &RemoteWriteSpecApplyConfiguration{} +} + +// WithURL sets the URL field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the URL field is set to the value of the last call. +func (b *RemoteWriteSpecApplyConfiguration) WithURL(value string) *RemoteWriteSpecApplyConfiguration { + b.URL = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *RemoteWriteSpecApplyConfiguration) WithName(value string) *RemoteWriteSpecApplyConfiguration { + b.Name = &value + return b +} + +// WithAuthorizationConfig sets the AuthorizationConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the AuthorizationConfig field is set to the value of the last call. +func (b *RemoteWriteSpecApplyConfiguration) WithAuthorizationConfig(value *RemoteWriteAuthorizationApplyConfiguration) *RemoteWriteSpecApplyConfiguration { + b.AuthorizationConfig = value + return b +} + +// WithHeaders adds the given value to the Headers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Headers field. +func (b *RemoteWriteSpecApplyConfiguration) WithHeaders(values ...*PrometheusRemoteWriteHeaderApplyConfiguration) *RemoteWriteSpecApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithHeaders") + } + b.Headers = append(b.Headers, *values[i]) + } + return b +} + +// WithMetadataConfig sets the MetadataConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the MetadataConfig field is set to the value of the last call. +func (b *RemoteWriteSpecApplyConfiguration) WithMetadataConfig(value *MetadataConfigApplyConfiguration) *RemoteWriteSpecApplyConfiguration { + b.MetadataConfig = value + return b +} + +// WithProxyURL sets the ProxyURL field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ProxyURL field is set to the value of the last call. +func (b *RemoteWriteSpecApplyConfiguration) WithProxyURL(value string) *RemoteWriteSpecApplyConfiguration { + b.ProxyURL = &value + return b +} + +// WithQueueConfig sets the QueueConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the QueueConfig field is set to the value of the last call. +func (b *RemoteWriteSpecApplyConfiguration) WithQueueConfig(value *QueueConfigApplyConfiguration) *RemoteWriteSpecApplyConfiguration { + b.QueueConfig = value + return b +} + +// WithRemoteTimeoutSeconds sets the RemoteTimeoutSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RemoteTimeoutSeconds field is set to the value of the last call. +func (b *RemoteWriteSpecApplyConfiguration) WithRemoteTimeoutSeconds(value int32) *RemoteWriteSpecApplyConfiguration { + b.RemoteTimeoutSeconds = &value + return b +} + +// WithExemplarsMode sets the ExemplarsMode field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ExemplarsMode field is set to the value of the last call. +func (b *RemoteWriteSpecApplyConfiguration) WithExemplarsMode(value configv1alpha1.ExemplarsMode) *RemoteWriteSpecApplyConfiguration { + b.ExemplarsMode = &value + return b +} + +// WithTLSConfig sets the TLSConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TLSConfig field is set to the value of the last call. +func (b *RemoteWriteSpecApplyConfiguration) WithTLSConfig(value *TLSConfigApplyConfiguration) *RemoteWriteSpecApplyConfiguration { + b.TLSConfig = value + return b +} + +// WithWriteRelabelConfigs adds the given value to the WriteRelabelConfigs field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the WriteRelabelConfigs field. +func (b *RemoteWriteSpecApplyConfiguration) WithWriteRelabelConfigs(values ...*RelabelConfigApplyConfiguration) *RemoteWriteSpecApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithWriteRelabelConfigs") + } + b.WriteRelabelConfigs = append(b.WriteRelabelConfigs, *values[i]) + } + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/replaceactionconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/replaceactionconfig.go new file mode 100644 index 0000000000..7b9766c11b --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/replaceactionconfig.go @@ -0,0 +1,41 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// ReplaceActionConfigApplyConfiguration represents a declarative configuration of the ReplaceActionConfig type for use +// with apply. +// +// ReplaceActionConfig configures the Replace action. +// Regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. No replacement if regex does not match. +type ReplaceActionConfigApplyConfiguration struct { + // targetLabel is the label name where the replacement result is written. + // Must be between 1 and 128 characters in length. + TargetLabel *string `json:"targetLabel,omitempty"` + // replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. + // Required when using the Replace action so the intended behavior is explicit and the platform does not need to apply defaults. + // Use "$1" for the first capture group, "$2" for the second, etc. Use an empty string ("") to explicitly clear the target label value. + // Must be between 0 and 255 characters in length. + Replacement *string `json:"replacement,omitempty"` +} + +// ReplaceActionConfigApplyConfiguration constructs a declarative configuration of the ReplaceActionConfig type for use with +// apply. +func ReplaceActionConfig() *ReplaceActionConfigApplyConfiguration { + return &ReplaceActionConfigApplyConfiguration{} +} + +// WithTargetLabel sets the TargetLabel field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TargetLabel field is set to the value of the last call. +func (b *ReplaceActionConfigApplyConfiguration) WithTargetLabel(value string) *ReplaceActionConfigApplyConfiguration { + b.TargetLabel = &value + return b +} + +// WithReplacement sets the Replacement field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Replacement field is set to the value of the last call. +func (b *ReplaceActionConfigApplyConfiguration) WithReplacement(value string) *ReplaceActionConfigApplyConfiguration { + b.Replacement = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/retention.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/retention.go new file mode 100644 index 0000000000..2ca903f21f --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/retention.go @@ -0,0 +1,46 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// RetentionApplyConfiguration represents a declarative configuration of the Retention type for use +// with apply. +// +// Retention configures how long Prometheus retains metrics data and how much storage it can use. +type RetentionApplyConfiguration struct { + // durationInDays specifies how many days Prometheus will retain metrics data. + // Prometheus automatically deletes data older than this duration. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is 15. + // Minimum value is 1 day. + // Maximum value is 365 days (1 year). + DurationInDays *int32 `json:"durationInDays,omitempty"` + // sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus + // can use for data blocks and the write-ahead log (WAL). + // When the limit is reached, Prometheus will delete oldest data first. + // When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. + // Minimum value is 1 GiB. + // Maximum value is 16384 GiB (16 TiB). + SizeInGiB *int32 `json:"sizeInGiB,omitempty"` +} + +// RetentionApplyConfiguration constructs a declarative configuration of the Retention type for use with +// apply. +func Retention() *RetentionApplyConfiguration { + return &RetentionApplyConfiguration{} +} + +// WithDurationInDays sets the DurationInDays field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DurationInDays field is set to the value of the last call. +func (b *RetentionApplyConfiguration) WithDurationInDays(value int32) *RetentionApplyConfiguration { + b.DurationInDays = &value + return b +} + +// WithSizeInGiB sets the SizeInGiB field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SizeInGiB field is set to the value of the last call. +func (b *RetentionApplyConfiguration) WithSizeInGiB(value int32) *RetentionApplyConfiguration { + b.SizeInGiB = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/rsakeyconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/rsakeyconfig.go new file mode 100644 index 0000000000..89bccbf4fd --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/rsakeyconfig.go @@ -0,0 +1,27 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// RSAKeyConfigApplyConfiguration represents a declarative configuration of the RSAKeyConfig type for use +// with apply. +// +// RSAKeyConfig specifies parameters for RSA key generation. +type RSAKeyConfigApplyConfiguration struct { + // keySize specifies the size of RSA keys in bits. + // Valid values are multiples of 1024 from 2048 to 8192. + KeySize *int32 `json:"keySize,omitempty"` +} + +// RSAKeyConfigApplyConfiguration constructs a declarative configuration of the RSAKeyConfig type for use with +// apply. +func RSAKeyConfig() *RSAKeyConfigApplyConfiguration { + return &RSAKeyConfigApplyConfiguration{} +} + +// WithKeySize sets the KeySize field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the KeySize field is set to the value of the last call. +func (b *RSAKeyConfigApplyConfiguration) WithKeySize(value int32) *RSAKeyConfigApplyConfiguration { + b.KeySize = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/secretkeyselector.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/secretkeyselector.go new file mode 100644 index 0000000000..a824180eda --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/secretkeyselector.go @@ -0,0 +1,40 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// SecretKeySelectorApplyConfiguration represents a declarative configuration of the SecretKeySelector type for use +// with apply. +// +// SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace. +type SecretKeySelectorApplyConfiguration struct { + // name is the name of the secret in the `openshift-monitoring` namespace to select from. + // Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). + // Must be between 1 and 253 characters in length. + Name *string `json:"name,omitempty"` + // key is the key of the secret to select from. + // Must consist of alphanumeric characters, '-', '_', or '.'. + // Must be between 1 and 253 characters in length. + Key *string `json:"key,omitempty"` +} + +// SecretKeySelectorApplyConfiguration constructs a declarative configuration of the SecretKeySelector type for use with +// apply. +func SecretKeySelector() *SecretKeySelectorApplyConfiguration { + return &SecretKeySelectorApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *SecretKeySelectorApplyConfiguration) WithName(value string) *SecretKeySelectorApplyConfiguration { + b.Name = &value + return b +} + +// WithKey sets the Key field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Key field is set to the value of the last call. +func (b *SecretKeySelectorApplyConfiguration) WithKey(value string) *SecretKeySelectorApplyConfiguration { + b.Key = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/sigv4.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/sigv4.go new file mode 100644 index 0000000000..e0e37c4fdb --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/sigv4.go @@ -0,0 +1,78 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// Sigv4ApplyConfiguration represents a declarative configuration of the Sigv4 type for use +// with apply. +// +// Sigv4 defines AWS Signature Version 4 authentication settings. +// At least one of region, accessKey/secretKey, profile, or roleArn must be set so the platform can perform authentication. +type Sigv4ApplyConfiguration struct { + // region is the AWS region. + // When omitted, the region is derived from the environment or instance metadata. + // Must be between 1 and 128 characters. + Region *string `json:"region,omitempty"` + // accessKey defines the secret reference containing the AWS access key ID. + // The secret must exist in the openshift-monitoring namespace. + // When omitted, the access key is derived from the environment or instance metadata. + AccessKey *SecretKeySelectorApplyConfiguration `json:"accessKey,omitempty"` + // secretKey defines the secret reference containing the AWS secret access key. + // The secret must exist in the openshift-monitoring namespace. + // When omitted, the secret key is derived from the environment or instance metadata. + SecretKey *SecretKeySelectorApplyConfiguration `json:"secretKey,omitempty"` + // profile is the named AWS profile used to authenticate. + // When omitted, the default profile is used. + // Must be between 1 and 128 characters. + Profile *string `json:"profile,omitempty"` + // roleArn is the AWS Role ARN, an alternative to using AWS API keys. + // When omitted, API keys are used for authentication. + // Must be a valid AWS ARN format (e.g., "arn:aws:iam::123456789012:role/MyRole"). + // Must be between 1 and 512 characters. + RoleArn *string `json:"roleArn,omitempty"` +} + +// Sigv4ApplyConfiguration constructs a declarative configuration of the Sigv4 type for use with +// apply. +func Sigv4() *Sigv4ApplyConfiguration { + return &Sigv4ApplyConfiguration{} +} + +// WithRegion sets the Region field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Region field is set to the value of the last call. +func (b *Sigv4ApplyConfiguration) WithRegion(value string) *Sigv4ApplyConfiguration { + b.Region = &value + return b +} + +// WithAccessKey sets the AccessKey field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the AccessKey field is set to the value of the last call. +func (b *Sigv4ApplyConfiguration) WithAccessKey(value *SecretKeySelectorApplyConfiguration) *Sigv4ApplyConfiguration { + b.AccessKey = value + return b +} + +// WithSecretKey sets the SecretKey field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SecretKey field is set to the value of the last call. +func (b *Sigv4ApplyConfiguration) WithSecretKey(value *SecretKeySelectorApplyConfiguration) *Sigv4ApplyConfiguration { + b.SecretKey = value + return b +} + +// WithProfile sets the Profile field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Profile field is set to the value of the last call. +func (b *Sigv4ApplyConfiguration) WithProfile(value string) *Sigv4ApplyConfiguration { + b.Profile = &value + return b +} + +// WithRoleArn sets the RoleArn field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RoleArn field is set to the value of the last call. +func (b *Sigv4ApplyConfiguration) WithRoleArn(value string) *Sigv4ApplyConfiguration { + b.RoleArn = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/telemeterclientconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/telemeterclientconfig.go new file mode 100644 index 0000000000..9d4c5cc331 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/telemeterclientconfig.go @@ -0,0 +1,118 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1 "k8s.io/api/core/v1" +) + +// TelemeterClientConfigApplyConfiguration represents a declarative configuration of the TelemeterClientConfig type for use +// with apply. +// +// TelemeterClientConfig provides configuration options for the Telemeter Client component +// that runs in the `openshift-monitoring` namespace. The Telemeter Client collects selected +// monitoring metrics and forwards them to Red Hat for telemetry purposes. +// At least one field must be specified. +type TelemeterClientConfigApplyConfiguration struct { + // nodeSelector defines the nodes on which the Pods are scheduled. + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries. + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // resources defines the compute resource requests and limits for the Telemeter Client container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // This field is optional. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // This is a simplified API that maps to Kubernetes ResourceRequirements. + // The current default values are: + // resources: + // - name: cpu + // request: 1m + // limit: null + // - name: memory + // request: 40Mi + // limit: null + // Maximum length for this list is 5. + // Minimum length for this list is 1. + // Each resource name must be unique within this list. + Resources []ContainerResourceApplyConfiguration `json:"resources,omitempty"` + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Defaults are empty/unset. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // topologySpreadConstraints defines rules for how Telemeter Client Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Default is empty list. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` +} + +// TelemeterClientConfigApplyConfiguration constructs a declarative configuration of the TelemeterClientConfig type for use with +// apply. +func TelemeterClientConfig() *TelemeterClientConfigApplyConfiguration { + return &TelemeterClientConfigApplyConfiguration{} +} + +// WithNodeSelector puts the entries into the NodeSelector field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the NodeSelector field, +// overwriting an existing map entries in NodeSelector field with the same key. +func (b *TelemeterClientConfigApplyConfiguration) WithNodeSelector(entries map[string]string) *TelemeterClientConfigApplyConfiguration { + if b.NodeSelector == nil && len(entries) > 0 { + b.NodeSelector = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.NodeSelector[k] = v + } + return b +} + +// WithResources adds the given value to the Resources field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Resources field. +func (b *TelemeterClientConfigApplyConfiguration) WithResources(values ...*ContainerResourceApplyConfiguration) *TelemeterClientConfigApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithResources") + } + b.Resources = append(b.Resources, *values[i]) + } + return b +} + +// WithTolerations adds the given value to the Tolerations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Tolerations field. +func (b *TelemeterClientConfigApplyConfiguration) WithTolerations(values ...v1.Toleration) *TelemeterClientConfigApplyConfiguration { + for i := range values { + b.Tolerations = append(b.Tolerations, values[i]) + } + return b +} + +// WithTopologySpreadConstraints adds the given value to the TopologySpreadConstraints field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the TopologySpreadConstraints field. +func (b *TelemeterClientConfigApplyConfiguration) WithTopologySpreadConstraints(values ...v1.TopologySpreadConstraint) *TelemeterClientConfigApplyConfiguration { + for i := range values { + b.TopologySpreadConstraints = append(b.TopologySpreadConstraints, values[i]) + } + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/thanosquerierconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/thanosquerierconfig.go new file mode 100644 index 0000000000..f2fda246e1 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/thanosquerierconfig.go @@ -0,0 +1,117 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1 "k8s.io/api/core/v1" +) + +// ThanosQuerierConfigApplyConfiguration represents a declarative configuration of the ThanosQuerierConfig type for use +// with apply. +// +// ThanosQuerierConfig provides configuration options for the Thanos Querier component +// that runs in the `openshift-monitoring` namespace. +// At least one field must be specified; an empty thanosQuerierConfig object is not allowed. +type ThanosQuerierConfigApplyConfiguration struct { + // nodeSelector defines the nodes on which the Pods are scheduled. + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries. + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // resources defines the compute resource requests and limits for the Thanos Querier container. + // resources is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Requests cannot exceed limits. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // This is a simplified API that maps to Kubernetes ResourceRequirements. + // The current default values are: + // resources: + // - name: cpu + // request: 5m + // - name: memory + // request: 12Mi + // Maximum length for this list is 5. + // Minimum length for this list is 1. + // Each resource name must be unique within this list. + Resources []ContainerResourceApplyConfiguration `json:"resources,omitempty"` + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Defaults are empty/unset. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // topologySpreadConstraints defines rules for how Thanos Querier Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Defaults are empty/unset. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` +} + +// ThanosQuerierConfigApplyConfiguration constructs a declarative configuration of the ThanosQuerierConfig type for use with +// apply. +func ThanosQuerierConfig() *ThanosQuerierConfigApplyConfiguration { + return &ThanosQuerierConfigApplyConfiguration{} +} + +// WithNodeSelector puts the entries into the NodeSelector field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the NodeSelector field, +// overwriting an existing map entries in NodeSelector field with the same key. +func (b *ThanosQuerierConfigApplyConfiguration) WithNodeSelector(entries map[string]string) *ThanosQuerierConfigApplyConfiguration { + if b.NodeSelector == nil && len(entries) > 0 { + b.NodeSelector = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.NodeSelector[k] = v + } + return b +} + +// WithResources adds the given value to the Resources field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Resources field. +func (b *ThanosQuerierConfigApplyConfiguration) WithResources(values ...*ContainerResourceApplyConfiguration) *ThanosQuerierConfigApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithResources") + } + b.Resources = append(b.Resources, *values[i]) + } + return b +} + +// WithTolerations adds the given value to the Tolerations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Tolerations field. +func (b *ThanosQuerierConfigApplyConfiguration) WithTolerations(values ...v1.Toleration) *ThanosQuerierConfigApplyConfiguration { + for i := range values { + b.Tolerations = append(b.Tolerations, values[i]) + } + return b +} + +// WithTopologySpreadConstraints adds the given value to the TopologySpreadConstraints field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the TopologySpreadConstraints field. +func (b *ThanosQuerierConfigApplyConfiguration) WithTopologySpreadConstraints(values ...v1.TopologySpreadConstraint) *ThanosQuerierConfigApplyConfiguration { + for i := range values { + b.TopologySpreadConstraints = append(b.TopologySpreadConstraints, values[i]) + } + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/tlsconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/tlsconfig.go new file mode 100644 index 0000000000..dc74026618 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/tlsconfig.go @@ -0,0 +1,81 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" +) + +// TLSConfigApplyConfiguration represents a declarative configuration of the TLSConfig type for use +// with apply. +// +// TLSConfig represents TLS configuration for Alertmanager connections. +// At least one TLS configuration option must be specified. +// For mutual TLS (mTLS), both cert and key must be specified together, or both omitted. +type TLSConfigApplyConfiguration struct { + // ca is an optional CA certificate to use for TLS connections. + // When omitted, the system's default CA bundle is used. + CA *SecretKeySelectorApplyConfiguration `json:"ca,omitempty"` + // cert is an optional client certificate to use for mutual TLS connections. + // When omitted, no client certificate is presented. + Cert *SecretKeySelectorApplyConfiguration `json:"cert,omitempty"` + // key is an optional client key to use for mutual TLS connections. + // When omitted, no client key is used. + Key *SecretKeySelectorApplyConfiguration `json:"key,omitempty"` + // serverName is an optional server name to use for TLS connections. + // When specified, must be a valid DNS subdomain as per RFC 1123. + // When omitted, the server name is derived from the URL. + // Must be between 1 and 253 characters in length. + ServerName *string `json:"serverName,omitempty"` + // certificateVerification determines the policy for TLS certificate verification. + // Allowed values are "Verify" (performs certificate verification, secure) and "SkipVerify" (skips verification, insecure). + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The default value is "Verify". + CertificateVerification *configv1alpha1.CertificateVerificationType `json:"certificateVerification,omitempty"` +} + +// TLSConfigApplyConfiguration constructs a declarative configuration of the TLSConfig type for use with +// apply. +func TLSConfig() *TLSConfigApplyConfiguration { + return &TLSConfigApplyConfiguration{} +} + +// WithCA sets the CA field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CA field is set to the value of the last call. +func (b *TLSConfigApplyConfiguration) WithCA(value *SecretKeySelectorApplyConfiguration) *TLSConfigApplyConfiguration { + b.CA = value + return b +} + +// WithCert sets the Cert field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Cert field is set to the value of the last call. +func (b *TLSConfigApplyConfiguration) WithCert(value *SecretKeySelectorApplyConfiguration) *TLSConfigApplyConfiguration { + b.Cert = value + return b +} + +// WithKey sets the Key field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Key field is set to the value of the last call. +func (b *TLSConfigApplyConfiguration) WithKey(value *SecretKeySelectorApplyConfiguration) *TLSConfigApplyConfiguration { + b.Key = value + return b +} + +// WithServerName sets the ServerName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ServerName field is set to the value of the last call. +func (b *TLSConfigApplyConfiguration) WithServerName(value string) *TLSConfigApplyConfiguration { + b.ServerName = &value + return b +} + +// WithCertificateVerification sets the CertificateVerification field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CertificateVerification field is set to the value of the last call. +func (b *TLSConfigApplyConfiguration) WithCertificateVerification(value configv1alpha1.CertificateVerificationType) *TLSConfigApplyConfiguration { + b.CertificateVerification = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/uppercaseactionconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/uppercaseactionconfig.go new file mode 100644 index 0000000000..6d3a6a804a --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/uppercaseactionconfig.go @@ -0,0 +1,29 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// UppercaseActionConfigApplyConfiguration represents a declarative configuration of the UppercaseActionConfig type for use +// with apply. +// +// UppercaseActionConfig configures the Uppercase action. +// Maps the concatenated source_labels to their upper case and writes to target_label. +// Requires Prometheus >= v2.36.0. +type UppercaseActionConfigApplyConfiguration struct { + // targetLabel is the label name where the upper-cased value is written. + // Must be between 1 and 128 characters in length. + TargetLabel *string `json:"targetLabel,omitempty"` +} + +// UppercaseActionConfigApplyConfiguration constructs a declarative configuration of the UppercaseActionConfig type for use with +// apply. +func UppercaseActionConfig() *UppercaseActionConfigApplyConfiguration { + return &UppercaseActionConfigApplyConfiguration{} +} + +// WithTargetLabel sets the TargetLabel field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TargetLabel field is set to the value of the last call. +func (b *UppercaseActionConfigApplyConfiguration) WithTargetLabel(value string) *UppercaseActionConfigApplyConfiguration { + b.TargetLabel = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go index 65906b80c5..e03df6b05e 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go @@ -23,92 +23,80 @@ func Parser() *typed.Parser { var parserOnce sync.Once var parser *typed.Parser var schemaYAML = typed.YAMLObject(`types: -- name: com.github.openshift.api.config.v1.APIServer +- name: Condition.v1.meta.apis.pkg.apimachinery.k8s.io map: fields: - - name: apiVersion + - name: lastTransitionTime type: - scalar: string - - name: kind + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: message type: scalar: string - - name: metadata + default: "" + - name: observedGeneration type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec + scalar: numeric + - name: reason type: - namedType: com.github.openshift.api.config.v1.APIServerSpec - default: {} + scalar: string + default: "" - name: status type: - namedType: com.github.openshift.api.config.v1.APIServerStatus - default: {} -- name: com.github.openshift.api.config.v1.APIServerEncryption - map: - fields: - - name: kms - type: - namedType: com.github.openshift.api.config.v1.KMSConfig + scalar: string + default: "" - name: type type: scalar: string - unions: - - discriminator: type - fields: - - fieldName: kms - discriminatorValue: KMS -- name: com.github.openshift.api.config.v1.APIServerNamedServingCert + default: "" +- name: ConfigMapKeySelector.v1.core.api.k8s.io map: fields: - - name: names + - name: key type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: servingCertificate + scalar: string + default: "" + - name: name type: - namedType: com.github.openshift.api.config.v1.SecretNameReference - default: {} -- name: com.github.openshift.api.config.v1.APIServerServingCerts + scalar: string + default: "" + - name: optional + type: + scalar: boolean + elementRelationship: atomic +- name: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + scalar: string +- name: EnvVar.v1.core.api.k8s.io map: fields: - - name: namedCertificates + - name: name type: - list: - elementType: - namedType: com.github.openshift.api.config.v1.APIServerNamedServingCert - elementRelationship: atomic -- name: com.github.openshift.api.config.v1.APIServerSpec + scalar: string + default: "" + - name: value + type: + scalar: string + - name: valueFrom + type: + namedType: EnvVarSource.v1.core.api.k8s.io +- name: EnvVarSource.v1.core.api.k8s.io map: fields: - - name: additionalCORSAllowedOrigins - type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: audit + - name: configMapKeyRef type: - namedType: com.github.openshift.api.config.v1.Audit - default: {} - - name: clientCA + namedType: ConfigMapKeySelector.v1.core.api.k8s.io + - name: fieldRef type: - namedType: com.github.openshift.api.config.v1.ConfigMapNameReference - default: {} - - name: encryption + namedType: ObjectFieldSelector.v1.core.api.k8s.io + - name: fileKeyRef type: - namedType: com.github.openshift.api.config.v1.APIServerEncryption - default: {} - - name: servingCerts + namedType: FileKeySelector.v1.core.api.k8s.io + - name: resourceFieldRef type: - namedType: com.github.openshift.api.config.v1.APIServerServingCerts - default: {} - - name: tlsSecurityProfile + namedType: ResourceFieldSelector.v1.core.api.k8s.io + - name: secretKeyRef type: - namedType: com.github.openshift.api.config.v1.TLSSecurityProfile -- name: com.github.openshift.api.config.v1.APIServerStatus + namedType: SecretKeySelector.v1.core.api.k8s.io +- name: FieldsV1.v1.meta.apis.pkg.apimachinery.k8s.io map: elementType: scalar: untyped @@ -120,177 +108,755 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable -- name: com.github.openshift.api.config.v1.AWSDNSSpec +- name: FileKeySelector.v1.core.api.k8s.io map: fields: - - name: privateZoneIAMRole + - name: key type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.AWSIngressSpec - map: - fields: - - name: type + - name: optional type: - scalar: string - default: "" - unions: - - discriminator: type -- name: com.github.openshift.api.config.v1.AWSKMSConfig - map: - fields: - - name: keyARN + scalar: boolean + default: false + - name: path type: scalar: string default: "" - - name: region + - name: volumeName type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.AWSPlatformSpec + elementRelationship: atomic +- name: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io map: fields: - - name: serviceEndpoints + - name: matchExpressions type: list: elementType: - namedType: com.github.openshift.api.config.v1.AWSServiceEndpoint + namedType: LabelSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: atomic -- name: com.github.openshift.api.config.v1.AWSPlatformStatus + - name: matchLabels + type: + map: + elementType: + scalar: string + elementRelationship: atomic +- name: LabelSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io map: fields: - - name: cloudLoadBalancerConfig - type: - namedType: com.github.openshift.api.config.v1.CloudLoadBalancerConfig - default: - dnsType: PlatformDefault - - name: ipFamily + - name: key type: scalar: string - default: IPv4 - - name: region + default: "" + - name: operator type: scalar: string default: "" - - name: resourceTags - type: - list: - elementType: - namedType: com.github.openshift.api.config.v1.AWSResourceTag - elementRelationship: atomic - - name: serviceEndpoints + - name: values type: list: elementType: - namedType: com.github.openshift.api.config.v1.AWSServiceEndpoint + scalar: string elementRelationship: atomic -- name: com.github.openshift.api.config.v1.AWSResourceTag +- name: ManagedFieldsEntry.v1.meta.apis.pkg.apimachinery.k8s.io map: fields: - - name: key + - name: apiVersion type: scalar: string - default: "" - - name: value + - name: fieldsType type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1.AWSServiceEndpoint - map: - fields: - - name: name + - name: fieldsV1 + type: + namedType: FieldsV1.v1.meta.apis.pkg.apimachinery.k8s.io + - name: manager type: scalar: string - default: "" - - name: url + - name: operation type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1.AcceptRisk - map: - fields: - - name: name + - name: subresource type: scalar: string -- name: com.github.openshift.api.config.v1.AlibabaCloudPlatformSpec - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable -- name: com.github.openshift.api.config.v1.AlibabaCloudPlatformStatus + - name: time + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io +- name: ModifyVolumeStatus.v1.core.api.k8s.io map: fields: - - name: region + - name: status type: scalar: string default: "" - - name: resourceGroupID + - name: targetVolumeAttributesClassName type: scalar: string - - name: resourceTags - type: - list: - elementType: - namedType: com.github.openshift.api.config.v1.AlibabaCloudResourceTag - elementRelationship: associative - keys: - - key -- name: com.github.openshift.api.config.v1.AlibabaCloudResourceTag +- name: ObjectFieldSelector.v1.core.api.k8s.io map: fields: - - name: key + - name: apiVersion type: scalar: string - default: "" - - name: value + - name: fieldPath type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.Audit + elementRelationship: atomic +- name: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io map: fields: - - name: customRules + - name: annotations + type: + map: + elementType: + scalar: string + - name: creationTimestamp + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: deletionGracePeriodSeconds + type: + scalar: numeric + - name: deletionTimestamp + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: finalizers type: list: elementType: - namedType: com.github.openshift.api.config.v1.AuditCustomRule + scalar: string elementRelationship: associative - keys: - - group - - name: profile + - name: generateName type: scalar: string -- name: com.github.openshift.api.config.v1.AuditCustomRule - map: - fields: - - name: group + - name: generation type: - scalar: string - default: "" - - name: profile + scalar: numeric + - name: labels type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1.Authentication - map: - fields: - - name: apiVersion + map: + elementType: + scalar: string + - name: managedFields + type: + list: + elementType: + namedType: ManagedFieldsEntry.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: atomic + - name: name type: scalar: string - - name: kind + - name: namespace type: scalar: string - - name: metadata + - name: ownerReferences type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} + list: + elementType: + namedType: OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: associative + keys: + - uid + - name: resourceVersion + type: + scalar: string + - name: selfLink + type: + scalar: string + - name: uid + type: + scalar: string +- name: OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io + map: + fields: + - name: apiVersion + type: + scalar: string + default: "" + - name: blockOwnerDeletion + type: + scalar: boolean + - name: controller + type: + scalar: boolean + - name: kind + type: + scalar: string + default: "" + - name: name + type: + scalar: string + default: "" + - name: uid + type: + scalar: string + default: "" + elementRelationship: atomic +- name: PersistentVolumeClaim.v1.core.api.k8s.io + map: + fields: + - name: apiVersion + type: + scalar: string + - name: kind + type: + scalar: string + - name: metadata + type: + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec + type: + namedType: PersistentVolumeClaimSpec.v1.core.api.k8s.io + default: {} + - name: status + type: + namedType: PersistentVolumeClaimStatus.v1.core.api.k8s.io + default: {} +- name: PersistentVolumeClaimCondition.v1.core.api.k8s.io + map: + fields: + - name: lastProbeTime + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: lastTransitionTime + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: message + type: + scalar: string + - name: reason + type: + scalar: string + - name: status + type: + scalar: string + default: "" + - name: type + type: + scalar: string + default: "" +- name: PersistentVolumeClaimSpec.v1.core.api.k8s.io + map: + fields: + - name: accessModes + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: dataSource + type: + namedType: TypedLocalObjectReference.v1.core.api.k8s.io + - name: dataSourceRef + type: + namedType: TypedObjectReference.v1.core.api.k8s.io + - name: resources + type: + namedType: VolumeResourceRequirements.v1.core.api.k8s.io + default: {} + - name: selector + type: + namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io + - name: storageClassName + type: + scalar: string + - name: volumeAttributesClassName + type: + scalar: string + - name: volumeMode + type: + scalar: string + - name: volumeName + type: + scalar: string +- name: PersistentVolumeClaimStatus.v1.core.api.k8s.io + map: + fields: + - name: accessModes + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: allocatedResourceStatuses + type: + map: + elementType: + scalar: string + elementRelationship: separable + - name: allocatedResources + type: + map: + elementType: + namedType: Quantity.resource.api.pkg.apimachinery.k8s.io + - name: capacity + type: + map: + elementType: + namedType: Quantity.resource.api.pkg.apimachinery.k8s.io + - name: conditions + type: + list: + elementType: + namedType: PersistentVolumeClaimCondition.v1.core.api.k8s.io + elementRelationship: associative + keys: + - type + - name: currentVolumeAttributesClassName + type: + scalar: string + - name: modifyVolumeStatus + type: + namedType: ModifyVolumeStatus.v1.core.api.k8s.io + - name: phase + type: + scalar: string +- name: Quantity.resource.api.pkg.apimachinery.k8s.io + scalar: string +- name: RawExtension.runtime.pkg.apimachinery.k8s.io + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: ResourceClaim.v1.core.api.k8s.io + map: + fields: + - name: name + type: + scalar: string + default: "" + - name: request + type: + scalar: string +- name: ResourceFieldSelector.v1.core.api.k8s.io + map: + fields: + - name: containerName + type: + scalar: string + - name: divisor + type: + namedType: Quantity.resource.api.pkg.apimachinery.k8s.io + - name: resource + type: + scalar: string + default: "" + elementRelationship: atomic +- name: ResourceRequirements.v1.core.api.k8s.io + map: + fields: + - name: claims + type: + list: + elementType: + namedType: ResourceClaim.v1.core.api.k8s.io + elementRelationship: associative + keys: + - name + - name: limits + type: + map: + elementType: + namedType: Quantity.resource.api.pkg.apimachinery.k8s.io + - name: requests + type: + map: + elementType: + namedType: Quantity.resource.api.pkg.apimachinery.k8s.io +- name: SecretKeySelector.v1.core.api.k8s.io + map: + fields: + - name: key + type: + scalar: string + default: "" + - name: name + type: + scalar: string + default: "" + - name: optional + type: + scalar: boolean + elementRelationship: atomic +- name: Time.v1.meta.apis.pkg.apimachinery.k8s.io + scalar: untyped +- name: Toleration.v1.core.api.k8s.io + map: + fields: + - name: effect + type: + scalar: string + - name: key + type: + scalar: string + - name: operator + type: + scalar: string + - name: tolerationSeconds + type: + scalar: numeric + - name: value + type: + scalar: string +- name: TopologySpreadConstraint.v1.core.api.k8s.io + map: + fields: + - name: labelSelector + type: + namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io + - name: matchLabelKeys + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: maxSkew + type: + scalar: numeric + default: 0 + - name: minDomains + type: + scalar: numeric + - name: nodeAffinityPolicy + type: + scalar: string + - name: nodeTaintsPolicy + type: + scalar: string + - name: topologyKey + type: + scalar: string + default: "" + - name: whenUnsatisfiable + type: + scalar: string + default: "" +- name: TypedLocalObjectReference.v1.core.api.k8s.io + map: + fields: + - name: apiGroup + type: + scalar: string + - name: kind + type: + scalar: string + default: "" + - name: name + type: + scalar: string + default: "" + elementRelationship: atomic +- name: TypedObjectReference.v1.core.api.k8s.io + map: + fields: + - name: apiGroup + type: + scalar: string + - name: kind + type: + scalar: string + default: "" + - name: name + type: + scalar: string + default: "" + - name: namespace + type: + scalar: string +- name: VolumeResourceRequirements.v1.core.api.k8s.io + map: + fields: + - name: limits + type: + map: + elementType: + namedType: Quantity.resource.api.pkg.apimachinery.k8s.io + - name: requests + type: + map: + elementType: + namedType: Quantity.resource.api.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.config.v1.APIServer + map: + fields: + - name: apiVersion + type: + scalar: string + - name: kind + type: + scalar: string + - name: metadata + type: + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec + type: + namedType: com.github.openshift.api.config.v1.APIServerSpec + default: {} + - name: status + type: + namedType: com.github.openshift.api.config.v1.APIServerStatus + default: {} +- name: com.github.openshift.api.config.v1.APIServerEncryption + map: + fields: + - name: kms + type: + namedType: com.github.openshift.api.config.v1.KMSConfig + - name: type + type: + scalar: string + unions: + - discriminator: type + fields: + - fieldName: kms + discriminatorValue: KMS +- name: com.github.openshift.api.config.v1.APIServerNamedServingCert + map: + fields: + - name: names + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: servingCertificate + type: + namedType: com.github.openshift.api.config.v1.SecretNameReference + default: {} +- name: com.github.openshift.api.config.v1.APIServerServingCerts + map: + fields: + - name: namedCertificates + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.APIServerNamedServingCert + elementRelationship: atomic +- name: com.github.openshift.api.config.v1.APIServerSpec + map: + fields: + - name: additionalCORSAllowedOrigins + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: audit + type: + namedType: com.github.openshift.api.config.v1.Audit + default: {} + - name: clientCA + type: + namedType: com.github.openshift.api.config.v1.ConfigMapNameReference + default: {} + - name: encryption + type: + namedType: com.github.openshift.api.config.v1.APIServerEncryption + default: {} + - name: servingCerts + type: + namedType: com.github.openshift.api.config.v1.APIServerServingCerts + default: {} + - name: tlsAdherence + type: + scalar: string + - name: tlsSecurityProfile + type: + namedType: com.github.openshift.api.config.v1.TLSSecurityProfile +- name: com.github.openshift.api.config.v1.APIServerStatus + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: com.github.openshift.api.config.v1.AWSDNSSpec + map: + fields: + - name: privateZoneIAMRole + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.AWSIngressSpec + map: + fields: + - name: type + type: + scalar: string + default: "" + unions: + - discriminator: type +- name: com.github.openshift.api.config.v1.AWSKMSConfig + map: + fields: + - name: keyARN + type: + scalar: string + default: "" + - name: region + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.AWSPlatformSpec + map: + fields: + - name: serviceEndpoints + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.AWSServiceEndpoint + elementRelationship: atomic +- name: com.github.openshift.api.config.v1.AWSPlatformStatus + map: + fields: + - name: cloudLoadBalancerConfig + type: + namedType: com.github.openshift.api.config.v1.CloudLoadBalancerConfig + default: + dnsType: PlatformDefault + - name: ipFamily + type: + scalar: string + default: IPv4 + - name: region + type: + scalar: string + default: "" + - name: resourceTags + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.AWSResourceTag + elementRelationship: atomic + - name: serviceEndpoints + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.AWSServiceEndpoint + elementRelationship: atomic +- name: com.github.openshift.api.config.v1.AWSResourceTag + map: + fields: + - name: key + type: + scalar: string + default: "" + - name: value + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.AWSServiceEndpoint + map: + fields: + - name: name + type: + scalar: string + default: "" + - name: url + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.AcceptRisk + map: + fields: + - name: name + type: + scalar: string +- name: com.github.openshift.api.config.v1.AlibabaCloudPlatformSpec + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: com.github.openshift.api.config.v1.AlibabaCloudPlatformStatus + map: + fields: + - name: region + type: + scalar: string + default: "" + - name: resourceGroupID + type: + scalar: string + - name: resourceTags + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.AlibabaCloudResourceTag + elementRelationship: associative + keys: + - key +- name: com.github.openshift.api.config.v1.AlibabaCloudResourceTag + map: + fields: + - name: key + type: + scalar: string + default: "" + - name: value + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.Audit + map: + fields: + - name: customRules + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.AuditCustomRule + elementRelationship: associative + keys: + - group + - name: profile + type: + scalar: string +- name: com.github.openshift.api.config.v1.AuditCustomRule + map: + fields: + - name: group + type: + scalar: string + default: "" + - name: profile + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.Authentication + map: + fields: + - name: apiVersion + type: + scalar: string + - name: kind + type: + scalar: string + - name: metadata + type: + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} - name: spec type: namedType: com.github.openshift.api.config.v1.AuthenticationSpec @@ -499,7 +1065,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -515,7 +1081,7 @@ var schemaYAML = typed.YAMLObject(`types: type: list: elementType: - namedType: io.k8s.api.core.v1.EnvVar + namedType: EnvVar.v1.core.api.k8s.io elementRelationship: atomic - name: gitProxy type: @@ -528,7 +1094,7 @@ var schemaYAML = typed.YAMLObject(`types: elementRelationship: atomic - name: resources type: - namedType: io.k8s.api.core.v1.ResourceRequirements + namedType: ResourceRequirements.v1.core.api.k8s.io default: {} - name: com.github.openshift.api.config.v1.BuildOverrides map: @@ -551,7 +1117,7 @@ var schemaYAML = typed.YAMLObject(`types: type: list: elementType: - namedType: io.k8s.api.core.v1.Toleration + namedType: Toleration.v1.core.api.k8s.io elementRelationship: atomic - name: com.github.openshift.api.config.v1.BuildSpec map: @@ -632,7 +1198,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -662,7 +1228,7 @@ var schemaYAML = typed.YAMLObject(`types: type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: associative keys: - type @@ -687,7 +1253,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -722,7 +1288,7 @@ var schemaYAML = typed.YAMLObject(`types: - type - name: extension type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: relatedObjects type: list: @@ -740,7 +1306,7 @@ var schemaYAML = typed.YAMLObject(`types: fields: - name: lastTransitionTime type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io - name: message type: scalar: string @@ -766,7 +1332,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -943,7 +1509,7 @@ var schemaYAML = typed.YAMLObject(`types: type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: associative keys: - type @@ -984,7 +1550,7 @@ var schemaYAML = typed.YAMLObject(`types: type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: associative keys: - type @@ -1013,7 +1579,7 @@ var schemaYAML = typed.YAMLObject(`types: type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: associative keys: - type @@ -1063,7 +1629,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -1143,7 +1709,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -1299,7 +1865,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -1356,7 +1922,7 @@ var schemaYAML = typed.YAMLObject(`types: type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: associative keys: - type @@ -1671,7 +2237,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -1692,7 +2258,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -1720,7 +2286,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -1788,7 +2354,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -1853,7 +2419,7 @@ var schemaYAML = typed.YAMLObject(`types: type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: associative keys: - type @@ -1920,7 +2486,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -1978,7 +2544,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -2046,7 +2612,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -2127,7 +2693,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -2322,7 +2888,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -2359,7 +2925,7 @@ var schemaYAML = typed.YAMLObject(`types: type: list: elementType: - namedType: io.k8s.api.core.v1.Toleration + namedType: Toleration.v1.core.api.k8s.io elementRelationship: atomic - name: com.github.openshift.api.config.v1.NetworkDiagnosticsTargetPlacement map: @@ -2373,7 +2939,7 @@ var schemaYAML = typed.YAMLObject(`types: type: list: elementType: - namedType: io.k8s.api.core.v1.Toleration + namedType: Toleration.v1.core.api.k8s.io elementRelationship: atomic - name: com.github.openshift.api.config.v1.NetworkMigration map: @@ -2429,7 +2995,7 @@ var schemaYAML = typed.YAMLObject(`types: type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: associative keys: - type @@ -2456,7 +3022,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -2486,7 +3052,7 @@ var schemaYAML = typed.YAMLObject(`types: type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: associative keys: - type @@ -2621,7 +3187,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -2730,7 +3296,7 @@ var schemaYAML = typed.YAMLObject(`types: type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: associative keys: - type @@ -2971,7 +3537,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -3310,6 +3876,9 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" + - name: expression + type: + scalar: string - name: prefix type: scalar: string @@ -3332,7 +3901,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -3383,7 +3952,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -3566,7 +4135,7 @@ var schemaYAML = typed.YAMLObject(`types: default: {} - name: namespaceSelector type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector + namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io - name: preloadPolicy type: scalar: string @@ -3581,7 +4150,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -3753,7 +4322,7 @@ var schemaYAML = typed.YAMLObject(`types: fields: - name: accessTokenInactivityTimeout type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io - name: accessTokenInactivityTimeoutSeconds type: scalar: numeric @@ -3823,6 +4392,9 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" + - name: mode + type: + scalar: string - name: version type: scalar: string @@ -3835,14 +4407,14 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: completionTime type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io - name: image type: scalar: string default: "" - name: startedTime type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io - name: state type: scalar: string @@ -3861,7 +4433,9 @@ var schemaYAML = typed.YAMLObject(`types: - name: claim type: scalar: string - default: "" + - name: expression + type: + scalar: string - name: prefix type: namedType: com.github.openshift.api.config.v1.UsernamePrefix @@ -3874,6 +4448,8 @@ var schemaYAML = typed.YAMLObject(`types: fields: - fieldName: claim discriminatorValue: Claim + - fieldName: expression + discriminatorValue: Expression - fieldName: prefix discriminatorValue: Prefix - name: com.github.openshift.api.config.v1.UsernamePrefix @@ -4119,6 +4695,35 @@ var schemaYAML = typed.YAMLObject(`types: type: namedType: com.github.openshift.api.config.v1.SecretNameReference default: {} +- name: com.github.openshift.api.config.v1alpha1.AdditionalAlertmanagerConfig + map: + fields: + - name: authorization + type: + namedType: com.github.openshift.api.config.v1alpha1.AuthorizationConfig + default: {} + - name: name + type: + scalar: string + - name: pathPrefix + type: + scalar: string + - name: scheme + type: + scalar: string + - name: staticConfigs + type: + list: + elementType: + scalar: string + elementRelationship: associative + - name: timeoutSeconds + type: + scalar: numeric + - name: tlsConfig + type: + namedType: com.github.openshift.api.config.v1alpha1.TLSConfig + default: {} - name: com.github.openshift.api.config.v1alpha1.AlertmanagerConfig map: fields: @@ -4158,250 +4763,42 @@ var schemaYAML = typed.YAMLObject(`types: type: list: elementType: - namedType: io.k8s.api.core.v1.Toleration + namedType: Toleration.v1.core.api.k8s.io elementRelationship: atomic - name: topologySpreadConstraints type: list: elementType: - namedType: io.k8s.api.core.v1.TopologySpreadConstraint + namedType: TopologySpreadConstraint.v1.core.api.k8s.io elementRelationship: associative keys: - topologyKey - whenUnsatisfiable - name: volumeClaimTemplate type: - namedType: io.k8s.api.core.v1.PersistentVolumeClaim + namedType: PersistentVolumeClaim.v1.core.api.k8s.io - name: com.github.openshift.api.config.v1alpha1.Audit map: fields: - name: profile type: scalar: string -- name: com.github.openshift.api.config.v1alpha1.Backup - map: - fields: - - name: apiVersion - type: - scalar: string - - name: kind - type: - scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec - type: - namedType: com.github.openshift.api.config.v1alpha1.BackupSpec - default: {} - - name: status - type: - namedType: com.github.openshift.api.config.v1alpha1.BackupStatus - default: {} -- name: com.github.openshift.api.config.v1alpha1.BackupSpec - map: - fields: - - name: etcd - type: - namedType: com.github.openshift.api.config.v1alpha1.EtcdBackupSpec - default: {} -- name: com.github.openshift.api.config.v1alpha1.BackupStatus - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable -- name: com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfig - map: - fields: - - name: apiVersion - type: - scalar: string - - name: kind - type: - scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec - type: - namedType: com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigSpec - - name: status - type: - namedType: com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigStatus - default: {} -- name: com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigSpec - map: - fields: - - name: matchImages - type: - list: - elementType: - scalar: string - elementRelationship: associative -- name: com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigStatus - map: - fields: - - name: conditions - type: - list: - elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition - elementRelationship: associative - keys: - - type -- name: com.github.openshift.api.config.v1alpha1.ClusterImagePolicy - map: - fields: - - name: apiVersion - type: - scalar: string - - name: kind - type: - scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec - type: - namedType: com.github.openshift.api.config.v1alpha1.ClusterImagePolicySpec - default: {} - - name: status - type: - namedType: com.github.openshift.api.config.v1alpha1.ClusterImagePolicyStatus - default: {} -- name: com.github.openshift.api.config.v1alpha1.ClusterImagePolicySpec - map: - fields: - - name: policy - type: - namedType: com.github.openshift.api.config.v1alpha1.ImageSigstoreVerificationPolicy - default: {} - - name: scopes - type: - list: - elementType: - scalar: string - elementRelationship: associative -- name: com.github.openshift.api.config.v1alpha1.ClusterImagePolicyStatus - map: - fields: - - name: conditions - type: - list: - elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition - elementRelationship: associative - keys: - - type -- name: com.github.openshift.api.config.v1alpha1.ClusterMonitoring - map: - fields: - - name: apiVersion - type: - scalar: string - - name: kind - type: - scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec - type: - namedType: com.github.openshift.api.config.v1alpha1.ClusterMonitoringSpec - default: {} - - name: status - type: - namedType: com.github.openshift.api.config.v1alpha1.ClusterMonitoringStatus - default: {} -- name: com.github.openshift.api.config.v1alpha1.ClusterMonitoringSpec - map: - fields: - - name: alertmanagerConfig - type: - namedType: com.github.openshift.api.config.v1alpha1.AlertmanagerConfig - default: {} - - name: metricsServerConfig - type: - namedType: com.github.openshift.api.config.v1alpha1.MetricsServerConfig - default: {} - - name: prometheusOperatorConfig - type: - namedType: com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig - default: {} - - name: userDefined - type: - namedType: com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring - default: {} -- name: com.github.openshift.api.config.v1alpha1.ClusterMonitoringStatus - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable -- name: com.github.openshift.api.config.v1alpha1.ContainerResource - map: - fields: - - name: limit - type: - namedType: io.k8s.apimachinery.pkg.api.resource.Quantity - - name: name - type: - scalar: string - - name: request - type: - namedType: io.k8s.apimachinery.pkg.api.resource.Quantity -- name: com.github.openshift.api.config.v1alpha1.EtcdBackupSpec +- name: com.github.openshift.api.config.v1alpha1.AuthorizationConfig map: fields: - - name: pvcName - type: - scalar: string - default: "" - - name: retentionPolicy + - name: bearerToken type: - namedType: com.github.openshift.api.config.v1alpha1.RetentionPolicy + namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector default: {} - - name: schedule - type: - scalar: string - default: "" - - name: timeZone - type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1alpha1.GatherConfig - map: - fields: - - name: dataPolicy + - name: type type: scalar: string - - name: disabledGatherers - type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: storage - type: - namedType: com.github.openshift.api.config.v1alpha1.Storage -- name: com.github.openshift.api.config.v1alpha1.ImagePolicy + unions: + - discriminator: type + fields: + - fieldName: bearerToken + discriminatorValue: BearerToken +- name: com.github.openshift.api.config.v1alpha1.Backup map: fields: - name: apiVersion @@ -4412,87 +4809,94 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.config.v1alpha1.ImagePolicySpec + namedType: com.github.openshift.api.config.v1alpha1.BackupSpec default: {} - name: status type: - namedType: com.github.openshift.api.config.v1alpha1.ImagePolicyStatus + namedType: com.github.openshift.api.config.v1alpha1.BackupStatus default: {} -- name: com.github.openshift.api.config.v1alpha1.ImagePolicyFulcioCAWithRekorRootOfTrust +- name: com.github.openshift.api.config.v1alpha1.BackupSpec map: fields: - - name: fulcioCAData + - name: etcd type: - scalar: string - - name: fulcioSubject + namedType: com.github.openshift.api.config.v1alpha1.EtcdBackupSpec + default: {} +- name: com.github.openshift.api.config.v1alpha1.BackupStatus + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: com.github.openshift.api.config.v1alpha1.BasicAuth + map: + fields: + - name: password type: - namedType: com.github.openshift.api.config.v1alpha1.PolicyFulcioSubject + namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector default: {} - - name: rekorKeyData + - name: username type: - scalar: string -- name: com.github.openshift.api.config.v1alpha1.ImagePolicyPKIRootOfTrust + namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector + default: {} +- name: com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfig map: fields: - - name: caIntermediatesData + - name: apiVersion type: scalar: string - - name: caRootsData + - name: kind type: scalar: string - - name: pkiCertificateSubject + - name: metadata type: - namedType: com.github.openshift.api.config.v1alpha1.PKICertificateSubject + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} -- name: com.github.openshift.api.config.v1alpha1.ImagePolicyPublicKeyRootOfTrust - map: - fields: - - name: keyData + - name: spec type: - scalar: string - - name: rekorKeyData + namedType: com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigSpec + - name: status type: - scalar: string -- name: com.github.openshift.api.config.v1alpha1.ImagePolicySpec + namedType: com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigStatus + default: {} +- name: com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigSpec map: fields: - - name: policy - type: - namedType: com.github.openshift.api.config.v1alpha1.ImageSigstoreVerificationPolicy - default: {} - - name: scopes + - name: matchImages type: list: elementType: scalar: string elementRelationship: associative -- name: com.github.openshift.api.config.v1alpha1.ImagePolicyStatus +- name: com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigStatus map: fields: - name: conditions type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: associative keys: - type -- name: com.github.openshift.api.config.v1alpha1.ImageSigstoreVerificationPolicy +- name: com.github.openshift.api.config.v1alpha1.CertificateConfig map: fields: - - name: rootOfTrust - type: - namedType: com.github.openshift.api.config.v1alpha1.PolicyRootOfTrust - default: {} - - name: signedIdentity + - name: key type: - namedType: com.github.openshift.api.config.v1alpha1.PolicyIdentity + namedType: com.github.openshift.api.config.v1alpha1.KeyConfig default: {} -- name: com.github.openshift.api.config.v1alpha1.InsightsDataGather +- name: com.github.openshift.api.config.v1alpha1.ClusterMonitoring map: fields: - name: apiVersion @@ -4503,24 +4907,52 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.config.v1alpha1.InsightsDataGatherSpec + namedType: com.github.openshift.api.config.v1alpha1.ClusterMonitoringSpec default: {} - name: status type: - namedType: com.github.openshift.api.config.v1alpha1.InsightsDataGatherStatus + namedType: com.github.openshift.api.config.v1alpha1.ClusterMonitoringStatus default: {} -- name: com.github.openshift.api.config.v1alpha1.InsightsDataGatherSpec +- name: com.github.openshift.api.config.v1alpha1.ClusterMonitoringSpec map: fields: - - name: gatherConfig + - name: alertmanagerConfig type: - namedType: com.github.openshift.api.config.v1alpha1.GatherConfig + namedType: com.github.openshift.api.config.v1alpha1.AlertmanagerConfig default: {} -- name: com.github.openshift.api.config.v1alpha1.InsightsDataGatherStatus + - name: metricsServerConfig + type: + namedType: com.github.openshift.api.config.v1alpha1.MetricsServerConfig + default: {} + - name: openShiftStateMetricsConfig + type: + namedType: com.github.openshift.api.config.v1alpha1.OpenShiftStateMetricsConfig + default: {} + - name: prometheusConfig + type: + namedType: com.github.openshift.api.config.v1alpha1.PrometheusConfig + default: {} + - name: prometheusOperatorAdmissionWebhookConfig + type: + namedType: com.github.openshift.api.config.v1alpha1.PrometheusOperatorAdmissionWebhookConfig + default: {} + - name: prometheusOperatorConfig + type: + namedType: com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig + default: {} + - name: telemeterClientConfig + type: + namedType: com.github.openshift.api.config.v1alpha1.TelemeterClientConfig + default: {} + - name: userDefined + type: + namedType: com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring + default: {} +- name: com.github.openshift.api.config.v1alpha1.ClusterMonitoringStatus map: elementType: scalar: untyped @@ -4532,278 +4964,100 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable -- name: com.github.openshift.api.config.v1alpha1.MetricsServerConfig - map: - fields: - - name: audit - type: - namedType: com.github.openshift.api.config.v1alpha1.Audit - default: {} - - name: nodeSelector - type: - map: - elementType: - scalar: string - - name: resources - type: - list: - elementType: - namedType: com.github.openshift.api.config.v1alpha1.ContainerResource - elementRelationship: associative - keys: - - name - - name: tolerations - type: - list: - elementType: - namedType: io.k8s.api.core.v1.Toleration - elementRelationship: atomic - - name: topologySpreadConstraints - type: - list: - elementType: - namedType: io.k8s.api.core.v1.TopologySpreadConstraint - elementRelationship: associative - keys: - - topologyKey - - whenUnsatisfiable - - name: verbosity - type: - scalar: string -- name: com.github.openshift.api.config.v1alpha1.PKICertificateSubject +- name: com.github.openshift.api.config.v1alpha1.ContainerResource map: fields: - - name: email - type: - scalar: string - - name: hostname + - name: limit type: - scalar: string -- name: com.github.openshift.api.config.v1alpha1.PersistentVolumeClaimReference - map: - fields: + namedType: Quantity.resource.api.pkg.apimachinery.k8s.io - name: name type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1alpha1.PersistentVolumeConfig - map: - fields: - - name: claim - type: - namedType: com.github.openshift.api.config.v1alpha1.PersistentVolumeClaimReference - default: {} - - name: mountPath - type: - scalar: string -- name: com.github.openshift.api.config.v1alpha1.PolicyFulcioSubject - map: - fields: - - name: oidcIssuer - type: - scalar: string - default: "" - - name: signedEmail - type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1alpha1.PolicyIdentity - map: - fields: - - name: exactRepository - type: - namedType: com.github.openshift.api.config.v1alpha1.PolicyMatchExactRepository - - name: matchPolicy - type: - scalar: string - default: "" - - name: remapIdentity - type: - namedType: com.github.openshift.api.config.v1alpha1.PolicyMatchRemapIdentity - unions: - - discriminator: matchPolicy - fields: - - fieldName: exactRepository - discriminatorValue: PolicyMatchExactRepository - - fieldName: remapIdentity - discriminatorValue: PolicyMatchRemapIdentity -- name: com.github.openshift.api.config.v1alpha1.PolicyMatchExactRepository - map: - fields: - - name: repository - type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1alpha1.PolicyMatchRemapIdentity - map: - fields: - - name: prefix - type: - scalar: string - default: "" - - name: signedPrefix - type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1alpha1.PolicyRootOfTrust - map: - fields: - - name: fulcioCAWithRekor - type: - namedType: com.github.openshift.api.config.v1alpha1.ImagePolicyFulcioCAWithRekorRootOfTrust - - name: pki - type: - namedType: com.github.openshift.api.config.v1alpha1.ImagePolicyPKIRootOfTrust - - name: policyType - type: - scalar: string - default: "" - - name: publicKey - type: - namedType: com.github.openshift.api.config.v1alpha1.ImagePolicyPublicKeyRootOfTrust - unions: - - discriminator: policyType - fields: - - fieldName: fulcioCAWithRekor - discriminatorValue: FulcioCAWithRekor - - fieldName: pki - discriminatorValue: PKI - - fieldName: publicKey - discriminatorValue: PublicKey -- name: com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig - map: - fields: - - name: logLevel - type: - scalar: string - - name: nodeSelector - type: - map: - elementType: - scalar: string - - name: resources - type: - list: - elementType: - namedType: com.github.openshift.api.config.v1alpha1.ContainerResource - elementRelationship: associative - keys: - - name - - name: tolerations - type: - list: - elementType: - namedType: io.k8s.api.core.v1.Toleration - elementRelationship: atomic - - name: topologySpreadConstraints - type: - list: - elementType: - namedType: io.k8s.api.core.v1.TopologySpreadConstraint - elementRelationship: associative - keys: - - topologyKey - - whenUnsatisfiable -- name: com.github.openshift.api.config.v1alpha1.RetentionNumberConfig - map: - fields: - - name: maxNumberOfBackups + - name: request type: - scalar: numeric - default: 0 -- name: com.github.openshift.api.config.v1alpha1.RetentionPolicy + namedType: Quantity.resource.api.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.config.v1alpha1.CustomPKIPolicy map: fields: - - name: retentionNumber + - name: clientCertificates type: - namedType: com.github.openshift.api.config.v1alpha1.RetentionNumberConfig - - name: retentionSize + namedType: com.github.openshift.api.config.v1alpha1.CertificateConfig + default: {} + - name: defaults type: - namedType: com.github.openshift.api.config.v1alpha1.RetentionSizeConfig - - name: retentionType + namedType: com.github.openshift.api.config.v1alpha1.DefaultCertificateConfig + default: {} + - name: servingCertificates type: - scalar: string - default: "" - unions: - - discriminator: retentionType - fields: - - fieldName: retentionNumber - discriminatorValue: RetentionNumber - - fieldName: retentionSize - discriminatorValue: RetentionSize -- name: com.github.openshift.api.config.v1alpha1.RetentionSizeConfig + namedType: com.github.openshift.api.config.v1alpha1.CertificateConfig + default: {} + - name: signerCertificates + type: + namedType: com.github.openshift.api.config.v1alpha1.CertificateConfig + default: {} +- name: com.github.openshift.api.config.v1alpha1.DefaultCertificateConfig map: fields: - - name: maxSizeOfBackupsGb + - name: key type: - scalar: numeric - default: 0 -- name: com.github.openshift.api.config.v1alpha1.Storage + namedType: com.github.openshift.api.config.v1alpha1.KeyConfig + default: {} +- name: com.github.openshift.api.config.v1alpha1.DropEqualActionConfig map: fields: - - name: persistentVolume - type: - namedType: com.github.openshift.api.config.v1alpha1.PersistentVolumeConfig - - name: type + - name: targetLabel type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring +- name: com.github.openshift.api.config.v1alpha1.ECDSAKeyConfig map: fields: - - name: mode + - name: curve type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1alpha2.Custom +- name: com.github.openshift.api.config.v1alpha1.EtcdBackupSpec map: fields: - - name: configs + - name: pvcName type: - list: - elementType: - namedType: com.github.openshift.api.config.v1alpha2.GathererConfig - elementRelationship: associative - keys: - - name -- name: com.github.openshift.api.config.v1alpha2.GatherConfig + scalar: string + default: "" + - name: retentionPolicy + type: + namedType: com.github.openshift.api.config.v1alpha1.RetentionPolicy + default: {} + - name: schedule + type: + scalar: string + default: "" + - name: timeZone + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1alpha1.GatherConfig map: fields: - name: dataPolicy + type: + scalar: string + - name: disabledGatherers type: list: elementType: scalar: string elementRelationship: atomic - - name: gatherers - type: - namedType: com.github.openshift.api.config.v1alpha2.Gatherers - default: {} - name: storage type: - namedType: com.github.openshift.api.config.v1alpha2.Storage -- name: com.github.openshift.api.config.v1alpha2.GathererConfig - map: - fields: - - name: name - type: - scalar: string - default: "" - - name: state - type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1alpha2.Gatherers + namedType: com.github.openshift.api.config.v1alpha1.Storage +- name: com.github.openshift.api.config.v1alpha1.HashModActionConfig map: fields: - - name: custom + - name: modulus type: - namedType: com.github.openshift.api.config.v1alpha2.Custom - - name: mode + scalar: numeric + - name: targetLabel type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1alpha2.InsightsDataGather +- name: com.github.openshift.api.config.v1alpha1.InsightsDataGather map: fields: - name: apiVersion @@ -4814,24 +5068,24 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.config.v1alpha2.InsightsDataGatherSpec + namedType: com.github.openshift.api.config.v1alpha1.InsightsDataGatherSpec default: {} - name: status type: - namedType: com.github.openshift.api.config.v1alpha2.InsightsDataGatherStatus + namedType: com.github.openshift.api.config.v1alpha1.InsightsDataGatherStatus default: {} -- name: com.github.openshift.api.config.v1alpha2.InsightsDataGatherSpec +- name: com.github.openshift.api.config.v1alpha1.InsightsDataGatherSpec map: fields: - name: gatherConfig type: - namedType: com.github.openshift.api.config.v1alpha2.GatherConfig + namedType: com.github.openshift.api.config.v1alpha1.GatherConfig default: {} -- name: com.github.openshift.api.config.v1alpha2.InsightsDataGatherStatus +- name: com.github.openshift.api.config.v1alpha1.InsightsDataGatherStatus map: elementType: scalar: untyped @@ -4843,121 +5097,177 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable -- name: com.github.openshift.api.config.v1alpha2.PersistentVolumeClaimReference +- name: com.github.openshift.api.config.v1alpha1.KeepEqualActionConfig map: fields: - - name: name + - name: targetLabel type: scalar: string - default: "" -- name: com.github.openshift.api.config.v1alpha2.PersistentVolumeConfig +- name: com.github.openshift.api.config.v1alpha1.KeyConfig map: fields: - - name: claim + - name: algorithm type: - namedType: com.github.openshift.api.config.v1alpha2.PersistentVolumeClaimReference + scalar: string + - name: ecdsa + type: + namedType: com.github.openshift.api.config.v1alpha1.ECDSAKeyConfig default: {} - - name: mountPath + - name: rsa type: - scalar: string -- name: com.github.openshift.api.config.v1alpha2.Storage + namedType: com.github.openshift.api.config.v1alpha1.RSAKeyConfig + default: {} + unions: + - discriminator: algorithm + fields: + - fieldName: ecdsa + discriminatorValue: ECDSA + - fieldName: rsa + discriminatorValue: RSA +- name: com.github.openshift.api.config.v1alpha1.Label map: fields: - - name: persistentVolume + - name: key type: - namedType: com.github.openshift.api.config.v1alpha2.PersistentVolumeConfig - - name: type + scalar: string + - name: value type: scalar: string - default: "" -- name: io.k8s.api.core.v1.ConfigMapKeySelector +- name: com.github.openshift.api.config.v1alpha1.LabelMapActionConfig map: fields: - - name: key + - name: replacement type: scalar: string - default: "" - - name: name +- name: com.github.openshift.api.config.v1alpha1.LowercaseActionConfig + map: + fields: + - name: targetLabel type: scalar: string - default: "" - - name: optional - type: - scalar: boolean - elementRelationship: atomic -- name: io.k8s.api.core.v1.EnvVar +- name: com.github.openshift.api.config.v1alpha1.MetadataConfig map: fields: - - name: name + - name: custom type: - scalar: string - default: "" - - name: value + namedType: com.github.openshift.api.config.v1alpha1.MetadataConfigCustom + default: {} + - name: sendPolicy type: scalar: string - - name: valueFrom +- name: com.github.openshift.api.config.v1alpha1.MetadataConfigCustom + map: + fields: + - name: sendIntervalSeconds type: - namedType: io.k8s.api.core.v1.EnvVarSource -- name: io.k8s.api.core.v1.EnvVarSource + scalar: numeric +- name: com.github.openshift.api.config.v1alpha1.MetricsServerConfig map: fields: - - name: configMapKeyRef + - name: audit type: - namedType: io.k8s.api.core.v1.ConfigMapKeySelector - - name: fieldRef + namedType: com.github.openshift.api.config.v1alpha1.Audit + default: {} + - name: nodeSelector type: - namedType: io.k8s.api.core.v1.ObjectFieldSelector - - name: fileKeyRef + map: + elementType: + scalar: string + - name: resources type: - namedType: io.k8s.api.core.v1.FileKeySelector - - name: resourceFieldRef + list: + elementType: + namedType: com.github.openshift.api.config.v1alpha1.ContainerResource + elementRelationship: associative + keys: + - name + - name: tolerations type: - namedType: io.k8s.api.core.v1.ResourceFieldSelector - - name: secretKeyRef + list: + elementType: + namedType: Toleration.v1.core.api.k8s.io + elementRelationship: atomic + - name: topologySpreadConstraints + type: + list: + elementType: + namedType: TopologySpreadConstraint.v1.core.api.k8s.io + elementRelationship: associative + keys: + - topologyKey + - whenUnsatisfiable + - name: verbosity type: - namedType: io.k8s.api.core.v1.SecretKeySelector -- name: io.k8s.api.core.v1.FileKeySelector + scalar: string +- name: com.github.openshift.api.config.v1alpha1.OAuth2 map: fields: - - name: key + - name: clientId type: - scalar: string - default: "" - - name: optional + namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector + default: {} + - name: clientSecret type: - scalar: boolean - default: false - - name: path + namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector + default: {} + - name: endpointParams type: - scalar: string - default: "" - - name: volumeName + list: + elementType: + namedType: com.github.openshift.api.config.v1alpha1.OAuth2EndpointParam + elementRelationship: associative + keys: + - name + - name: scopes + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: tokenUrl type: scalar: string - default: "" - elementRelationship: atomic -- name: io.k8s.api.core.v1.ModifyVolumeStatus +- name: com.github.openshift.api.config.v1alpha1.OAuth2EndpointParam map: fields: - - name: status + - name: name type: scalar: string - default: "" - - name: targetVolumeAttributesClassName + - name: value type: scalar: string -- name: io.k8s.api.core.v1.ObjectFieldSelector +- name: com.github.openshift.api.config.v1alpha1.OpenShiftStateMetricsConfig map: fields: - - name: apiVersion + - name: nodeSelector type: - scalar: string - - name: fieldPath + map: + elementType: + scalar: string + - name: resources type: - scalar: string - default: "" - elementRelationship: atomic -- name: io.k8s.api.core.v1.PersistentVolumeClaim + list: + elementType: + namedType: com.github.openshift.api.config.v1alpha1.ContainerResource + elementRelationship: associative + keys: + - name + - name: tolerations + type: + list: + elementType: + namedType: Toleration.v1.core.api.k8s.io + elementRelationship: atomic + - name: topologySpreadConstraints + type: + list: + elementType: + namedType: TopologySpreadConstraint.v1.core.api.k8s.io + elementRelationship: associative + keys: + - topologyKey + - whenUnsatisfiable +- name: com.github.openshift.api.config.v1alpha1.PKI map: fields: - name: apiVersion @@ -4968,460 +5278,616 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: io.k8s.api.core.v1.PersistentVolumeClaimSpec - default: {} - - name: status - type: - namedType: io.k8s.api.core.v1.PersistentVolumeClaimStatus + namedType: com.github.openshift.api.config.v1alpha1.PKISpec default: {} -- name: io.k8s.api.core.v1.PersistentVolumeClaimCondition +- name: com.github.openshift.api.config.v1alpha1.PKICertificateManagement map: fields: - - name: lastProbeTime - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: lastTransitionTime + - name: custom type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: message + namedType: com.github.openshift.api.config.v1alpha1.CustomPKIPolicy + default: {} + - name: mode type: scalar: string - - name: reason + unions: + - discriminator: mode + fields: + - fieldName: custom + discriminatorValue: Custom +- name: com.github.openshift.api.config.v1alpha1.PKISpec + map: + fields: + - name: certificateManagement type: - scalar: string - - name: status + namedType: com.github.openshift.api.config.v1alpha1.PKICertificateManagement + default: {} +- name: com.github.openshift.api.config.v1alpha1.PersistentVolumeClaimReference + map: + fields: + - name: name type: scalar: string default: "" - - name: type +- name: com.github.openshift.api.config.v1alpha1.PersistentVolumeConfig + map: + fields: + - name: claim + type: + namedType: com.github.openshift.api.config.v1alpha1.PersistentVolumeClaimReference + default: {} + - name: mountPath type: scalar: string - default: "" -- name: io.k8s.api.core.v1.PersistentVolumeClaimSpec +- name: com.github.openshift.api.config.v1alpha1.PrometheusConfig map: fields: - - name: accessModes + - name: additionalAlertmanagerConfigs type: list: elementType: - scalar: string - elementRelationship: atomic - - name: dataSource - type: - namedType: io.k8s.api.core.v1.TypedLocalObjectReference - - name: dataSourceRef - type: - namedType: io.k8s.api.core.v1.TypedObjectReference - - name: resources + namedType: com.github.openshift.api.config.v1alpha1.AdditionalAlertmanagerConfig + elementRelationship: associative + keys: + - name + - name: collectionProfile type: - namedType: io.k8s.api.core.v1.VolumeResourceRequirements - default: {} - - name: selector + scalar: string + - name: enforcedBodySizeLimitBytes type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector - - name: storageClassName + scalar: numeric + - name: externalLabels type: - scalar: string - - name: volumeAttributesClassName + list: + elementType: + namedType: com.github.openshift.api.config.v1alpha1.Label + elementRelationship: associative + keys: + - key + - name: logLevel type: scalar: string - - name: volumeMode + - name: nodeSelector type: - scalar: string - - name: volumeName + map: + elementType: + scalar: string + - name: queryLogFile type: scalar: string -- name: io.k8s.api.core.v1.PersistentVolumeClaimStatus - map: - fields: - - name: accessModes + - name: remoteWrite type: list: elementType: - scalar: string - elementRelationship: atomic - - name: allocatedResourceStatuses + namedType: com.github.openshift.api.config.v1alpha1.RemoteWriteSpec + elementRelationship: associative + keys: + - name + - name: resources type: - map: + list: elementType: - scalar: string - elementRelationship: separable - - name: allocatedResources + namedType: com.github.openshift.api.config.v1alpha1.ContainerResource + elementRelationship: associative + keys: + - name + - name: retention type: - map: - elementType: - namedType: io.k8s.apimachinery.pkg.api.resource.Quantity - - name: capacity + namedType: com.github.openshift.api.config.v1alpha1.Retention + default: {} + - name: tolerations type: - map: + list: elementType: - namedType: io.k8s.apimachinery.pkg.api.resource.Quantity - - name: conditions + namedType: Toleration.v1.core.api.k8s.io + elementRelationship: atomic + - name: topologySpreadConstraints type: list: elementType: - namedType: io.k8s.api.core.v1.PersistentVolumeClaimCondition + namedType: TopologySpreadConstraint.v1.core.api.k8s.io elementRelationship: associative keys: - - type - - name: currentVolumeAttributesClassName - type: - scalar: string - - name: modifyVolumeStatus - type: - namedType: io.k8s.api.core.v1.ModifyVolumeStatus - - name: phase + - topologyKey + - whenUnsatisfiable + - name: volumeClaimTemplate type: - scalar: string -- name: io.k8s.api.core.v1.ResourceClaim + namedType: PersistentVolumeClaim.v1.core.api.k8s.io +- name: com.github.openshift.api.config.v1alpha1.PrometheusOperatorAdmissionWebhookConfig map: fields: - - name: name + - name: resources type: - scalar: string - default: "" - - name: request + list: + elementType: + namedType: com.github.openshift.api.config.v1alpha1.ContainerResource + elementRelationship: associative + keys: + - name + - name: topologySpreadConstraints type: - scalar: string -- name: io.k8s.api.core.v1.ResourceFieldSelector + list: + elementType: + namedType: TopologySpreadConstraint.v1.core.api.k8s.io + elementRelationship: associative + keys: + - topologyKey + - whenUnsatisfiable +- name: com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig map: fields: - - name: containerName + - name: logLevel type: scalar: string - - name: divisor - type: - namedType: io.k8s.apimachinery.pkg.api.resource.Quantity - - name: resource + - name: nodeSelector type: - scalar: string - default: "" - elementRelationship: atomic -- name: io.k8s.api.core.v1.ResourceRequirements - map: - fields: - - name: claims + map: + elementType: + scalar: string + - name: resources type: list: elementType: - namedType: io.k8s.api.core.v1.ResourceClaim + namedType: com.github.openshift.api.config.v1alpha1.ContainerResource elementRelationship: associative keys: - name - - name: limits + - name: tolerations type: - map: + list: elementType: - namedType: io.k8s.apimachinery.pkg.api.resource.Quantity - - name: requests + namedType: Toleration.v1.core.api.k8s.io + elementRelationship: atomic + - name: topologySpreadConstraints type: - map: + list: elementType: - namedType: io.k8s.apimachinery.pkg.api.resource.Quantity -- name: io.k8s.api.core.v1.SecretKeySelector + namedType: TopologySpreadConstraint.v1.core.api.k8s.io + elementRelationship: associative + keys: + - topologyKey + - whenUnsatisfiable +- name: com.github.openshift.api.config.v1alpha1.PrometheusRemoteWriteHeader map: fields: - - name: key - type: - scalar: string - default: "" - name: name type: scalar: string - default: "" - - name: optional + - name: value type: - scalar: boolean - elementRelationship: atomic -- name: io.k8s.api.core.v1.Toleration + scalar: string +- name: com.github.openshift.api.config.v1alpha1.QueueConfig map: fields: - - name: effect + - name: batchSendDeadlineSeconds type: - scalar: string - - name: key + scalar: numeric + - name: capacity type: - scalar: string - - name: operator + scalar: numeric + - name: maxBackoffMilliseconds type: - scalar: string - - name: tolerationSeconds + scalar: numeric + - name: maxSamplesPerSend type: scalar: numeric - - name: value + - name: maxShards + type: + scalar: numeric + - name: minBackoffMilliseconds + type: + scalar: numeric + - name: minShards + type: + scalar: numeric + - name: rateLimitedAction type: scalar: string -- name: io.k8s.api.core.v1.TopologySpreadConstraint +- name: com.github.openshift.api.config.v1alpha1.RSAKeyConfig map: fields: - - name: labelSelector + - name: keySize type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector - - name: matchLabelKeys + scalar: numeric +- name: com.github.openshift.api.config.v1alpha1.RelabelActionConfig + map: + fields: + - name: dropEqual type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: maxSkew + namedType: com.github.openshift.api.config.v1alpha1.DropEqualActionConfig + default: {} + - name: hashMod type: - scalar: numeric - default: 0 - - name: minDomains + namedType: com.github.openshift.api.config.v1alpha1.HashModActionConfig + default: {} + - name: keepEqual type: - scalar: numeric - - name: nodeAffinityPolicy + namedType: com.github.openshift.api.config.v1alpha1.KeepEqualActionConfig + default: {} + - name: labelMap + type: + namedType: com.github.openshift.api.config.v1alpha1.LabelMapActionConfig + default: {} + - name: lowercase + type: + namedType: com.github.openshift.api.config.v1alpha1.LowercaseActionConfig + default: {} + - name: replace + type: + namedType: com.github.openshift.api.config.v1alpha1.ReplaceActionConfig + default: {} + - name: type type: scalar: string - - name: nodeTaintsPolicy + - name: uppercase + type: + namedType: com.github.openshift.api.config.v1alpha1.UppercaseActionConfig + default: {} + unions: + - discriminator: type + fields: + - fieldName: dropEqual + discriminatorValue: DropEqual + - fieldName: hashMod + discriminatorValue: HashMod + - fieldName: keepEqual + discriminatorValue: KeepEqual + - fieldName: labelMap + discriminatorValue: LabelMap + - fieldName: lowercase + discriminatorValue: Lowercase + - fieldName: replace + discriminatorValue: Replace + - fieldName: uppercase + discriminatorValue: Uppercase +- name: com.github.openshift.api.config.v1alpha1.RelabelConfig + map: + fields: + - name: action + type: + namedType: com.github.openshift.api.config.v1alpha1.RelabelActionConfig + default: {} + - name: name type: scalar: string - - name: topologyKey + - name: regex type: scalar: string - default: "" - - name: whenUnsatisfiable + - name: separator type: scalar: string - default: "" -- name: io.k8s.api.core.v1.TypedLocalObjectReference + - name: sourceLabels + type: + list: + elementType: + scalar: string + elementRelationship: associative +- name: com.github.openshift.api.config.v1alpha1.RemoteWriteAuthorization map: fields: - - name: apiGroup + - name: basicAuth + type: + namedType: com.github.openshift.api.config.v1alpha1.BasicAuth + default: {} + - name: bearerToken + type: + namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector + default: {} + - name: oauth2 + type: + namedType: com.github.openshift.api.config.v1alpha1.OAuth2 + default: {} + - name: safeAuthorization + type: + namedType: SecretKeySelector.v1.core.api.k8s.io + - name: sigv4 + type: + namedType: com.github.openshift.api.config.v1alpha1.Sigv4 + default: {} + - name: type type: scalar: string - - name: kind + unions: + - discriminator: type + fields: + - fieldName: basicAuth + discriminatorValue: BasicAuth + - fieldName: bearerToken + discriminatorValue: BearerToken + - fieldName: oauth2 + discriminatorValue: OAuth2 + - fieldName: safeAuthorization + discriminatorValue: SafeAuthorization + - fieldName: sigv4 + discriminatorValue: Sigv4 +- name: com.github.openshift.api.config.v1alpha1.RemoteWriteSpec + map: + fields: + - name: authorization + type: + namedType: com.github.openshift.api.config.v1alpha1.RemoteWriteAuthorization + default: {} + - name: exemplarsMode type: scalar: string - default: "" + - name: headers + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1alpha1.PrometheusRemoteWriteHeader + elementRelationship: associative + keys: + - name + - name: metadataConfig + type: + namedType: com.github.openshift.api.config.v1alpha1.MetadataConfig + default: {} - name: name type: scalar: string - default: "" - elementRelationship: atomic -- name: io.k8s.api.core.v1.TypedObjectReference - map: - fields: - - name: apiGroup + - name: proxyUrl type: scalar: string - - name: kind + - name: queueConfig + type: + namedType: com.github.openshift.api.config.v1alpha1.QueueConfig + default: {} + - name: remoteTimeoutSeconds + type: + scalar: numeric + - name: tlsConfig + type: + namedType: com.github.openshift.api.config.v1alpha1.TLSConfig + default: {} + - name: url type: scalar: string - default: "" - - name: name + - name: writeRelabelConfigs + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1alpha1.RelabelConfig + elementRelationship: associative + keys: + - name +- name: com.github.openshift.api.config.v1alpha1.ReplaceActionConfig + map: + fields: + - name: replacement type: scalar: string - default: "" - - name: namespace + - name: targetLabel type: scalar: string -- name: io.k8s.api.core.v1.VolumeResourceRequirements +- name: com.github.openshift.api.config.v1alpha1.Retention map: fields: - - name: limits + - name: durationInDays type: - map: - elementType: - namedType: io.k8s.apimachinery.pkg.api.resource.Quantity - - name: requests + scalar: numeric + - name: sizeInGiB type: - map: - elementType: - namedType: io.k8s.apimachinery.pkg.api.resource.Quantity -- name: io.k8s.apimachinery.pkg.api.resource.Quantity - scalar: untyped -- name: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + scalar: numeric +- name: com.github.openshift.api.config.v1alpha1.RetentionNumberConfig map: fields: - - name: lastTransitionTime - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: message - type: - scalar: string - default: "" - - name: observedGeneration + - name: maxNumberOfBackups type: scalar: numeric - - name: reason + default: 0 +- name: com.github.openshift.api.config.v1alpha1.RetentionPolicy + map: + fields: + - name: retentionNumber type: - scalar: string - default: "" - - name: status + namedType: com.github.openshift.api.config.v1alpha1.RetentionNumberConfig + - name: retentionSize type: - scalar: string - default: "" - - name: type + namedType: com.github.openshift.api.config.v1alpha1.RetentionSizeConfig + - name: retentionType type: scalar: string default: "" -- name: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - scalar: string -- name: io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1 + unions: + - discriminator: retentionType + fields: + - fieldName: retentionNumber + discriminatorValue: RetentionNumber + - fieldName: retentionSize + discriminatorValue: RetentionSize +- name: com.github.openshift.api.config.v1alpha1.RetentionSizeConfig map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable -- name: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector + fields: + - name: maxSizeOfBackupsGb + type: + scalar: numeric + default: 0 +- name: com.github.openshift.api.config.v1alpha1.SecretKeySelector map: fields: - - name: matchExpressions + - name: key type: - list: - elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement - elementRelationship: atomic - - name: matchLabels + scalar: string + - name: name type: - map: - elementType: - scalar: string + scalar: string elementRelationship: atomic -- name: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement +- name: com.github.openshift.api.config.v1alpha1.Sigv4 map: fields: - - name: key + - name: accessKey + type: + namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector + default: {} + - name: profile type: scalar: string - default: "" - - name: operator + - name: region type: scalar: string - default: "" - - name: values + - name: roleArn type: - list: - elementType: - scalar: string - elementRelationship: atomic -- name: io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry + scalar: string + - name: secretKey + type: + namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector + default: {} +- name: com.github.openshift.api.config.v1alpha1.Storage map: fields: - - name: apiVersion + - name: persistentVolume type: - scalar: string - - name: fieldsType + namedType: com.github.openshift.api.config.v1alpha1.PersistentVolumeConfig + - name: type type: scalar: string - - name: fieldsV1 + default: "" +- name: com.github.openshift.api.config.v1alpha1.TLSConfig + map: + fields: + - name: ca type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1 - - name: manager + namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector + default: {} + - name: cert type: - scalar: string - - name: operation + namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector + default: {} + - name: certificateVerification type: scalar: string - - name: subresource + - name: key type: - scalar: string - - name: time + namedType: com.github.openshift.api.config.v1alpha1.SecretKeySelector + default: {} + - name: serverName type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time -- name: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + scalar: string +- name: com.github.openshift.api.config.v1alpha1.TelemeterClientConfig map: fields: - - name: annotations + - name: nodeSelector type: map: elementType: scalar: string - - name: creationTimestamp - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: deletionGracePeriodSeconds - type: - scalar: numeric - - name: deletionTimestamp - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: finalizers + - name: resources type: list: elementType: - scalar: string + namedType: com.github.openshift.api.config.v1alpha1.ContainerResource elementRelationship: associative - - name: generateName - type: - scalar: string - - name: generation - type: - scalar: numeric - - name: labels + keys: + - name + - name: tolerations type: - map: + list: elementType: - scalar: string - - name: managedFields + namedType: Toleration.v1.core.api.k8s.io + elementRelationship: atomic + - name: topologySpreadConstraints type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry - elementRelationship: atomic - - name: name + namedType: TopologySpreadConstraint.v1.core.api.k8s.io + elementRelationship: associative + keys: + - topologyKey + - whenUnsatisfiable +- name: com.github.openshift.api.config.v1alpha1.UppercaseActionConfig + map: + fields: + - name: targetLabel type: scalar: string - - name: namespace +- name: com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring + map: + fields: + - name: mode type: scalar: string - - name: ownerReferences + default: "" +- name: com.github.openshift.api.config.v1alpha2.Custom + map: + fields: + - name: configs type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference + namedType: com.github.openshift.api.config.v1alpha2.GathererConfig elementRelationship: associative keys: - - uid - - name: resourceVersion + - name +- name: com.github.openshift.api.config.v1alpha2.GatherConfig + map: + fields: + - name: dataPolicy type: - scalar: string - - name: selfLink + list: + elementType: + scalar: string + elementRelationship: atomic + - name: gatherers type: - scalar: string - - name: uid + namedType: com.github.openshift.api.config.v1alpha2.Gatherers + default: {} + - name: storage type: - scalar: string -- name: io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference + namedType: com.github.openshift.api.config.v1alpha2.Storage +- name: com.github.openshift.api.config.v1alpha2.GathererConfig map: fields: - - name: apiVersion + - name: name type: scalar: string default: "" - - name: blockOwnerDeletion + - name: state type: - scalar: boolean - - name: controller + scalar: string + default: "" +- name: com.github.openshift.api.config.v1alpha2.Gatherers + map: + fields: + - name: custom type: - scalar: boolean - - name: kind + namedType: com.github.openshift.api.config.v1alpha2.Custom + - name: mode type: scalar: string default: "" - - name: name +- name: com.github.openshift.api.config.v1alpha2.InsightsDataGather + map: + fields: + - name: apiVersion type: scalar: string - default: "" - - name: uid + - name: kind type: scalar: string - default: "" - elementRelationship: atomic -- name: io.k8s.apimachinery.pkg.apis.meta.v1.Time - scalar: untyped -- name: io.k8s.apimachinery.pkg.runtime.RawExtension + - name: metadata + type: + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec + type: + namedType: com.github.openshift.api.config.v1alpha2.InsightsDataGatherSpec + default: {} + - name: status + type: + namedType: com.github.openshift.api.config.v1alpha2.InsightsDataGatherStatus + default: {} +- name: com.github.openshift.api.config.v1alpha2.InsightsDataGatherSpec + map: + fields: + - name: gatherConfig + type: + namedType: com.github.openshift.api.config.v1alpha2.GatherConfig + default: {} +- name: com.github.openshift.api.config.v1alpha2.InsightsDataGatherStatus map: elementType: scalar: untyped @@ -5433,6 +5899,33 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable +- name: com.github.openshift.api.config.v1alpha2.PersistentVolumeClaimReference + map: + fields: + - name: name + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1alpha2.PersistentVolumeConfig + map: + fields: + - name: claim + type: + namedType: com.github.openshift.api.config.v1alpha2.PersistentVolumeClaimReference + default: {} + - name: mountPath + type: + scalar: string +- name: com.github.openshift.api.config.v1alpha2.Storage + map: + fields: + - name: persistentVolume + type: + namedType: com.github.openshift.api.config.v1alpha2.PersistentVolumeConfig + - name: type + type: + scalar: string + default: "" - name: __untyped_atomic_ scalar: untyped list: diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/utils.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/utils.go index f47ef1d30e..671e67cdb9 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/utils.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/utils.go @@ -478,22 +478,24 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &configv1.WebhookTokenAuthenticatorApplyConfiguration{} // Group=config.openshift.io, Version=v1alpha1 + case v1alpha1.SchemeGroupVersion.WithKind("AdditionalAlertmanagerConfig"): + return &configv1alpha1.AdditionalAlertmanagerConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("AlertmanagerConfig"): return &configv1alpha1.AlertmanagerConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("AlertmanagerCustomConfig"): return &configv1alpha1.AlertmanagerCustomConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("Audit"): return &configv1alpha1.AuditApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("AuthorizationConfig"): + return &configv1alpha1.AuthorizationConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("Backup"): return &configv1alpha1.BackupApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("BackupSpec"): return &configv1alpha1.BackupSpecApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("ClusterImagePolicy"): - return &configv1alpha1.ClusterImagePolicyApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("ClusterImagePolicySpec"): - return &configv1alpha1.ClusterImagePolicySpecApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("ClusterImagePolicyStatus"): - return &configv1alpha1.ClusterImagePolicyStatusApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("BasicAuth"): + return &configv1alpha1.BasicAuthApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("CertificateConfig"): + return &configv1alpha1.CertificateConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("ClusterMonitoring"): return &configv1alpha1.ClusterMonitoringApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("ClusterMonitoringSpec"): @@ -506,58 +508,102 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &configv1alpha1.CRIOCredentialProviderConfigSpecApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("CRIOCredentialProviderConfigStatus"): return &configv1alpha1.CRIOCredentialProviderConfigStatusApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("CustomPKIPolicy"): + return &configv1alpha1.CustomPKIPolicyApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("DefaultCertificateConfig"): + return &configv1alpha1.DefaultCertificateConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("DropEqualActionConfig"): + return &configv1alpha1.DropEqualActionConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("ECDSAKeyConfig"): + return &configv1alpha1.ECDSAKeyConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("EtcdBackupSpec"): return &configv1alpha1.EtcdBackupSpecApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("GatherConfig"): return &configv1alpha1.GatherConfigApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("ImagePolicy"): - return &configv1alpha1.ImagePolicyApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("ImagePolicyFulcioCAWithRekorRootOfTrust"): - return &configv1alpha1.ImagePolicyFulcioCAWithRekorRootOfTrustApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("ImagePolicyPKIRootOfTrust"): - return &configv1alpha1.ImagePolicyPKIRootOfTrustApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("ImagePolicyPublicKeyRootOfTrust"): - return &configv1alpha1.ImagePolicyPublicKeyRootOfTrustApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("ImagePolicySpec"): - return &configv1alpha1.ImagePolicySpecApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("ImagePolicyStatus"): - return &configv1alpha1.ImagePolicyStatusApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("ImageSigstoreVerificationPolicy"): - return &configv1alpha1.ImageSigstoreVerificationPolicyApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("HashModActionConfig"): + return &configv1alpha1.HashModActionConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("InsightsDataGather"): return &configv1alpha1.InsightsDataGatherApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("InsightsDataGatherSpec"): return &configv1alpha1.InsightsDataGatherSpecApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("KeepEqualActionConfig"): + return &configv1alpha1.KeepEqualActionConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("KeyConfig"): + return &configv1alpha1.KeyConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("Label"): + return &configv1alpha1.LabelApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("LabelMapActionConfig"): + return &configv1alpha1.LabelMapActionConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("LowercaseActionConfig"): + return &configv1alpha1.LowercaseActionConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("MetadataConfig"): + return &configv1alpha1.MetadataConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("MetadataConfigCustom"): + return &configv1alpha1.MetadataConfigCustomApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("MetricsServerConfig"): return &configv1alpha1.MetricsServerConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("OAuth2"): + return &configv1alpha1.OAuth2ApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("OAuth2EndpointParam"): + return &configv1alpha1.OAuth2EndpointParamApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("OpenShiftStateMetricsConfig"): + return &configv1alpha1.OpenShiftStateMetricsConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("PersistentVolumeClaimReference"): return &configv1alpha1.PersistentVolumeClaimReferenceApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("PersistentVolumeConfig"): return &configv1alpha1.PersistentVolumeConfigApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("PKICertificateSubject"): - return &configv1alpha1.PKICertificateSubjectApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("PolicyFulcioSubject"): - return &configv1alpha1.PolicyFulcioSubjectApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("PolicyIdentity"): - return &configv1alpha1.PolicyIdentityApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("PolicyMatchExactRepository"): - return &configv1alpha1.PolicyMatchExactRepositoryApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("PolicyMatchRemapIdentity"): - return &configv1alpha1.PolicyMatchRemapIdentityApplyConfiguration{} - case v1alpha1.SchemeGroupVersion.WithKind("PolicyRootOfTrust"): - return &configv1alpha1.PolicyRootOfTrustApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("PKI"): + return &configv1alpha1.PKIApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("PKICertificateManagement"): + return &configv1alpha1.PKICertificateManagementApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("PKIProfile"): + return &configv1alpha1.PKIProfileApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("PKISpec"): + return &configv1alpha1.PKISpecApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("PrometheusConfig"): + return &configv1alpha1.PrometheusConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("PrometheusOperatorAdmissionWebhookConfig"): return &configv1alpha1.PrometheusOperatorAdmissionWebhookConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("PrometheusOperatorConfig"): return &configv1alpha1.PrometheusOperatorConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("PrometheusRemoteWriteHeader"): + return &configv1alpha1.PrometheusRemoteWriteHeaderApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("QueueConfig"): + return &configv1alpha1.QueueConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("RelabelActionConfig"): + return &configv1alpha1.RelabelActionConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("RelabelConfig"): + return &configv1alpha1.RelabelConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("RemoteWriteAuthorization"): + return &configv1alpha1.RemoteWriteAuthorizationApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("RemoteWriteSpec"): + return &configv1alpha1.RemoteWriteSpecApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("ReplaceActionConfig"): + return &configv1alpha1.ReplaceActionConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("Retention"): + return &configv1alpha1.RetentionApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("RetentionNumberConfig"): return &configv1alpha1.RetentionNumberConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("RetentionPolicy"): return &configv1alpha1.RetentionPolicyApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("RetentionSizeConfig"): return &configv1alpha1.RetentionSizeConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("RSAKeyConfig"): + return &configv1alpha1.RSAKeyConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("SecretKeySelector"): + return &configv1alpha1.SecretKeySelectorApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("Sigv4"): + return &configv1alpha1.Sigv4ApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("Storage"): return &configv1alpha1.StorageApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("TelemeterClientConfig"): + return &configv1alpha1.TelemeterClientConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("ThanosQuerierConfig"): + return &configv1alpha1.ThanosQuerierConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("TLSConfig"): + return &configv1alpha1.TLSConfigApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("UppercaseActionConfig"): + return &configv1alpha1.UppercaseActionConfigApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("UserDefinedMonitoring"): return &configv1alpha1.UserDefinedMonitoringApplyConfiguration{} diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/clusterimagepolicy.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/clusterimagepolicy.go deleted file mode 100644 index 8391f7b40e..0000000000 --- a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/clusterimagepolicy.go +++ /dev/null @@ -1,58 +0,0 @@ -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - context "context" - - configv1alpha1 "github.com/openshift/api/config/v1alpha1" - applyconfigurationsconfigv1alpha1 "github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1" - scheme "github.com/openshift/client-go/config/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - gentype "k8s.io/client-go/gentype" -) - -// ClusterImagePoliciesGetter has a method to return a ClusterImagePolicyInterface. -// A group's client should implement this interface. -type ClusterImagePoliciesGetter interface { - ClusterImagePolicies() ClusterImagePolicyInterface -} - -// ClusterImagePolicyInterface has methods to work with ClusterImagePolicy resources. -type ClusterImagePolicyInterface interface { - Create(ctx context.Context, clusterImagePolicy *configv1alpha1.ClusterImagePolicy, opts v1.CreateOptions) (*configv1alpha1.ClusterImagePolicy, error) - Update(ctx context.Context, clusterImagePolicy *configv1alpha1.ClusterImagePolicy, opts v1.UpdateOptions) (*configv1alpha1.ClusterImagePolicy, error) - // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). - UpdateStatus(ctx context.Context, clusterImagePolicy *configv1alpha1.ClusterImagePolicy, opts v1.UpdateOptions) (*configv1alpha1.ClusterImagePolicy, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*configv1alpha1.ClusterImagePolicy, error) - List(ctx context.Context, opts v1.ListOptions) (*configv1alpha1.ClusterImagePolicyList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *configv1alpha1.ClusterImagePolicy, err error) - Apply(ctx context.Context, clusterImagePolicy *applyconfigurationsconfigv1alpha1.ClusterImagePolicyApplyConfiguration, opts v1.ApplyOptions) (result *configv1alpha1.ClusterImagePolicy, err error) - // Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). - ApplyStatus(ctx context.Context, clusterImagePolicy *applyconfigurationsconfigv1alpha1.ClusterImagePolicyApplyConfiguration, opts v1.ApplyOptions) (result *configv1alpha1.ClusterImagePolicy, err error) - ClusterImagePolicyExpansion -} - -// clusterImagePolicies implements ClusterImagePolicyInterface -type clusterImagePolicies struct { - *gentype.ClientWithListAndApply[*configv1alpha1.ClusterImagePolicy, *configv1alpha1.ClusterImagePolicyList, *applyconfigurationsconfigv1alpha1.ClusterImagePolicyApplyConfiguration] -} - -// newClusterImagePolicies returns a ClusterImagePolicies -func newClusterImagePolicies(c *ConfigV1alpha1Client) *clusterImagePolicies { - return &clusterImagePolicies{ - gentype.NewClientWithListAndApply[*configv1alpha1.ClusterImagePolicy, *configv1alpha1.ClusterImagePolicyList, *applyconfigurationsconfigv1alpha1.ClusterImagePolicyApplyConfiguration]( - "clusterimagepolicies", - c.RESTClient(), - scheme.ParameterCodec, - "", - func() *configv1alpha1.ClusterImagePolicy { return &configv1alpha1.ClusterImagePolicy{} }, - func() *configv1alpha1.ClusterImagePolicyList { return &configv1alpha1.ClusterImagePolicyList{} }, - ), - } -} diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/config_client.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/config_client.go index 58cf671dc9..23ba9a19c0 100644 --- a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/config_client.go +++ b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/config_client.go @@ -14,10 +14,9 @@ type ConfigV1alpha1Interface interface { RESTClient() rest.Interface BackupsGetter CRIOCredentialProviderConfigsGetter - ClusterImagePoliciesGetter ClusterMonitoringsGetter - ImagePoliciesGetter InsightsDataGathersGetter + PKIsGetter } // ConfigV1alpha1Client is used to interact with features provided by the config.openshift.io group. @@ -33,22 +32,18 @@ func (c *ConfigV1alpha1Client) CRIOCredentialProviderConfigs() CRIOCredentialPro return newCRIOCredentialProviderConfigs(c) } -func (c *ConfigV1alpha1Client) ClusterImagePolicies() ClusterImagePolicyInterface { - return newClusterImagePolicies(c) -} - func (c *ConfigV1alpha1Client) ClusterMonitorings() ClusterMonitoringInterface { return newClusterMonitorings(c) } -func (c *ConfigV1alpha1Client) ImagePolicies(namespace string) ImagePolicyInterface { - return newImagePolicies(c, namespace) -} - func (c *ConfigV1alpha1Client) InsightsDataGathers() InsightsDataGatherInterface { return newInsightsDataGathers(c) } +func (c *ConfigV1alpha1Client) PKIs() PKIInterface { + return newPKIs(c) +} + // NewForConfig creates a new ConfigV1alpha1Client for the given config. // NewForConfig is equivalent to NewForConfigAndClient(c, httpClient), // where httpClient was generated with rest.HTTPClientFor(c). diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_clusterimagepolicy.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_clusterimagepolicy.go deleted file mode 100644 index 50d94e1a91..0000000000 --- a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_clusterimagepolicy.go +++ /dev/null @@ -1,37 +0,0 @@ -// Code generated by client-gen. DO NOT EDIT. - -package fake - -import ( - v1alpha1 "github.com/openshift/api/config/v1alpha1" - configv1alpha1 "github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1" - typedconfigv1alpha1 "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1" - gentype "k8s.io/client-go/gentype" -) - -// fakeClusterImagePolicies implements ClusterImagePolicyInterface -type fakeClusterImagePolicies struct { - *gentype.FakeClientWithListAndApply[*v1alpha1.ClusterImagePolicy, *v1alpha1.ClusterImagePolicyList, *configv1alpha1.ClusterImagePolicyApplyConfiguration] - Fake *FakeConfigV1alpha1 -} - -func newFakeClusterImagePolicies(fake *FakeConfigV1alpha1) typedconfigv1alpha1.ClusterImagePolicyInterface { - return &fakeClusterImagePolicies{ - gentype.NewFakeClientWithListAndApply[*v1alpha1.ClusterImagePolicy, *v1alpha1.ClusterImagePolicyList, *configv1alpha1.ClusterImagePolicyApplyConfiguration]( - fake.Fake, - "", - v1alpha1.SchemeGroupVersion.WithResource("clusterimagepolicies"), - v1alpha1.SchemeGroupVersion.WithKind("ClusterImagePolicy"), - func() *v1alpha1.ClusterImagePolicy { return &v1alpha1.ClusterImagePolicy{} }, - func() *v1alpha1.ClusterImagePolicyList { return &v1alpha1.ClusterImagePolicyList{} }, - func(dst, src *v1alpha1.ClusterImagePolicyList) { dst.ListMeta = src.ListMeta }, - func(list *v1alpha1.ClusterImagePolicyList) []*v1alpha1.ClusterImagePolicy { - return gentype.ToPointerSlice(list.Items) - }, - func(list *v1alpha1.ClusterImagePolicyList, items []*v1alpha1.ClusterImagePolicy) { - list.Items = gentype.FromPointerSlice(items) - }, - ), - fake, - } -} diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go index e807c23147..381179df9c 100644 --- a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go +++ b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_config_client.go @@ -20,22 +20,18 @@ func (c *FakeConfigV1alpha1) CRIOCredentialProviderConfigs() v1alpha1.CRIOCreden return newFakeCRIOCredentialProviderConfigs(c) } -func (c *FakeConfigV1alpha1) ClusterImagePolicies() v1alpha1.ClusterImagePolicyInterface { - return newFakeClusterImagePolicies(c) -} - func (c *FakeConfigV1alpha1) ClusterMonitorings() v1alpha1.ClusterMonitoringInterface { return newFakeClusterMonitorings(c) } -func (c *FakeConfigV1alpha1) ImagePolicies(namespace string) v1alpha1.ImagePolicyInterface { - return newFakeImagePolicies(c, namespace) -} - func (c *FakeConfigV1alpha1) InsightsDataGathers() v1alpha1.InsightsDataGatherInterface { return newFakeInsightsDataGathers(c) } +func (c *FakeConfigV1alpha1) PKIs() v1alpha1.PKIInterface { + return newFakePKIs(c) +} + // RESTClient returns a RESTClient that is used to communicate // with API server by this client implementation. func (c *FakeConfigV1alpha1) RESTClient() rest.Interface { diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_imagepolicy.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_imagepolicy.go deleted file mode 100644 index 9bf6cb9c04..0000000000 --- a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_imagepolicy.go +++ /dev/null @@ -1,37 +0,0 @@ -// Code generated by client-gen. DO NOT EDIT. - -package fake - -import ( - v1alpha1 "github.com/openshift/api/config/v1alpha1" - configv1alpha1 "github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1" - typedconfigv1alpha1 "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1" - gentype "k8s.io/client-go/gentype" -) - -// fakeImagePolicies implements ImagePolicyInterface -type fakeImagePolicies struct { - *gentype.FakeClientWithListAndApply[*v1alpha1.ImagePolicy, *v1alpha1.ImagePolicyList, *configv1alpha1.ImagePolicyApplyConfiguration] - Fake *FakeConfigV1alpha1 -} - -func newFakeImagePolicies(fake *FakeConfigV1alpha1, namespace string) typedconfigv1alpha1.ImagePolicyInterface { - return &fakeImagePolicies{ - gentype.NewFakeClientWithListAndApply[*v1alpha1.ImagePolicy, *v1alpha1.ImagePolicyList, *configv1alpha1.ImagePolicyApplyConfiguration]( - fake.Fake, - namespace, - v1alpha1.SchemeGroupVersion.WithResource("imagepolicies"), - v1alpha1.SchemeGroupVersion.WithKind("ImagePolicy"), - func() *v1alpha1.ImagePolicy { return &v1alpha1.ImagePolicy{} }, - func() *v1alpha1.ImagePolicyList { return &v1alpha1.ImagePolicyList{} }, - func(dst, src *v1alpha1.ImagePolicyList) { dst.ListMeta = src.ListMeta }, - func(list *v1alpha1.ImagePolicyList) []*v1alpha1.ImagePolicy { - return gentype.ToPointerSlice(list.Items) - }, - func(list *v1alpha1.ImagePolicyList, items []*v1alpha1.ImagePolicy) { - list.Items = gentype.FromPointerSlice(items) - }, - ), - fake, - } -} diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_pki.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_pki.go new file mode 100644 index 0000000000..7efcece94e --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/fake/fake_pki.go @@ -0,0 +1,33 @@ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1alpha1 "github.com/openshift/api/config/v1alpha1" + configv1alpha1 "github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1" + typedconfigv1alpha1 "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1" + gentype "k8s.io/client-go/gentype" +) + +// fakePKIs implements PKIInterface +type fakePKIs struct { + *gentype.FakeClientWithListAndApply[*v1alpha1.PKI, *v1alpha1.PKIList, *configv1alpha1.PKIApplyConfiguration] + Fake *FakeConfigV1alpha1 +} + +func newFakePKIs(fake *FakeConfigV1alpha1) typedconfigv1alpha1.PKIInterface { + return &fakePKIs{ + gentype.NewFakeClientWithListAndApply[*v1alpha1.PKI, *v1alpha1.PKIList, *configv1alpha1.PKIApplyConfiguration]( + fake.Fake, + "", + v1alpha1.SchemeGroupVersion.WithResource("pkis"), + v1alpha1.SchemeGroupVersion.WithKind("PKI"), + func() *v1alpha1.PKI { return &v1alpha1.PKI{} }, + func() *v1alpha1.PKIList { return &v1alpha1.PKIList{} }, + func(dst, src *v1alpha1.PKIList) { dst.ListMeta = src.ListMeta }, + func(list *v1alpha1.PKIList) []*v1alpha1.PKI { return gentype.ToPointerSlice(list.Items) }, + func(list *v1alpha1.PKIList, items []*v1alpha1.PKI) { list.Items = gentype.FromPointerSlice(items) }, + ), + fake, + } +} diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/generated_expansion.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/generated_expansion.go index 9f530ae220..bc1f603194 100644 --- a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/generated_expansion.go +++ b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/generated_expansion.go @@ -6,10 +6,8 @@ type BackupExpansion interface{} type CRIOCredentialProviderConfigExpansion interface{} -type ClusterImagePolicyExpansion interface{} - type ClusterMonitoringExpansion interface{} -type ImagePolicyExpansion interface{} - type InsightsDataGatherExpansion interface{} + +type PKIExpansion interface{} diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/imagepolicy.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/imagepolicy.go deleted file mode 100644 index a893efeea7..0000000000 --- a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/imagepolicy.go +++ /dev/null @@ -1,58 +0,0 @@ -// Code generated by client-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - context "context" - - configv1alpha1 "github.com/openshift/api/config/v1alpha1" - applyconfigurationsconfigv1alpha1 "github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1" - scheme "github.com/openshift/client-go/config/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - gentype "k8s.io/client-go/gentype" -) - -// ImagePoliciesGetter has a method to return a ImagePolicyInterface. -// A group's client should implement this interface. -type ImagePoliciesGetter interface { - ImagePolicies(namespace string) ImagePolicyInterface -} - -// ImagePolicyInterface has methods to work with ImagePolicy resources. -type ImagePolicyInterface interface { - Create(ctx context.Context, imagePolicy *configv1alpha1.ImagePolicy, opts v1.CreateOptions) (*configv1alpha1.ImagePolicy, error) - Update(ctx context.Context, imagePolicy *configv1alpha1.ImagePolicy, opts v1.UpdateOptions) (*configv1alpha1.ImagePolicy, error) - // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). - UpdateStatus(ctx context.Context, imagePolicy *configv1alpha1.ImagePolicy, opts v1.UpdateOptions) (*configv1alpha1.ImagePolicy, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*configv1alpha1.ImagePolicy, error) - List(ctx context.Context, opts v1.ListOptions) (*configv1alpha1.ImagePolicyList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *configv1alpha1.ImagePolicy, err error) - Apply(ctx context.Context, imagePolicy *applyconfigurationsconfigv1alpha1.ImagePolicyApplyConfiguration, opts v1.ApplyOptions) (result *configv1alpha1.ImagePolicy, err error) - // Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). - ApplyStatus(ctx context.Context, imagePolicy *applyconfigurationsconfigv1alpha1.ImagePolicyApplyConfiguration, opts v1.ApplyOptions) (result *configv1alpha1.ImagePolicy, err error) - ImagePolicyExpansion -} - -// imagePolicies implements ImagePolicyInterface -type imagePolicies struct { - *gentype.ClientWithListAndApply[*configv1alpha1.ImagePolicy, *configv1alpha1.ImagePolicyList, *applyconfigurationsconfigv1alpha1.ImagePolicyApplyConfiguration] -} - -// newImagePolicies returns a ImagePolicies -func newImagePolicies(c *ConfigV1alpha1Client, namespace string) *imagePolicies { - return &imagePolicies{ - gentype.NewClientWithListAndApply[*configv1alpha1.ImagePolicy, *configv1alpha1.ImagePolicyList, *applyconfigurationsconfigv1alpha1.ImagePolicyApplyConfiguration]( - "imagepolicies", - c.RESTClient(), - scheme.ParameterCodec, - namespace, - func() *configv1alpha1.ImagePolicy { return &configv1alpha1.ImagePolicy{} }, - func() *configv1alpha1.ImagePolicyList { return &configv1alpha1.ImagePolicyList{} }, - ), - } -} diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/pki.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/pki.go new file mode 100644 index 0000000000..ba099fcf10 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1alpha1/pki.go @@ -0,0 +1,54 @@ +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + context "context" + + configv1alpha1 "github.com/openshift/api/config/v1alpha1" + applyconfigurationsconfigv1alpha1 "github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1" + scheme "github.com/openshift/client-go/config/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + gentype "k8s.io/client-go/gentype" +) + +// PKIsGetter has a method to return a PKIInterface. +// A group's client should implement this interface. +type PKIsGetter interface { + PKIs() PKIInterface +} + +// PKIInterface has methods to work with PKI resources. +type PKIInterface interface { + Create(ctx context.Context, pKI *configv1alpha1.PKI, opts v1.CreateOptions) (*configv1alpha1.PKI, error) + Update(ctx context.Context, pKI *configv1alpha1.PKI, opts v1.UpdateOptions) (*configv1alpha1.PKI, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*configv1alpha1.PKI, error) + List(ctx context.Context, opts v1.ListOptions) (*configv1alpha1.PKIList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *configv1alpha1.PKI, err error) + Apply(ctx context.Context, pKI *applyconfigurationsconfigv1alpha1.PKIApplyConfiguration, opts v1.ApplyOptions) (result *configv1alpha1.PKI, err error) + PKIExpansion +} + +// pKIs implements PKIInterface +type pKIs struct { + *gentype.ClientWithListAndApply[*configv1alpha1.PKI, *configv1alpha1.PKIList, *applyconfigurationsconfigv1alpha1.PKIApplyConfiguration] +} + +// newPKIs returns a PKIs +func newPKIs(c *ConfigV1alpha1Client) *pKIs { + return &pKIs{ + gentype.NewClientWithListAndApply[*configv1alpha1.PKI, *configv1alpha1.PKIList, *applyconfigurationsconfigv1alpha1.PKIApplyConfiguration]( + "pkis", + c.RESTClient(), + scheme.ParameterCodec, + "", + func() *configv1alpha1.PKI { return &configv1alpha1.PKI{} }, + func() *configv1alpha1.PKIList { return &configv1alpha1.PKIList{} }, + ), + } +} diff --git a/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/clusterimagepolicy.go b/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/clusterimagepolicy.go deleted file mode 100644 index af5c3e27f1..0000000000 --- a/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/clusterimagepolicy.go +++ /dev/null @@ -1,85 +0,0 @@ -// Code generated by informer-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - context "context" - time "time" - - apiconfigv1alpha1 "github.com/openshift/api/config/v1alpha1" - versioned "github.com/openshift/client-go/config/clientset/versioned" - internalinterfaces "github.com/openshift/client-go/config/informers/externalversions/internalinterfaces" - configv1alpha1 "github.com/openshift/client-go/config/listers/config/v1alpha1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - cache "k8s.io/client-go/tools/cache" -) - -// ClusterImagePolicyInformer provides access to a shared informer and lister for -// ClusterImagePolicies. -type ClusterImagePolicyInformer interface { - Informer() cache.SharedIndexInformer - Lister() configv1alpha1.ClusterImagePolicyLister -} - -type clusterImagePolicyInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewClusterImagePolicyInformer constructs a new informer for ClusterImagePolicy type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewClusterImagePolicyInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredClusterImagePolicyInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredClusterImagePolicyInformer constructs a new informer for ClusterImagePolicy type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredClusterImagePolicyInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - cache.ToListWatcherWithWatchListSemantics(&cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().ClusterImagePolicies().List(context.Background(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().ClusterImagePolicies().Watch(context.Background(), options) - }, - ListWithContextFunc: func(ctx context.Context, options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().ClusterImagePolicies().List(ctx, options) - }, - WatchFuncWithContext: func(ctx context.Context, options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1alpha1().ClusterImagePolicies().Watch(ctx, options) - }, - }, client), - &apiconfigv1alpha1.ClusterImagePolicy{}, - resyncPeriod, - indexers, - ) -} - -func (f *clusterImagePolicyInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredClusterImagePolicyInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *clusterImagePolicyInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&apiconfigv1alpha1.ClusterImagePolicy{}, f.defaultInformer) -} - -func (f *clusterImagePolicyInformer) Lister() configv1alpha1.ClusterImagePolicyLister { - return configv1alpha1.NewClusterImagePolicyLister(f.Informer().GetIndexer()) -} diff --git a/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/interface.go b/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/interface.go index 10cc930b8c..17b0ebcc0b 100644 --- a/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/interface.go +++ b/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/interface.go @@ -12,14 +12,12 @@ type Interface interface { Backups() BackupInformer // CRIOCredentialProviderConfigs returns a CRIOCredentialProviderConfigInformer. CRIOCredentialProviderConfigs() CRIOCredentialProviderConfigInformer - // ClusterImagePolicies returns a ClusterImagePolicyInformer. - ClusterImagePolicies() ClusterImagePolicyInformer // ClusterMonitorings returns a ClusterMonitoringInformer. ClusterMonitorings() ClusterMonitoringInformer - // ImagePolicies returns a ImagePolicyInformer. - ImagePolicies() ImagePolicyInformer // InsightsDataGathers returns a InsightsDataGatherInformer. InsightsDataGathers() InsightsDataGatherInformer + // PKIs returns a PKIInformer. + PKIs() PKIInformer } type version struct { @@ -43,22 +41,17 @@ func (v *version) CRIOCredentialProviderConfigs() CRIOCredentialProviderConfigIn return &cRIOCredentialProviderConfigInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} } -// ClusterImagePolicies returns a ClusterImagePolicyInformer. -func (v *version) ClusterImagePolicies() ClusterImagePolicyInformer { - return &clusterImagePolicyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - // ClusterMonitorings returns a ClusterMonitoringInformer. func (v *version) ClusterMonitorings() ClusterMonitoringInformer { return &clusterMonitoringInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} } -// ImagePolicies returns a ImagePolicyInformer. -func (v *version) ImagePolicies() ImagePolicyInformer { - return &imagePolicyInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} -} - // InsightsDataGathers returns a InsightsDataGatherInformer. func (v *version) InsightsDataGathers() InsightsDataGatherInformer { return &insightsDataGatherInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} } + +// PKIs returns a PKIInformer. +func (v *version) PKIs() PKIInformer { + return &pKIInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} diff --git a/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/imagepolicy.go b/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/pki.go similarity index 51% rename from vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/imagepolicy.go rename to vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/pki.go index d56c1e834f..3613eec8c0 100644 --- a/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/imagepolicy.go +++ b/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1alpha1/pki.go @@ -16,71 +16,70 @@ import ( cache "k8s.io/client-go/tools/cache" ) -// ImagePolicyInformer provides access to a shared informer and lister for -// ImagePolicies. -type ImagePolicyInformer interface { +// PKIInformer provides access to a shared informer and lister for +// PKIs. +type PKIInformer interface { Informer() cache.SharedIndexInformer - Lister() configv1alpha1.ImagePolicyLister + Lister() configv1alpha1.PKILister } -type imagePolicyInformer struct { +type pKIInformer struct { factory internalinterfaces.SharedInformerFactory tweakListOptions internalinterfaces.TweakListOptionsFunc - namespace string } -// NewImagePolicyInformer constructs a new informer for ImagePolicy type. +// NewPKIInformer constructs a new informer for PKI type. // Always prefer using an informer factory to get a shared informer instead of getting an independent // one. This reduces memory footprint and number of connections to the server. -func NewImagePolicyInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredImagePolicyInformer(client, namespace, resyncPeriod, indexers, nil) +func NewPKIInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredPKIInformer(client, resyncPeriod, indexers, nil) } -// NewFilteredImagePolicyInformer constructs a new informer for ImagePolicy type. +// NewFilteredPKIInformer constructs a new informer for PKI type. // Always prefer using an informer factory to get a shared informer instead of getting an independent // one. This reduces memory footprint and number of connections to the server. -func NewFilteredImagePolicyInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { +func NewFilteredPKIInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { return cache.NewSharedIndexInformer( cache.ToListWatcherWithWatchListSemantics(&cache.ListWatch{ ListFunc: func(options v1.ListOptions) (runtime.Object, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.ConfigV1alpha1().ImagePolicies(namespace).List(context.Background(), options) + return client.ConfigV1alpha1().PKIs().List(context.Background(), options) }, WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.ConfigV1alpha1().ImagePolicies(namespace).Watch(context.Background(), options) + return client.ConfigV1alpha1().PKIs().Watch(context.Background(), options) }, ListWithContextFunc: func(ctx context.Context, options v1.ListOptions) (runtime.Object, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.ConfigV1alpha1().ImagePolicies(namespace).List(ctx, options) + return client.ConfigV1alpha1().PKIs().List(ctx, options) }, WatchFuncWithContext: func(ctx context.Context, options v1.ListOptions) (watch.Interface, error) { if tweakListOptions != nil { tweakListOptions(&options) } - return client.ConfigV1alpha1().ImagePolicies(namespace).Watch(ctx, options) + return client.ConfigV1alpha1().PKIs().Watch(ctx, options) }, }, client), - &apiconfigv1alpha1.ImagePolicy{}, + &apiconfigv1alpha1.PKI{}, resyncPeriod, indexers, ) } -func (f *imagePolicyInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredImagePolicyInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +func (f *pKIInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredPKIInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) } -func (f *imagePolicyInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&apiconfigv1alpha1.ImagePolicy{}, f.defaultInformer) +func (f *pKIInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&apiconfigv1alpha1.PKI{}, f.defaultInformer) } -func (f *imagePolicyInformer) Lister() configv1alpha1.ImagePolicyLister { - return configv1alpha1.NewImagePolicyLister(f.Informer().GetIndexer()) +func (f *pKIInformer) Lister() configv1alpha1.PKILister { + return configv1alpha1.NewPKILister(f.Informer().GetIndexer()) } diff --git a/vendor/github.com/openshift/client-go/config/informers/externalversions/generic.go b/vendor/github.com/openshift/client-go/config/informers/externalversions/generic.go index ca697748ae..4c00a13f17 100644 --- a/vendor/github.com/openshift/client-go/config/informers/externalversions/generic.go +++ b/vendor/github.com/openshift/client-go/config/informers/externalversions/generic.go @@ -93,14 +93,12 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().Backups().Informer()}, nil case v1alpha1.SchemeGroupVersion.WithResource("criocredentialproviderconfigs"): return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().CRIOCredentialProviderConfigs().Informer()}, nil - case v1alpha1.SchemeGroupVersion.WithResource("clusterimagepolicies"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().ClusterImagePolicies().Informer()}, nil case v1alpha1.SchemeGroupVersion.WithResource("clustermonitorings"): return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().ClusterMonitorings().Informer()}, nil - case v1alpha1.SchemeGroupVersion.WithResource("imagepolicies"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().ImagePolicies().Informer()}, nil case v1alpha1.SchemeGroupVersion.WithResource("insightsdatagathers"): return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().InsightsDataGathers().Informer()}, nil + case v1alpha1.SchemeGroupVersion.WithResource("pkis"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1alpha1().PKIs().Informer()}, nil // Group=config.openshift.io, Version=v1alpha2 case v1alpha2.SchemeGroupVersion.WithResource("insightsdatagathers"): diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/clusterimagepolicy.go b/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/clusterimagepolicy.go deleted file mode 100644 index 0512d3682f..0000000000 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/clusterimagepolicy.go +++ /dev/null @@ -1,32 +0,0 @@ -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - configv1alpha1 "github.com/openshift/api/config/v1alpha1" - labels "k8s.io/apimachinery/pkg/labels" - listers "k8s.io/client-go/listers" - cache "k8s.io/client-go/tools/cache" -) - -// ClusterImagePolicyLister helps list ClusterImagePolicies. -// All objects returned here must be treated as read-only. -type ClusterImagePolicyLister interface { - // List lists all ClusterImagePolicies in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*configv1alpha1.ClusterImagePolicy, err error) - // Get retrieves the ClusterImagePolicy from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*configv1alpha1.ClusterImagePolicy, error) - ClusterImagePolicyListerExpansion -} - -// clusterImagePolicyLister implements the ClusterImagePolicyLister interface. -type clusterImagePolicyLister struct { - listers.ResourceIndexer[*configv1alpha1.ClusterImagePolicy] -} - -// NewClusterImagePolicyLister returns a new ClusterImagePolicyLister. -func NewClusterImagePolicyLister(indexer cache.Indexer) ClusterImagePolicyLister { - return &clusterImagePolicyLister{listers.New[*configv1alpha1.ClusterImagePolicy](indexer, configv1alpha1.Resource("clusterimagepolicy"))} -} diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/expansion_generated.go b/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/expansion_generated.go index 75ba32823f..3baf74bc8b 100644 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/expansion_generated.go +++ b/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/expansion_generated.go @@ -10,22 +10,14 @@ type BackupListerExpansion interface{} // CRIOCredentialProviderConfigLister. type CRIOCredentialProviderConfigListerExpansion interface{} -// ClusterImagePolicyListerExpansion allows custom methods to be added to -// ClusterImagePolicyLister. -type ClusterImagePolicyListerExpansion interface{} - // ClusterMonitoringListerExpansion allows custom methods to be added to // ClusterMonitoringLister. type ClusterMonitoringListerExpansion interface{} -// ImagePolicyListerExpansion allows custom methods to be added to -// ImagePolicyLister. -type ImagePolicyListerExpansion interface{} - -// ImagePolicyNamespaceListerExpansion allows custom methods to be added to -// ImagePolicyNamespaceLister. -type ImagePolicyNamespaceListerExpansion interface{} - // InsightsDataGatherListerExpansion allows custom methods to be added to // InsightsDataGatherLister. type InsightsDataGatherListerExpansion interface{} + +// PKIListerExpansion allows custom methods to be added to +// PKILister. +type PKIListerExpansion interface{} diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/imagepolicy.go b/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/imagepolicy.go deleted file mode 100644 index 7050c57718..0000000000 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/imagepolicy.go +++ /dev/null @@ -1,54 +0,0 @@ -// Code generated by lister-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - configv1alpha1 "github.com/openshift/api/config/v1alpha1" - labels "k8s.io/apimachinery/pkg/labels" - listers "k8s.io/client-go/listers" - cache "k8s.io/client-go/tools/cache" -) - -// ImagePolicyLister helps list ImagePolicies. -// All objects returned here must be treated as read-only. -type ImagePolicyLister interface { - // List lists all ImagePolicies in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*configv1alpha1.ImagePolicy, err error) - // ImagePolicies returns an object that can list and get ImagePolicies. - ImagePolicies(namespace string) ImagePolicyNamespaceLister - ImagePolicyListerExpansion -} - -// imagePolicyLister implements the ImagePolicyLister interface. -type imagePolicyLister struct { - listers.ResourceIndexer[*configv1alpha1.ImagePolicy] -} - -// NewImagePolicyLister returns a new ImagePolicyLister. -func NewImagePolicyLister(indexer cache.Indexer) ImagePolicyLister { - return &imagePolicyLister{listers.New[*configv1alpha1.ImagePolicy](indexer, configv1alpha1.Resource("imagepolicy"))} -} - -// ImagePolicies returns an object that can list and get ImagePolicies. -func (s *imagePolicyLister) ImagePolicies(namespace string) ImagePolicyNamespaceLister { - return imagePolicyNamespaceLister{listers.NewNamespaced[*configv1alpha1.ImagePolicy](s.ResourceIndexer, namespace)} -} - -// ImagePolicyNamespaceLister helps list and get ImagePolicies. -// All objects returned here must be treated as read-only. -type ImagePolicyNamespaceLister interface { - // List lists all ImagePolicies in the indexer for a given namespace. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*configv1alpha1.ImagePolicy, err error) - // Get retrieves the ImagePolicy from the indexer for a given namespace and name. - // Objects returned here must be treated as read-only. - Get(name string) (*configv1alpha1.ImagePolicy, error) - ImagePolicyNamespaceListerExpansion -} - -// imagePolicyNamespaceLister implements the ImagePolicyNamespaceLister -// interface. -type imagePolicyNamespaceLister struct { - listers.ResourceIndexer[*configv1alpha1.ImagePolicy] -} diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/pki.go b/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/pki.go new file mode 100644 index 0000000000..8e644cfeb0 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/listers/config/v1alpha1/pki.go @@ -0,0 +1,32 @@ +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + configv1alpha1 "github.com/openshift/api/config/v1alpha1" + labels "k8s.io/apimachinery/pkg/labels" + listers "k8s.io/client-go/listers" + cache "k8s.io/client-go/tools/cache" +) + +// PKILister helps list PKIs. +// All objects returned here must be treated as read-only. +type PKILister interface { + // List lists all PKIs in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*configv1alpha1.PKI, err error) + // Get retrieves the PKI from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*configv1alpha1.PKI, error) + PKIListerExpansion +} + +// pKILister implements the PKILister interface. +type pKILister struct { + listers.ResourceIndexer[*configv1alpha1.PKI] +} + +// NewPKILister returns a new PKILister. +func NewPKILister(indexer cache.Indexer) PKILister { + return &pKILister{listers.New[*configv1alpha1.PKI](indexer, configv1alpha1.Resource("pki"))} +} diff --git a/vendor/github.com/openshift/client-go/image/applyconfigurations/internal/internal.go b/vendor/github.com/openshift/client-go/image/applyconfigurations/internal/internal.go index d03b7da441..5744792737 100644 --- a/vendor/github.com/openshift/client-go/image/applyconfigurations/internal/internal.go +++ b/vendor/github.com/openshift/client-go/image/applyconfigurations/internal/internal.go @@ -23,6 +23,170 @@ func Parser() *typed.Parser { var parserOnce sync.Once var parser *typed.Parser var schemaYAML = typed.YAMLObject(`types: +- name: FieldsV1.v1.meta.apis.pkg.apimachinery.k8s.io + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: ManagedFieldsEntry.v1.meta.apis.pkg.apimachinery.k8s.io + map: + fields: + - name: apiVersion + type: + scalar: string + - name: fieldsType + type: + scalar: string + - name: fieldsV1 + type: + namedType: FieldsV1.v1.meta.apis.pkg.apimachinery.k8s.io + - name: manager + type: + scalar: string + - name: operation + type: + scalar: string + - name: subresource + type: + scalar: string + - name: time + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io +- name: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + map: + fields: + - name: annotations + type: + map: + elementType: + scalar: string + - name: creationTimestamp + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: deletionGracePeriodSeconds + type: + scalar: numeric + - name: deletionTimestamp + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: finalizers + type: + list: + elementType: + scalar: string + elementRelationship: associative + - name: generateName + type: + scalar: string + - name: generation + type: + scalar: numeric + - name: labels + type: + map: + elementType: + scalar: string + - name: managedFields + type: + list: + elementType: + namedType: ManagedFieldsEntry.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: atomic + - name: name + type: + scalar: string + - name: namespace + type: + scalar: string + - name: ownerReferences + type: + list: + elementType: + namedType: OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: associative + keys: + - uid + - name: resourceVersion + type: + scalar: string + - name: selfLink + type: + scalar: string + - name: uid + type: + scalar: string +- name: ObjectReference.v1.core.api.k8s.io + map: + fields: + - name: apiVersion + type: + scalar: string + - name: fieldPath + type: + scalar: string + - name: kind + type: + scalar: string + - name: name + type: + scalar: string + - name: namespace + type: + scalar: string + - name: resourceVersion + type: + scalar: string + - name: uid + type: + scalar: string + elementRelationship: atomic +- name: OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io + map: + fields: + - name: apiVersion + type: + scalar: string + default: "" + - name: blockOwnerDeletion + type: + scalar: boolean + - name: controller + type: + scalar: boolean + - name: kind + type: + scalar: string + default: "" + - name: name + type: + scalar: string + default: "" + - name: uid + type: + scalar: string + default: "" + elementRelationship: atomic +- name: RawExtension.runtime.pkg.apimachinery.k8s.io + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: Time.v1.meta.apis.pkg.apimachinery.k8s.io + scalar: untyped - name: com.github.openshift.api.image.v1.Image map: fields: @@ -52,7 +216,7 @@ var schemaYAML = typed.YAMLObject(`types: elementRelationship: atomic - name: dockerImageMetadata type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: dockerImageMetadataVersion type: scalar: string @@ -70,7 +234,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: signatures type: @@ -147,7 +311,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: created type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io - name: imageIdentity type: scalar: string @@ -162,7 +326,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: signedClaims type: @@ -184,7 +348,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -209,7 +373,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: tag type: @@ -275,10 +439,10 @@ var schemaYAML = typed.YAMLObject(`types: fields: - name: lastProbeTime type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io - name: lastTransitionTime type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io - name: message type: scalar: string @@ -320,7 +484,7 @@ var schemaYAML = typed.YAMLObject(`types: fields: - name: created type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io - name: dockerImageReference type: scalar: string @@ -342,7 +506,7 @@ var schemaYAML = typed.YAMLObject(`types: default: 0 - name: lastTransitionTime type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io - name: message type: scalar: string @@ -379,7 +543,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: from type: - namedType: io.k8s.api.core.v1.ObjectReference + namedType: ObjectReference.v1.core.api.k8s.io - name: generation type: scalar: numeric @@ -405,170 +569,6 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" -- name: io.k8s.api.core.v1.ObjectReference - map: - fields: - - name: apiVersion - type: - scalar: string - - name: fieldPath - type: - scalar: string - - name: kind - type: - scalar: string - - name: name - type: - scalar: string - - name: namespace - type: - scalar: string - - name: resourceVersion - type: - scalar: string - - name: uid - type: - scalar: string - elementRelationship: atomic -- name: io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1 - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable -- name: io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry - map: - fields: - - name: apiVersion - type: - scalar: string - - name: fieldsType - type: - scalar: string - - name: fieldsV1 - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1 - - name: manager - type: - scalar: string - - name: operation - type: - scalar: string - - name: subresource - type: - scalar: string - - name: time - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time -- name: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - map: - fields: - - name: annotations - type: - map: - elementType: - scalar: string - - name: creationTimestamp - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: deletionGracePeriodSeconds - type: - scalar: numeric - - name: deletionTimestamp - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: finalizers - type: - list: - elementType: - scalar: string - elementRelationship: associative - - name: generateName - type: - scalar: string - - name: generation - type: - scalar: numeric - - name: labels - type: - map: - elementType: - scalar: string - - name: managedFields - type: - list: - elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry - elementRelationship: atomic - - name: name - type: - scalar: string - - name: namespace - type: - scalar: string - - name: ownerReferences - type: - list: - elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference - elementRelationship: associative - keys: - - uid - - name: resourceVersion - type: - scalar: string - - name: selfLink - type: - scalar: string - - name: uid - type: - scalar: string -- name: io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference - map: - fields: - - name: apiVersion - type: - scalar: string - default: "" - - name: blockOwnerDeletion - type: - scalar: boolean - - name: controller - type: - scalar: boolean - - name: kind - type: - scalar: string - default: "" - - name: name - type: - scalar: string - default: "" - - name: uid - type: - scalar: string - default: "" - elementRelationship: atomic -- name: io.k8s.apimachinery.pkg.apis.meta.v1.Time - scalar: untyped -- name: io.k8s.apimachinery.pkg.runtime.RawExtension - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable - name: __untyped_atomic_ scalar: untyped list: diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go index 51ec76686f..d0c1a503e2 100644 --- a/vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go @@ -23,61 +23,63 @@ func Parser() *typed.Parser { var parserOnce sync.Once var parser *typed.Parser var schemaYAML = typed.YAMLObject(`types: -- name: com.github.openshift.api.config.v1.ConfigMapFileReference +- name: Condition.v1.meta.apis.pkg.apimachinery.k8s.io map: fields: - - name: key + - name: lastTransitionTime + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: message type: scalar: string - - name: name + default: "" + - name: observedGeneration + type: + scalar: numeric + - name: reason type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.ConfigMapNameReference - map: - fields: - - name: name + - name: status type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.CustomTLSProfile + - name: type + type: + scalar: string + default: "" +- name: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + scalar: string +- name: FieldSelectorAttributes.v1.authorization.api.k8s.io map: fields: - - name: ciphers + - name: rawSelector + type: + scalar: string + - name: requirements type: list: elementType: - scalar: string + namedType: FieldSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: atomic - - name: minTLSVersion +- name: FieldSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io + map: + fields: + - name: key type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.IntermediateTLSProfile - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable -- name: com.github.openshift.api.config.v1.ModernTLSProfile - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable -- name: com.github.openshift.api.config.v1.OldTLSProfile + - name: operator + type: + scalar: string + default: "" + - name: values + type: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: FieldsV1.v1.meta.apis.pkg.apimachinery.k8s.io map: elementType: scalar: untyped @@ -89,191 +91,484 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable -- name: com.github.openshift.api.config.v1.SecretNameReference - map: - fields: - - name: name - type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1.TLSProfileSpec +- name: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io map: fields: - - name: ciphers + - name: matchExpressions type: list: elementType: - scalar: string + namedType: LabelSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: atomic - - name: minTLSVersion + - name: matchLabels type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1.TLSSecurityProfile + map: + elementType: + scalar: string + elementRelationship: atomic +- name: LabelSelectorAttributes.v1.authorization.api.k8s.io map: fields: - - name: custom - type: - namedType: com.github.openshift.api.config.v1.CustomTLSProfile - - name: intermediate - type: - namedType: com.github.openshift.api.config.v1.IntermediateTLSProfile - - name: modern - type: - namedType: com.github.openshift.api.config.v1.ModernTLSProfile - - name: old - type: - namedType: com.github.openshift.api.config.v1.OldTLSProfile - - name: type + - name: rawSelector type: scalar: string - default: "" - unions: - - discriminator: type - fields: - - fieldName: custom - discriminatorValue: Custom - - fieldName: intermediate - discriminatorValue: Intermediate - - fieldName: modern - discriminatorValue: Modern - - fieldName: old - discriminatorValue: Old -- name: com.github.openshift.api.operator.v1.AWSCSIDriverConfigSpec + - name: requirements + type: + list: + elementType: + namedType: LabelSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: atomic +- name: LabelSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io map: fields: - - name: efsVolumeMetrics - type: - namedType: com.github.openshift.api.operator.v1.AWSEFSVolumeMetrics - - name: kmsKeyARN + - name: key type: scalar: string -- name: com.github.openshift.api.operator.v1.AWSClassicLoadBalancerParameters - map: - fields: - - name: connectionIdleTimeout + default: "" + - name: operator type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - - name: subnets + scalar: string + default: "" + - name: values type: - namedType: com.github.openshift.api.operator.v1.AWSSubnets -- name: com.github.openshift.api.operator.v1.AWSEFSVolumeMetrics + list: + elementType: + scalar: string + elementRelationship: atomic +- name: LocalObjectReference.v1.core.api.k8s.io map: fields: - - name: recursiveWalk - type: - namedType: com.github.openshift.api.operator.v1.AWSEFSVolumeMetricsRecursiveWalkConfig - - name: state + - name: name type: scalar: string default: "" - unions: - - discriminator: state - fields: - - fieldName: recursiveWalk - discriminatorValue: RecursiveWalk -- name: com.github.openshift.api.operator.v1.AWSEFSVolumeMetricsRecursiveWalkConfig + elementRelationship: atomic +- name: ManagedFieldsEntry.v1.meta.apis.pkg.apimachinery.k8s.io map: fields: - - name: fsRateLimit + - name: apiVersion type: - scalar: numeric - - name: refreshPeriodMinutes + scalar: string + - name: fieldsType type: - scalar: numeric -- name: com.github.openshift.api.operator.v1.AWSLoadBalancerParameters - map: - fields: - - name: classicLoadBalancer + scalar: string + - name: fieldsV1 type: - namedType: com.github.openshift.api.operator.v1.AWSClassicLoadBalancerParameters - - name: networkLoadBalancer + namedType: FieldsV1.v1.meta.apis.pkg.apimachinery.k8s.io + - name: manager type: - namedType: com.github.openshift.api.operator.v1.AWSNetworkLoadBalancerParameters - - name: type + scalar: string + - name: operation type: scalar: string - default: "" - unions: - - discriminator: type - fields: - - fieldName: classicLoadBalancer - discriminatorValue: ClassicLoadBalancerParameters - - fieldName: networkLoadBalancer - discriminatorValue: NetworkLoadBalancerParameters -- name: com.github.openshift.api.operator.v1.AWSNetworkLoadBalancerParameters + - name: subresource + type: + scalar: string + - name: time + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io +- name: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io map: fields: - - name: eipAllocations + - name: annotations type: - list: + map: elementType: scalar: string - elementRelationship: atomic - - name: subnets + - name: creationTimestamp type: - namedType: com.github.openshift.api.operator.v1.AWSSubnets -- name: com.github.openshift.api.operator.v1.AWSSubnets - map: - fields: - - name: ids + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: deletionGracePeriodSeconds + type: + scalar: numeric + - name: deletionTimestamp + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: finalizers type: list: elementType: scalar: string - elementRelationship: atomic - - name: names + elementRelationship: associative + - name: generateName type: - list: + scalar: string + - name: generation + type: + scalar: numeric + - name: labels + type: + map: elementType: scalar: string - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.AccessLogging - map: - fields: - - name: destination - type: - namedType: com.github.openshift.api.operator.v1.LoggingDestination - default: {} - - name: httpCaptureCookies + - name: managedFields type: list: elementType: - namedType: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookie + namedType: ManagedFieldsEntry.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: atomic - - name: httpCaptureHeaders - type: - namedType: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeaders - default: {} - - name: httpLogFormat + - name: name type: scalar: string - - name: logEmptyRequests + - name: namespace type: scalar: string -- name: com.github.openshift.api.operator.v1.AddPage - map: - fields: - - name: disabledActions + - name: ownerReferences type: list: elementType: - scalar: string - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.AdditionalNetworkDefinition - map: - fields: - - name: name + namedType: OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: associative + keys: + - uid + - name: resourceVersion type: scalar: string - default: "" - - name: namespace + - name: selfLink type: scalar: string - - name: rawCNIConfig + - name: uid type: scalar: string - - name: simpleMacvlanConfig +- name: OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io + map: + fields: + - name: apiVersion + type: + scalar: string + default: "" + - name: blockOwnerDeletion + type: + scalar: boolean + - name: controller + type: + scalar: boolean + - name: kind + type: + scalar: string + default: "" + - name: name + type: + scalar: string + default: "" + - name: uid + type: + scalar: string + default: "" + elementRelationship: atomic +- name: RawExtension.runtime.pkg.apimachinery.k8s.io + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: ResourceAttributes.v1.authorization.api.k8s.io + map: + fields: + - name: fieldSelector + type: + namedType: FieldSelectorAttributes.v1.authorization.api.k8s.io + - name: group + type: + scalar: string + - name: labelSelector + type: + namedType: LabelSelectorAttributes.v1.authorization.api.k8s.io + - name: name + type: + scalar: string + - name: namespace + type: + scalar: string + - name: resource + type: + scalar: string + - name: subresource + type: + scalar: string + - name: verb + type: + scalar: string + - name: version + type: + scalar: string +- name: Time.v1.meta.apis.pkg.apimachinery.k8s.io + scalar: untyped +- name: Toleration.v1.core.api.k8s.io + map: + fields: + - name: effect + type: + scalar: string + - name: key + type: + scalar: string + - name: operator + type: + scalar: string + - name: tolerationSeconds + type: + scalar: numeric + - name: value + type: + scalar: string +- name: com.github.openshift.api.config.v1.ConfigMapFileReference + map: + fields: + - name: key + type: + scalar: string + - name: name + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.ConfigMapNameReference + map: + fields: + - name: name + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.CustomTLSProfile + map: + fields: + - name: ciphers + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: minTLSVersion + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.IntermediateTLSProfile + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: com.github.openshift.api.config.v1.ModernTLSProfile + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: com.github.openshift.api.config.v1.OldTLSProfile + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: com.github.openshift.api.config.v1.SecretNameReference + map: + fields: + - name: name + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.TLSProfileSpec + map: + fields: + - name: ciphers + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: minTLSVersion + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.TLSSecurityProfile + map: + fields: + - name: custom + type: + namedType: com.github.openshift.api.config.v1.CustomTLSProfile + - name: intermediate + type: + namedType: com.github.openshift.api.config.v1.IntermediateTLSProfile + - name: modern + type: + namedType: com.github.openshift.api.config.v1.ModernTLSProfile + - name: old + type: + namedType: com.github.openshift.api.config.v1.OldTLSProfile + - name: type + type: + scalar: string + default: "" + unions: + - discriminator: type + fields: + - fieldName: custom + discriminatorValue: Custom + - fieldName: intermediate + discriminatorValue: Intermediate + - fieldName: modern + discriminatorValue: Modern + - fieldName: old + discriminatorValue: Old +- name: com.github.openshift.api.operator.v1.AWSCSIDriverConfigSpec + map: + fields: + - name: efsVolumeMetrics + type: + namedType: com.github.openshift.api.operator.v1.AWSEFSVolumeMetrics + - name: kmsKeyARN + type: + scalar: string +- name: com.github.openshift.api.operator.v1.AWSClassicLoadBalancerParameters + map: + fields: + - name: connectionIdleTimeout + type: + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: subnets + type: + namedType: com.github.openshift.api.operator.v1.AWSSubnets +- name: com.github.openshift.api.operator.v1.AWSEFSVolumeMetrics + map: + fields: + - name: recursiveWalk + type: + namedType: com.github.openshift.api.operator.v1.AWSEFSVolumeMetricsRecursiveWalkConfig + - name: state + type: + scalar: string + default: "" + unions: + - discriminator: state + fields: + - fieldName: recursiveWalk + discriminatorValue: RecursiveWalk +- name: com.github.openshift.api.operator.v1.AWSEFSVolumeMetricsRecursiveWalkConfig + map: + fields: + - name: fsRateLimit + type: + scalar: numeric + - name: refreshPeriodMinutes + type: + scalar: numeric +- name: com.github.openshift.api.operator.v1.AWSLoadBalancerParameters + map: + fields: + - name: classicLoadBalancer + type: + namedType: com.github.openshift.api.operator.v1.AWSClassicLoadBalancerParameters + - name: networkLoadBalancer + type: + namedType: com.github.openshift.api.operator.v1.AWSNetworkLoadBalancerParameters + - name: type + type: + scalar: string + default: "" + unions: + - discriminator: type + fields: + - fieldName: classicLoadBalancer + discriminatorValue: ClassicLoadBalancerParameters + - fieldName: networkLoadBalancer + discriminatorValue: NetworkLoadBalancerParameters +- name: com.github.openshift.api.operator.v1.AWSNetworkLoadBalancerParameters + map: + fields: + - name: eipAllocations + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: subnets + type: + namedType: com.github.openshift.api.operator.v1.AWSSubnets +- name: com.github.openshift.api.operator.v1.AWSSubnets + map: + fields: + - name: ids + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: names + type: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.AccessLogging + map: + fields: + - name: destination + type: + namedType: com.github.openshift.api.operator.v1.LoggingDestination + default: {} + - name: httpCaptureCookies + type: + list: + elementType: + namedType: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookie + elementRelationship: atomic + - name: httpCaptureHeaders + type: + namedType: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeaders + default: {} + - name: httpLogFormat + type: + scalar: string + - name: logEmptyRequests + type: + scalar: string +- name: com.github.openshift.api.operator.v1.AddPage + map: + fields: + - name: disabledActions + type: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.AdditionalNetworkDefinition + map: + fields: + - name: name + type: + scalar: string + default: "" + - name: namespace + type: + scalar: string + - name: rawCNIConfig + type: + scalar: string + - name: simpleMacvlanConfig type: namedType: com.github.openshift.api.operator.v1.SimpleMacvlanConfig - name: type @@ -300,7 +595,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -322,13 +617,13 @@ var schemaYAML = typed.YAMLObject(`types: default: "" - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: com.github.openshift.api.operator.v1.AuthenticationStatus map: fields: @@ -389,6 +684,16 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" +- name: com.github.openshift.api.operator.v1.BGPManagedConfig + map: + fields: + - name: asNumber + type: + scalar: numeric + default: 64512 + - name: bgpTopology + type: + scalar: string - name: com.github.openshift.api.operator.v1.BootImageSkewEnforcementConfig map: fields: @@ -471,7 +776,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -493,13 +798,13 @@ var schemaYAML = typed.YAMLObject(`types: default: "" - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: com.github.openshift.api.operator.v1.CSISnapshotControllerStatus map: fields: @@ -583,7 +888,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -608,13 +913,13 @@ var schemaYAML = typed.YAMLObject(`types: default: "" - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: com.github.openshift.api.operator.v1.CloudCredentialStatus map: fields: @@ -689,7 +994,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -715,7 +1020,7 @@ var schemaYAML = typed.YAMLObject(`types: default: "" - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string @@ -724,7 +1029,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: com.github.openshift.api.operator.v1.ClusterCSIDriverStatus map: fields: @@ -781,7 +1086,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -814,13 +1119,13 @@ var schemaYAML = typed.YAMLObject(`types: default: "" - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: com.github.openshift.api.operator.v1.ConfigStatus map: fields: @@ -867,7 +1172,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -970,7 +1275,7 @@ var schemaYAML = typed.YAMLObject(`types: default: "" - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string @@ -990,7 +1295,7 @@ var schemaYAML = typed.YAMLObject(`types: default: {} - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: com.github.openshift.api.operator.v1.ConsoleStatus map: fields: @@ -1043,7 +1348,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -1058,10 +1363,10 @@ var schemaYAML = typed.YAMLObject(`types: fields: - name: negativeTTL type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io - name: positiveTTL type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io - name: com.github.openshift.api.operator.v1.DNSNodePlacement map: fields: @@ -1074,7 +1379,7 @@ var schemaYAML = typed.YAMLObject(`types: type: list: elementType: - namedType: io.k8s.api.core.v1.Toleration + namedType: Toleration.v1.core.api.k8s.io elementRelationship: atomic - name: com.github.openshift.api.operator.v1.DNSOverTLSConfig map: @@ -1289,7 +1594,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: @@ -1326,7 +1631,7 @@ var schemaYAML = typed.YAMLObject(`types: default: "" - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string @@ -1335,7 +1640,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: numeric - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: com.github.openshift.api.operator.v1.EtcdStatus map: fields: @@ -1498,10 +1803,10 @@ var schemaYAML = typed.YAMLObject(`types: elementRelationship: atomic - name: lastGatherDuration type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io - name: lastGatherTime type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io - name: com.github.openshift.api.operator.v1.GathererStatus map: fields: @@ -1509,11 +1814,11 @@ var schemaYAML = typed.YAMLObject(`types: type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: atomic - name: lastGatherDuration type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io - name: name type: scalar: string @@ -1557,452 +1862,143 @@ var schemaYAML = typed.YAMLObject(`types: - name: com.github.openshift.api.operator.v1.HealthCheck map: fields: - - name: advisorURI - type: - scalar: string - default: "" - - name: description - type: - scalar: string - default: "" - - name: state - type: - scalar: string - default: "" - - name: totalRisk - type: - scalar: numeric - default: 0 -- name: com.github.openshift.api.operator.v1.HostNetworkStrategy - map: - fields: - - name: httpPort - type: - scalar: numeric - - name: httpsPort - type: - scalar: numeric - - name: protocol - type: - scalar: string - - name: statsPort - type: - scalar: numeric -- name: com.github.openshift.api.operator.v1.HybridOverlayConfig - map: - fields: - - name: hybridClusterNetwork - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.ClusterNetworkEntry - elementRelationship: atomic - - name: hybridOverlayVXLANPort - type: - scalar: numeric -- name: com.github.openshift.api.operator.v1.IBMCloudCSIDriverConfigSpec - map: - fields: - - name: encryptionKeyCRN - type: - scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.IBMLoadBalancerParameters - map: - fields: - - name: protocol - type: - scalar: string -- name: com.github.openshift.api.operator.v1.IPAMConfig - map: - fields: - - name: staticIPAMConfig - type: - namedType: com.github.openshift.api.operator.v1.StaticIPAMConfig - - name: type - type: - scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.IPFIXConfig - map: - fields: - - name: collectors - type: - list: - elementType: - scalar: string - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.IPsecConfig - map: - fields: - - name: full - type: - namedType: com.github.openshift.api.operator.v1.IPsecFullModeConfig - - name: mode - type: - scalar: string - unions: - - discriminator: mode - fields: - - fieldName: full - discriminatorValue: Full -- name: com.github.openshift.api.operator.v1.IPsecFullModeConfig - map: - fields: - - name: encapsulation - type: - scalar: string -- name: com.github.openshift.api.operator.v1.IPv4GatewayConfig - map: - fields: - - name: internalMasqueradeSubnet - type: - scalar: string -- name: com.github.openshift.api.operator.v1.IPv4OVNKubernetesConfig - map: - fields: - - name: internalJoinSubnet - type: - scalar: string - - name: internalTransitSwitchSubnet - type: - scalar: string -- name: com.github.openshift.api.operator.v1.IPv6GatewayConfig - map: - fields: - - name: internalMasqueradeSubnet - type: - scalar: string -- name: com.github.openshift.api.operator.v1.IPv6OVNKubernetesConfig - map: - fields: - - name: internalJoinSubnet - type: - scalar: string - - name: internalTransitSwitchSubnet - type: - scalar: string -- name: com.github.openshift.api.operator.v1.Ingress - map: - fields: - - name: clientDownloadsURL - type: - scalar: string - default: "" - - name: consoleURL - type: - scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.IngressController - map: - fields: - - name: apiVersion - type: - scalar: string - - name: kind - type: - scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec - type: - namedType: com.github.openshift.api.operator.v1.IngressControllerSpec - default: {} - - name: status - type: - namedType: com.github.openshift.api.operator.v1.IngressControllerStatus - default: {} -- name: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookie - map: - fields: - - name: matchType + - name: advisorURI type: scalar: string default: "" - - name: maxLength - type: - scalar: numeric - default: 0 - - name: name + - name: description type: scalar: string default: "" - - name: namePrefix + - name: state type: scalar: string default: "" - unions: - - discriminator: matchType - fields: - - fieldName: name - discriminatorValue: Name - - fieldName: namePrefix - discriminatorValue: NamePrefix -- name: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader + - name: totalRisk + type: + scalar: numeric + default: 0 +- name: com.github.openshift.api.operator.v1.HostNetworkStrategy map: fields: - - name: maxLength + - name: httpPort type: scalar: numeric - default: 0 - - name: name + - name: httpsPort + type: + scalar: numeric + - name: protocol type: scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeaders + - name: statsPort + type: + scalar: numeric +- name: com.github.openshift.api.operator.v1.HybridOverlayConfig map: fields: - - name: request + - name: hybridClusterNetwork type: list: elementType: - namedType: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader + namedType: com.github.openshift.api.operator.v1.ClusterNetworkEntry elementRelationship: atomic - - name: response + - name: hybridOverlayVXLANPort type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.IngressControllerHTTPHeader + scalar: numeric +- name: com.github.openshift.api.operator.v1.IBMCloudCSIDriverConfigSpec map: fields: - - name: action - type: - namedType: com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActionUnion - default: {} - - name: name + - name: encryptionKeyCRN type: scalar: string default: "" -- name: com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActionUnion +- name: com.github.openshift.api.operator.v1.IBMLoadBalancerParameters map: fields: - - name: set - type: - namedType: com.github.openshift.api.operator.v1.IngressControllerSetHTTPHeader - - name: type + - name: protocol type: scalar: string - default: "" - unions: - - discriminator: type - fields: - - fieldName: set - discriminatorValue: Set -- name: com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActions +- name: com.github.openshift.api.operator.v1.IPAMConfig map: fields: - - name: request + - name: staticIPAMConfig type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.IngressControllerHTTPHeader - elementRelationship: associative - keys: - - name - - name: response + namedType: com.github.openshift.api.operator.v1.StaticIPAMConfig + - name: type type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.IngressControllerHTTPHeader - elementRelationship: associative - keys: - - name -- name: com.github.openshift.api.operator.v1.IngressControllerHTTPHeaders + scalar: string + default: "" +- name: com.github.openshift.api.operator.v1.IPFIXConfig map: fields: - - name: actions - type: - namedType: com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActions - default: {} - - name: forwardedHeaderPolicy - type: - scalar: string - - name: headerNameCaseAdjustments + - name: collectors type: list: elementType: scalar: string elementRelationship: atomic - - name: uniqueId - type: - namedType: com.github.openshift.api.operator.v1.IngressControllerHTTPUniqueIdHeaderPolicy - default: {} -- name: com.github.openshift.api.operator.v1.IngressControllerHTTPUniqueIdHeaderPolicy +- name: com.github.openshift.api.operator.v1.IPsecConfig map: fields: - - name: format + - name: full type: - scalar: string - - name: name + namedType: com.github.openshift.api.operator.v1.IPsecFullModeConfig + - name: mode type: scalar: string -- name: com.github.openshift.api.operator.v1.IngressControllerLogging + unions: + - discriminator: mode + fields: + - fieldName: full + discriminatorValue: Full +- name: com.github.openshift.api.operator.v1.IPsecFullModeConfig map: fields: - - name: access + - name: encapsulation type: - namedType: com.github.openshift.api.operator.v1.AccessLogging -- name: com.github.openshift.api.operator.v1.IngressControllerSetHTTPHeader + scalar: string +- name: com.github.openshift.api.operator.v1.IPv4GatewayConfig map: fields: - - name: value + - name: internalMasqueradeSubnet type: scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.IngressControllerSpec +- name: com.github.openshift.api.operator.v1.IPv4OVNKubernetesConfig map: fields: - - name: clientTLS - type: - namedType: com.github.openshift.api.operator.v1.ClientTLS - default: {} - - name: closedClientConnectionPolicy - type: - scalar: string - default: Continue - - name: defaultCertificate - type: - namedType: io.k8s.api.core.v1.LocalObjectReference - - name: domain + - name: internalJoinSubnet type: scalar: string - - name: endpointPublishingStrategy - type: - namedType: com.github.openshift.api.operator.v1.EndpointPublishingStrategy - - name: httpCompression - type: - namedType: com.github.openshift.api.operator.v1.HTTPCompressionPolicy - default: {} - - name: httpEmptyRequestsPolicy + - name: internalTransitSwitchSubnet type: scalar: string - - name: httpErrorCodePages - type: - namedType: com.github.openshift.api.config.v1.ConfigMapNameReference - default: {} - - name: httpHeaders - type: - namedType: com.github.openshift.api.operator.v1.IngressControllerHTTPHeaders - - name: idleConnectionTerminationPolicy +- name: com.github.openshift.api.operator.v1.IPv6GatewayConfig + map: + fields: + - name: internalMasqueradeSubnet type: scalar: string - default: Immediate - - name: logging - type: - namedType: com.github.openshift.api.operator.v1.IngressControllerLogging - - name: namespaceSelector - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector - - name: nodePlacement - type: - namedType: com.github.openshift.api.operator.v1.NodePlacement - - name: replicas - type: - scalar: numeric - - name: routeAdmission - type: - namedType: com.github.openshift.api.operator.v1.RouteAdmissionPolicy - - name: routeSelector - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector - - name: tlsSecurityProfile - type: - namedType: com.github.openshift.api.config.v1.TLSSecurityProfile - - name: tuningOptions - type: - namedType: com.github.openshift.api.operator.v1.IngressControllerTuningOptions - default: {} - - name: unsupportedConfigOverrides - type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.IngressControllerStatus +- name: com.github.openshift.api.operator.v1.IPv6OVNKubernetesConfig map: fields: - - name: availableReplicas - type: - scalar: numeric - default: 0 - - name: conditions - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.OperatorCondition - elementRelationship: associative - keys: - - type - - name: domain + - name: internalJoinSubnet type: scalar: string - default: "" - - name: endpointPublishingStrategy - type: - namedType: com.github.openshift.api.operator.v1.EndpointPublishingStrategy - - name: namespaceSelector - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector - - name: observedGeneration - type: - scalar: numeric - - name: routeSelector - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector - - name: selector + - name: internalTransitSwitchSubnet type: scalar: string - default: "" - - name: tlsProfile - type: - namedType: com.github.openshift.api.config.v1.TLSProfileSpec -- name: com.github.openshift.api.operator.v1.IngressControllerTuningOptions +- name: com.github.openshift.api.operator.v1.Ingress map: fields: - - name: clientFinTimeout - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - - name: clientTimeout - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - - name: connectTimeout - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - - name: headerBufferBytes - type: - scalar: numeric - - name: headerBufferMaxRewriteBytes - type: - scalar: numeric - - name: healthCheckInterval - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - - name: httpKeepAliveTimeout - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - - name: maxConnections - type: - scalar: numeric - - name: reloadInterval - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - - name: serverFinTimeout - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - - name: serverTimeout - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - - name: threadCount - type: - scalar: numeric - - name: tlsInspectDelay + - name: clientDownloadsURL type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - - name: tunnelTimeout + scalar: string + default: "" + - name: consoleURL type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration -- name: com.github.openshift.api.operator.v1.InsightsOperator + scalar: string + default: "" +- name: com.github.openshift.api.operator.v1.IngressController map: fields: - name: apiVersion @@ -2013,261 +2009,228 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1.InsightsOperatorSpec + namedType: com.github.openshift.api.operator.v1.IngressControllerSpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1.InsightsOperatorStatus + namedType: com.github.openshift.api.operator.v1.IngressControllerStatus default: {} -- name: com.github.openshift.api.operator.v1.InsightsOperatorSpec +- name: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookie map: fields: - - name: logLevel - type: - scalar: string - - name: managementState + - name: matchType type: scalar: string default: "" - - name: observedConfig + - name: maxLength type: - namedType: __untyped_atomic_ - - name: operatorLogLevel + scalar: numeric + default: 0 + - name: name type: scalar: string - - name: unsupportedConfigOverrides + default: "" + - name: namePrefix type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.InsightsOperatorStatus + scalar: string + default: "" + unions: + - discriminator: matchType + fields: + - fieldName: name + discriminatorValue: Name + - fieldName: namePrefix + discriminatorValue: NamePrefix +- name: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader map: fields: - - name: conditions - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.OperatorCondition - elementRelationship: associative - keys: - - type - - name: gatherStatus - type: - namedType: com.github.openshift.api.operator.v1.GatherStatus - default: {} - - name: generations - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.GenerationStatus - elementRelationship: associative - keys: - - group - - resource - - namespace - - name - - name: insightsReport - type: - namedType: com.github.openshift.api.operator.v1.InsightsReport - default: {} - - name: latestAvailableRevision - type: - scalar: numeric - - name: observedGeneration - type: - scalar: numeric - - name: readyReplicas + - name: maxLength type: scalar: numeric default: 0 - - name: version + - name: name type: scalar: string -- name: com.github.openshift.api.operator.v1.InsightsReport + default: "" +- name: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeaders map: fields: - - name: downloadedAt - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: healthChecks + - name: request type: list: elementType: - namedType: com.github.openshift.api.operator.v1.HealthCheck + namedType: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.IrreconcilableValidationOverrides - map: - fields: - - name: storage + - name: response type: list: elementType: - scalar: string - elementRelationship: associative -- name: com.github.openshift.api.operator.v1.KubeAPIServer + namedType: com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.IngressControllerHTTPHeader map: fields: - - name: apiVersion - type: - scalar: string - - name: kind - type: - scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec - type: - namedType: com.github.openshift.api.operator.v1.KubeAPIServerSpec - default: {} - - name: status + - name: action type: - namedType: com.github.openshift.api.operator.v1.KubeAPIServerStatus + namedType: com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActionUnion default: {} -- name: com.github.openshift.api.operator.v1.KubeAPIServerSpec - map: - fields: - - name: eventTTLMinutes - type: - scalar: numeric - - name: failedRevisionLimit - type: - scalar: numeric - - name: forceRedeploymentReason + - name: name type: scalar: string default: "" - - name: logLevel +- name: com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActionUnion + map: + fields: + - name: set type: - scalar: string - - name: managementState + namedType: com.github.openshift.api.operator.v1.IngressControllerSetHTTPHeader + - name: type type: scalar: string default: "" - - name: observedConfig - type: - namedType: __untyped_atomic_ - - name: operatorLogLevel - type: - scalar: string - - name: succeededRevisionLimit - type: - scalar: numeric - - name: unsupportedConfigOverrides - type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.KubeAPIServerStatus + unions: + - discriminator: type + fields: + - fieldName: set + discriminatorValue: Set +- name: com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActions map: fields: - - name: conditions + - name: request type: list: elementType: - namedType: com.github.openshift.api.operator.v1.OperatorCondition + namedType: com.github.openshift.api.operator.v1.IngressControllerHTTPHeader elementRelationship: associative keys: - - type - - name: generations + - name + - name: response type: list: elementType: - namedType: com.github.openshift.api.operator.v1.GenerationStatus + namedType: com.github.openshift.api.operator.v1.IngressControllerHTTPHeader elementRelationship: associative keys: - - group - - resource - - namespace - name - - name: latestAvailableRevision +- name: com.github.openshift.api.operator.v1.IngressControllerHTTPHeaders + map: + fields: + - name: actions type: - scalar: numeric - - name: latestAvailableRevisionReason + namedType: com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActions + default: {} + - name: forwardedHeaderPolicy type: scalar: string - - name: nodeStatuses - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.NodeStatus - elementRelationship: associative - keys: - - nodeName - - name: observedGeneration - type: - scalar: numeric - - name: readyReplicas - type: - scalar: numeric - default: 0 - - name: serviceAccountIssuers + - name: headerNameCaseAdjustments type: list: elementType: - namedType: com.github.openshift.api.operator.v1.ServiceAccountIssuerStatus + scalar: string elementRelationship: atomic - - name: version + - name: uniqueId type: - scalar: string -- name: com.github.openshift.api.operator.v1.KubeControllerManager + namedType: com.github.openshift.api.operator.v1.IngressControllerHTTPUniqueIdHeaderPolicy + default: {} +- name: com.github.openshift.api.operator.v1.IngressControllerHTTPUniqueIdHeaderPolicy map: fields: - - name: apiVersion + - name: format type: scalar: string - - name: kind + - name: name type: scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec +- name: com.github.openshift.api.operator.v1.IngressControllerLogging + map: + fields: + - name: access type: - namedType: com.github.openshift.api.operator.v1.KubeControllerManagerSpec - default: {} - - name: status + namedType: com.github.openshift.api.operator.v1.AccessLogging +- name: com.github.openshift.api.operator.v1.IngressControllerSetHTTPHeader + map: + fields: + - name: value type: - namedType: com.github.openshift.api.operator.v1.KubeControllerManagerStatus - default: {} -- name: com.github.openshift.api.operator.v1.KubeControllerManagerSpec + scalar: string + default: "" +- name: com.github.openshift.api.operator.v1.IngressControllerSpec map: fields: - - name: failedRevisionLimit + - name: clientTLS type: - scalar: numeric - - name: forceRedeploymentReason + namedType: com.github.openshift.api.operator.v1.ClientTLS + default: {} + - name: closedClientConnectionPolicy type: scalar: string - default: "" - - name: logLevel + default: Continue + - name: defaultCertificate + type: + namedType: LocalObjectReference.v1.core.api.k8s.io + - name: domain type: scalar: string - - name: managementState + - name: endpointPublishingStrategy + type: + namedType: com.github.openshift.api.operator.v1.EndpointPublishingStrategy + - name: httpCompression + type: + namedType: com.github.openshift.api.operator.v1.HTTPCompressionPolicy + default: {} + - name: httpEmptyRequestsPolicy + type: + scalar: string + - name: httpErrorCodePages + type: + namedType: com.github.openshift.api.config.v1.ConfigMapNameReference + default: {} + - name: httpHeaders + type: + namedType: com.github.openshift.api.operator.v1.IngressControllerHTTPHeaders + - name: idleConnectionTerminationPolicy type: scalar: string - default: "" - - name: observedConfig + default: Immediate + - name: logging type: - namedType: __untyped_atomic_ - - name: operatorLogLevel + namedType: com.github.openshift.api.operator.v1.IngressControllerLogging + - name: namespaceSelector type: - scalar: string - - name: succeededRevisionLimit + namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io + - name: nodePlacement + type: + namedType: com.github.openshift.api.operator.v1.NodePlacement + - name: replicas type: scalar: numeric - - name: unsupportedConfigOverrides + - name: routeAdmission type: - namedType: __untyped_atomic_ - - name: useMoreSecureServiceCA + namedType: com.github.openshift.api.operator.v1.RouteAdmissionPolicy + - name: routeSelector type: - scalar: boolean - default: false -- name: com.github.openshift.api.operator.v1.KubeControllerManagerStatus + namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io + - name: tlsSecurityProfile + type: + namedType: com.github.openshift.api.config.v1.TLSSecurityProfile + - name: tuningOptions + type: + namedType: com.github.openshift.api.operator.v1.IngressControllerTuningOptions + default: {} + - name: unsupportedConfigOverrides + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.IngressControllerStatus map: fields: + - name: availableReplicas + type: + scalar: numeric + default: 0 - name: conditions type: list: @@ -2276,138 +2239,78 @@ var schemaYAML = typed.YAMLObject(`types: elementRelationship: associative keys: - type - - name: generations - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.GenerationStatus - elementRelationship: associative - keys: - - group - - resource - - namespace - - name - - name: latestAvailableRevision - type: - scalar: numeric - - name: latestAvailableRevisionReason + - name: domain type: scalar: string - - name: nodeStatuses + default: "" + - name: endpointPublishingStrategy type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.NodeStatus - elementRelationship: associative - keys: - - nodeName - - name: observedGeneration + namedType: com.github.openshift.api.operator.v1.EndpointPublishingStrategy + - name: namespaceSelector type: - scalar: numeric - - name: readyReplicas + namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io + - name: observedGeneration type: scalar: numeric - default: 0 - - name: version - type: - scalar: string -- name: com.github.openshift.api.operator.v1.KubeScheduler - map: - fields: - - name: apiVersion + - name: routeSelector type: - scalar: string - - name: kind + namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io + - name: selector type: scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec - type: - namedType: com.github.openshift.api.operator.v1.KubeSchedulerSpec - default: {} - - name: status + default: "" + - name: tlsProfile type: - namedType: com.github.openshift.api.operator.v1.KubeSchedulerStatus - default: {} -- name: com.github.openshift.api.operator.v1.KubeSchedulerSpec + namedType: com.github.openshift.api.config.v1.TLSProfileSpec +- name: com.github.openshift.api.operator.v1.IngressControllerTuningOptions map: fields: - - name: failedRevisionLimit - type: - scalar: numeric - - name: forceRedeploymentReason + - name: clientFinTimeout type: - scalar: string - default: "" - - name: logLevel + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: clientTimeout type: - scalar: string - - name: managementState + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: configurationManagement type: scalar: string - default: "" - - name: observedConfig - type: - namedType: __untyped_atomic_ - - name: operatorLogLevel + - name: connectTimeout type: - scalar: string - - name: succeededRevisionLimit + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: headerBufferBytes type: scalar: numeric - - name: unsupportedConfigOverrides + - name: headerBufferMaxRewriteBytes type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.KubeSchedulerStatus - map: - fields: - - name: conditions + scalar: numeric + - name: healthCheckInterval type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.OperatorCondition - elementRelationship: associative - keys: - - type - - name: generations + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: httpKeepAliveTimeout type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.GenerationStatus - elementRelationship: associative - keys: - - group - - resource - - namespace - - name - - name: latestAvailableRevision + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: maxConnections type: scalar: numeric - - name: latestAvailableRevisionReason + - name: reloadInterval type: - scalar: string - - name: nodeStatuses + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: serverFinTimeout type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.NodeStatus - elementRelationship: associative - keys: - - nodeName - - name: observedGeneration + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: serverTimeout type: - scalar: numeric - - name: readyReplicas + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: threadCount type: scalar: numeric - default: 0 - - name: version + - name: tlsInspectDelay type: - scalar: string -- name: com.github.openshift.api.operator.v1.KubeStorageVersionMigrator + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io + - name: tunnelTimeout + type: + namedType: Duration.v1.meta.apis.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.InsightsOperator map: fields: - name: apiVersion @@ -2418,17 +2321,17 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1.KubeStorageVersionMigratorSpec + namedType: com.github.openshift.api.operator.v1.InsightsOperatorSpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1.KubeStorageVersionMigratorStatus + namedType: com.github.openshift.api.operator.v1.InsightsOperatorStatus default: {} -- name: com.github.openshift.api.operator.v1.KubeStorageVersionMigratorSpec +- name: com.github.openshift.api.operator.v1.InsightsOperatorSpec map: fields: - name: logLevel @@ -2440,14 +2343,14 @@ var schemaYAML = typed.YAMLObject(`types: default: "" - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.KubeStorageVersionMigratorStatus + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.InsightsOperatorStatus map: fields: - name: conditions @@ -2458,6 +2361,10 @@ var schemaYAML = typed.YAMLObject(`types: elementRelationship: associative keys: - type + - name: gatherStatus + type: + namedType: com.github.openshift.api.operator.v1.GatherStatus + default: {} - name: generations type: list: @@ -2469,6 +2376,10 @@ var schemaYAML = typed.YAMLObject(`types: - resource - namespace - name + - name: insightsReport + type: + namedType: com.github.openshift.api.operator.v1.InsightsReport + default: {} - name: latestAvailableRevision type: scalar: numeric @@ -2482,80 +2393,133 @@ var schemaYAML = typed.YAMLObject(`types: - name: version type: scalar: string -- name: com.github.openshift.api.operator.v1.LoadBalancerStrategy +- name: com.github.openshift.api.operator.v1.InsightsReport map: fields: - - name: allowedSourceRanges + - name: downloadedAt + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: healthChecks type: list: elementType: - scalar: string + namedType: com.github.openshift.api.operator.v1.HealthCheck elementRelationship: atomic - - name: dnsManagementPolicy +- name: com.github.openshift.api.operator.v1.IrreconcilableValidationOverrides + map: + fields: + - name: storage type: - scalar: string - default: Managed - - name: providerParameters + list: + elementType: + scalar: string + elementRelationship: associative +- name: com.github.openshift.api.operator.v1.KubeAPIServer + map: + fields: + - name: apiVersion type: - namedType: com.github.openshift.api.operator.v1.ProviderLoadBalancerParameters - - name: scope + scalar: string + - name: kind type: scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.LoggingDestination + - name: metadata + type: + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec + type: + namedType: com.github.openshift.api.operator.v1.KubeAPIServerSpec + default: {} + - name: status + type: + namedType: com.github.openshift.api.operator.v1.KubeAPIServerStatus + default: {} +- name: com.github.openshift.api.operator.v1.KubeAPIServerSpec map: fields: - - name: container + - name: eventTTLMinutes type: - namedType: com.github.openshift.api.operator.v1.ContainerLoggingDestinationParameters - - name: syslog + scalar: numeric + - name: failedRevisionLimit type: - namedType: com.github.openshift.api.operator.v1.SyslogLoggingDestinationParameters - - name: type + scalar: numeric + - name: forceRedeploymentReason type: scalar: string default: "" - unions: - - discriminator: type - fields: - - fieldName: container - discriminatorValue: Container - - fieldName: syslog - discriminatorValue: Syslog -- name: com.github.openshift.api.operator.v1.Logo + - name: logLevel + type: + scalar: string + - name: managementState + type: + scalar: string + default: "" + - name: observedConfig + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io + - name: operatorLogLevel + type: + scalar: string + - name: succeededRevisionLimit + type: + scalar: numeric + - name: unsupportedConfigOverrides + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.KubeAPIServerStatus map: fields: - - name: themes + - name: conditions type: list: elementType: - namedType: com.github.openshift.api.operator.v1.Theme + namedType: com.github.openshift.api.operator.v1.OperatorCondition elementRelationship: associative keys: - - mode - - name: type + - type + - name: generations type: - scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.MTUMigration - map: - fields: - - name: machine + list: + elementType: + namedType: com.github.openshift.api.operator.v1.GenerationStatus + elementRelationship: associative + keys: + - group + - resource + - namespace + - name + - name: latestAvailableRevision type: - namedType: com.github.openshift.api.operator.v1.MTUMigrationValues - - name: network + scalar: numeric + - name: latestAvailableRevisionReason type: - namedType: com.github.openshift.api.operator.v1.MTUMigrationValues -- name: com.github.openshift.api.operator.v1.MTUMigrationValues - map: - fields: - - name: from + scalar: string + - name: nodeStatuses + type: + list: + elementType: + namedType: com.github.openshift.api.operator.v1.NodeStatus + elementRelationship: associative + keys: + - nodeName + - name: observedGeneration type: scalar: numeric - - name: to + - name: readyReplicas type: scalar: numeric -- name: com.github.openshift.api.operator.v1.MachineConfiguration + default: 0 + - name: serviceAccountIssuers + type: + list: + elementType: + namedType: com.github.openshift.api.operator.v1.ServiceAccountIssuerStatus + elementRelationship: atomic + - name: version + type: + scalar: string +- name: com.github.openshift.api.operator.v1.KubeControllerManager map: fields: - name: apiVersion @@ -2566,23 +2530,19 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1.MachineConfigurationSpec + namedType: com.github.openshift.api.operator.v1.KubeControllerManagerSpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1.MachineConfigurationStatus + namedType: com.github.openshift.api.operator.v1.KubeControllerManagerStatus default: {} -- name: com.github.openshift.api.operator.v1.MachineConfigurationSpec +- name: com.github.openshift.api.operator.v1.KubeControllerManagerSpec map: fields: - - name: bootImageSkewEnforcement - type: - namedType: com.github.openshift.api.operator.v1.BootImageSkewEnforcementConfig - default: {} - name: failedRevisionLimit type: scalar: numeric @@ -2590,28 +2550,16 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" - - name: irreconcilableValidationOverrides - type: - namedType: com.github.openshift.api.operator.v1.IrreconcilableValidationOverrides - default: {} - name: logLevel type: scalar: string - - name: managedBootImages - type: - namedType: com.github.openshift.api.operator.v1.ManagedBootImages - default: {} - name: managementState type: scalar: string default: "" - - name: nodeDisruptionPolicy - type: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyConfig - default: {} - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string @@ -2620,85 +2568,58 @@ var schemaYAML = typed.YAMLObject(`types: scalar: numeric - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.MachineConfigurationStatus + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io + - name: useMoreSecureServiceCA + type: + scalar: boolean + default: false +- name: com.github.openshift.api.operator.v1.KubeControllerManagerStatus map: fields: - - name: bootImageSkewEnforcementStatus - type: - namedType: com.github.openshift.api.operator.v1.BootImageSkewEnforcementStatus - default: {} - name: conditions type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + namedType: com.github.openshift.api.operator.v1.OperatorCondition elementRelationship: associative keys: - type - - name: managedBootImagesStatus - type: - namedType: com.github.openshift.api.operator.v1.ManagedBootImages - default: {} - - name: nodeDisruptionPolicyStatus + - name: generations type: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatus - default: {} - - name: observedGeneration + list: + elementType: + namedType: com.github.openshift.api.operator.v1.GenerationStatus + elementRelationship: associative + keys: + - group + - resource + - namespace + - name + - name: latestAvailableRevision type: scalar: numeric -- name: com.github.openshift.api.operator.v1.MachineManager - map: - fields: - - name: apiGroup - type: - scalar: string - default: "" - - name: resource - type: - scalar: string - default: "" - - name: selection - type: - namedType: com.github.openshift.api.operator.v1.MachineManagerSelector - default: {} -- name: com.github.openshift.api.operator.v1.MachineManagerSelector - map: - fields: - - name: mode + - name: latestAvailableRevisionReason type: scalar: string - default: "" - - name: partial - type: - namedType: com.github.openshift.api.operator.v1.PartialSelector - unions: - - discriminator: mode - fields: - - fieldName: partial - discriminatorValue: Partial -- name: com.github.openshift.api.operator.v1.ManagedBootImages - map: - fields: - - name: machineManagers + - name: nodeStatuses type: list: elementType: - namedType: com.github.openshift.api.operator.v1.MachineManager + namedType: com.github.openshift.api.operator.v1.NodeStatus elementRelationship: associative keys: - - resource - - apiGroup -- name: com.github.openshift.api.operator.v1.NetFlowConfig - map: - fields: - - name: collectors + - nodeName + - name: observedGeneration type: - list: - elementType: - scalar: string - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.Network + scalar: numeric + - name: readyReplicas + type: + scalar: numeric + default: 0 + - name: version + type: + scalar: string +- name: com.github.openshift.api.operator.v1.KubeScheduler map: fields: - name: apiVersion @@ -2709,71 +2630,115 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1.NetworkSpec + namedType: com.github.openshift.api.operator.v1.KubeSchedulerSpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1.NetworkStatus + namedType: com.github.openshift.api.operator.v1.KubeSchedulerStatus default: {} -- name: com.github.openshift.api.operator.v1.NetworkMigration +- name: com.github.openshift.api.operator.v1.KubeSchedulerSpec map: fields: - - name: features + - name: failedRevisionLimit type: - namedType: com.github.openshift.api.operator.v1.FeaturesMigration - - name: mode + scalar: numeric + - name: forceRedeploymentReason type: scalar: string - - name: mtu + default: "" + - name: logLevel type: - namedType: com.github.openshift.api.operator.v1.MTUMigration - - name: networkType + scalar: string + - name: managementState type: scalar: string -- name: com.github.openshift.api.operator.v1.NetworkSpec + default: "" + - name: observedConfig + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io + - name: operatorLogLevel + type: + scalar: string + - name: succeededRevisionLimit + type: + scalar: numeric + - name: unsupportedConfigOverrides + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.KubeSchedulerStatus map: fields: - - name: additionalNetworks + - name: conditions type: list: elementType: - namedType: com.github.openshift.api.operator.v1.AdditionalNetworkDefinition + namedType: com.github.openshift.api.operator.v1.OperatorCondition + elementRelationship: associative + keys: + - type + - name: generations + type: + list: + elementType: + namedType: com.github.openshift.api.operator.v1.GenerationStatus elementRelationship: associative keys: + - group + - resource + - namespace - name - - name: additionalRoutingCapabilities + - name: latestAvailableRevision type: - namedType: com.github.openshift.api.operator.v1.AdditionalRoutingCapabilities - - name: clusterNetwork + scalar: numeric + - name: latestAvailableRevisionReason + type: + scalar: string + - name: nodeStatuses type: list: elementType: - namedType: com.github.openshift.api.operator.v1.ClusterNetworkEntry - elementRelationship: atomic - - name: defaultNetwork + namedType: com.github.openshift.api.operator.v1.NodeStatus + elementRelationship: associative + keys: + - nodeName + - name: observedGeneration type: - namedType: com.github.openshift.api.operator.v1.DefaultNetworkDefinition - default: {} - - name: deployKubeProxy + scalar: numeric + - name: readyReplicas type: - scalar: boolean - - name: disableMultiNetwork + scalar: numeric + default: 0 + - name: version type: - scalar: boolean - - name: disableNetworkDiagnostics + scalar: string +- name: com.github.openshift.api.operator.v1.KubeStorageVersionMigrator + map: + fields: + - name: apiVersion type: - scalar: boolean - default: false - - name: exportNetworkFlows + scalar: string + - name: kind + type: + scalar: string + - name: metadata type: - namedType: com.github.openshift.api.operator.v1.ExportNetworkFlows - - name: kubeProxyConfig + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec type: - namedType: com.github.openshift.api.operator.v1.ProxyConfig + namedType: com.github.openshift.api.operator.v1.KubeStorageVersionMigratorSpec + default: {} + - name: status + type: + namedType: com.github.openshift.api.operator.v1.KubeStorageVersionMigratorStatus + default: {} +- name: com.github.openshift.api.operator.v1.KubeStorageVersionMigratorSpec + map: + fields: - name: logLevel type: scalar: string @@ -2781,28 +2746,16 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" - - name: migration - type: - namedType: com.github.openshift.api.operator.v1.NetworkMigration - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string - - name: serviceNetwork - type: - list: - elementType: - scalar: string - elementRelationship: atomic - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ - - name: useMultiNetworkPolicy - type: - scalar: boolean -- name: com.github.openshift.api.operator.v1.NetworkStatus + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.KubeStorageVersionMigratorStatus map: fields: - name: conditions @@ -2837,123 +2790,35 @@ var schemaYAML = typed.YAMLObject(`types: - name: version type: scalar: string -- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyClusterStatus - map: - fields: - - name: files - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusFile - elementRelationship: associative - keys: - - path - - name: sshkey - type: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusSSHKey - default: {} - - name: units - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusUnit - elementRelationship: associative - keys: - - name -- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyConfig - map: - fields: - - name: files - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecFile - elementRelationship: associative - keys: - - path - - name: sshkey - type: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecSSHKey - default: {} - - name: units - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecUnit - elementRelationship: associative - keys: - - name -- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction - map: - fields: - - name: reload - type: - namedType: com.github.openshift.api.operator.v1.ReloadService - - name: restart - type: - namedType: com.github.openshift.api.operator.v1.RestartService - - name: type - type: - scalar: string - default: "" - unions: - - discriminator: type - fields: - - fieldName: reload - discriminatorValue: Reload - - fieldName: restart - discriminatorValue: Restart -- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecFile +- name: com.github.openshift.api.operator.v1.LoadBalancerStrategy map: fields: - - name: actions + - name: allowedSourceRanges type: list: elementType: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction + scalar: string elementRelationship: atomic - - name: path + - name: dnsManagementPolicy type: scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecSSHKey - map: - fields: - - name: actions - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecUnit - map: - fields: - - name: actions + default: Managed + - name: providerParameters type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction - elementRelationship: atomic - - name: name + namedType: com.github.openshift.api.operator.v1.ProviderLoadBalancerParameters + - name: scope type: scalar: string default: "" -- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatus - map: - fields: - - name: clusterPolicies - type: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyClusterStatus - default: {} -- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction +- name: com.github.openshift.api.operator.v1.LoggingDestination map: fields: - - name: reload + - name: container type: - namedType: com.github.openshift.api.operator.v1.ReloadService - - name: restart + namedType: com.github.openshift.api.operator.v1.ContainerLoggingDestinationParameters + - name: syslog type: - namedType: com.github.openshift.api.operator.v1.RestartService + namedType: com.github.openshift.api.operator.v1.SyslogLoggingDestinationParameters - name: type type: scalar: string @@ -2961,104 +2826,44 @@ var schemaYAML = typed.YAMLObject(`types: unions: - discriminator: type fields: - - fieldName: reload - discriminatorValue: Reload - - fieldName: restart - discriminatorValue: Restart -- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusFile - map: - fields: - - name: actions - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction - elementRelationship: atomic - - name: path - type: - scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusSSHKey - map: - fields: - - name: actions - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusUnit + - fieldName: container + discriminatorValue: Container + - fieldName: syslog + discriminatorValue: Syslog +- name: com.github.openshift.api.operator.v1.Logo map: fields: - - name: actions + - name: themes type: list: elementType: - namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction - elementRelationship: atomic - - name: name + namedType: com.github.openshift.api.operator.v1.Theme + elementRelationship: associative + keys: + - mode + - name: type type: scalar: string default: "" -- name: com.github.openshift.api.operator.v1.NodePlacement +- name: com.github.openshift.api.operator.v1.MTUMigration map: fields: - - name: nodeSelector - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector - - name: tolerations + - name: machine type: - list: - elementType: - namedType: io.k8s.api.core.v1.Toleration - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.NodePortStrategy - map: - fields: - - name: protocol + namedType: com.github.openshift.api.operator.v1.MTUMigrationValues + - name: network type: - scalar: string -- name: com.github.openshift.api.operator.v1.NodeStatus + namedType: com.github.openshift.api.operator.v1.MTUMigrationValues +- name: com.github.openshift.api.operator.v1.MTUMigrationValues map: fields: - - name: currentRevision - type: - scalar: numeric - - name: lastFailedCount - type: - scalar: numeric - - name: lastFailedReason - type: - scalar: string - - name: lastFailedRevision - type: - scalar: numeric - - name: lastFailedRevisionErrors - type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: lastFailedTime - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: lastFallbackCount - type: - scalar: numeric - - name: nodeName - type: - scalar: string - default: "" - - name: targetRevision + - name: from type: scalar: numeric -- name: com.github.openshift.api.operator.v1.OAuthAPIServerStatus - map: - fields: - - name: latestAvailableRevision + - name: to type: scalar: numeric -- name: com.github.openshift.api.operator.v1.OLM +- name: com.github.openshift.api.operator.v1.MachineConfiguration map: fields: - name: apiVersion @@ -3069,113 +2874,139 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1.OLMSpec + namedType: com.github.openshift.api.operator.v1.MachineConfigurationSpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1.OLMStatus + namedType: com.github.openshift.api.operator.v1.MachineConfigurationStatus + default: {} +- name: com.github.openshift.api.operator.v1.MachineConfigurationSpec + map: + fields: + - name: bootImageSkewEnforcement + type: + namedType: com.github.openshift.api.operator.v1.BootImageSkewEnforcementConfig + default: {} + - name: failedRevisionLimit + type: + scalar: numeric + - name: forceRedeploymentReason + type: + scalar: string + default: "" + - name: irreconcilableValidationOverrides + type: + namedType: com.github.openshift.api.operator.v1.IrreconcilableValidationOverrides default: {} -- name: com.github.openshift.api.operator.v1.OLMSpec - map: - fields: - name: logLevel type: scalar: string + - name: managedBootImages + type: + namedType: com.github.openshift.api.operator.v1.ManagedBootImages + default: {} - name: managementState type: scalar: string default: "" + - name: nodeDisruptionPolicy + type: + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyConfig + default: {} - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string + - name: succeededRevisionLimit + type: + scalar: numeric - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.OLMStatus + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.MachineConfigurationStatus map: fields: + - name: bootImageSkewEnforcementStatus + type: + namedType: com.github.openshift.api.operator.v1.BootImageSkewEnforcementStatus + default: {} - name: conditions type: list: elementType: - namedType: com.github.openshift.api.operator.v1.OperatorCondition + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: associative keys: - type - - name: generations + - name: managedBootImagesStatus type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.GenerationStatus - elementRelationship: associative - keys: - - group - - resource - - namespace - - name - - name: latestAvailableRevision + namedType: com.github.openshift.api.operator.v1.ManagedBootImages + default: {} + - name: nodeDisruptionPolicyStatus type: - scalar: numeric + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatus + default: {} - name: observedGeneration type: scalar: numeric - - name: readyReplicas - type: - scalar: numeric - default: 0 - - name: version - type: - scalar: string -- name: com.github.openshift.api.operator.v1.OVNKubernetesConfig +- name: com.github.openshift.api.operator.v1.MachineManager map: fields: - - name: egressIPConfig - type: - namedType: com.github.openshift.api.operator.v1.EgressIPConfig - default: {} - - name: gatewayConfig - type: - namedType: com.github.openshift.api.operator.v1.GatewayConfig - - name: genevePort - type: - scalar: numeric - - name: hybridOverlayConfig - type: - namedType: com.github.openshift.api.operator.v1.HybridOverlayConfig - - name: ipsecConfig - type: - namedType: com.github.openshift.api.operator.v1.IPsecConfig - default: - mode: Disabled - - name: ipv4 - type: - namedType: com.github.openshift.api.operator.v1.IPv4OVNKubernetesConfig - - name: ipv6 + - name: apiGroup type: - namedType: com.github.openshift.api.operator.v1.IPv6OVNKubernetesConfig - - name: mtu + scalar: string + default: "" + - name: resource type: - scalar: numeric - - name: policyAuditConfig + scalar: string + default: "" + - name: selection type: - namedType: com.github.openshift.api.operator.v1.PolicyAuditConfig - - name: routeAdvertisements + namedType: com.github.openshift.api.operator.v1.MachineManagerSelector + default: {} +- name: com.github.openshift.api.operator.v1.MachineManagerSelector + map: + fields: + - name: mode type: scalar: string - - name: v4InternalSubnet + default: "" + - name: partial type: - scalar: string - - name: v6InternalSubnet + namedType: com.github.openshift.api.operator.v1.PartialSelector + unions: + - discriminator: mode + fields: + - fieldName: partial + discriminatorValue: Partial +- name: com.github.openshift.api.operator.v1.ManagedBootImages + map: + fields: + - name: machineManagers type: - scalar: string -- name: com.github.openshift.api.operator.v1.OpenShiftAPIServer + list: + elementType: + namedType: com.github.openshift.api.operator.v1.MachineManager + elementRelationship: associative + keys: + - resource + - apiGroup +- name: com.github.openshift.api.operator.v1.NetFlowConfig + map: + fields: + - name: collectors + type: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.Network map: fields: - name: apiVersion @@ -3186,94 +3017,71 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1.OpenShiftAPIServerSpec + namedType: com.github.openshift.api.operator.v1.NetworkSpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1.OpenShiftAPIServerStatus + namedType: com.github.openshift.api.operator.v1.NetworkStatus default: {} -- name: com.github.openshift.api.operator.v1.OpenShiftAPIServerSpec +- name: com.github.openshift.api.operator.v1.NetworkMigration map: fields: - - name: logLevel + - name: features type: - scalar: string - - name: managementState + namedType: com.github.openshift.api.operator.v1.FeaturesMigration + - name: mode type: scalar: string - default: "" - - name: observedConfig + - name: mtu type: - namedType: __untyped_atomic_ - - name: operatorLogLevel + namedType: com.github.openshift.api.operator.v1.MTUMigration + - name: networkType type: scalar: string - - name: unsupportedConfigOverrides - type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.OpenShiftAPIServerStatus +- name: com.github.openshift.api.operator.v1.NetworkSpec map: fields: - - name: conditions - type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1.OperatorCondition - elementRelationship: associative - keys: - - type - - name: generations + - name: additionalNetworks type: list: elementType: - namedType: com.github.openshift.api.operator.v1.GenerationStatus + namedType: com.github.openshift.api.operator.v1.AdditionalNetworkDefinition elementRelationship: associative keys: - - group - - resource - - namespace - name - - name: latestAvailableRevision - type: - scalar: numeric - - name: observedGeneration + - name: additionalRoutingCapabilities type: - scalar: numeric - - name: readyReplicas + namedType: com.github.openshift.api.operator.v1.AdditionalRoutingCapabilities + - name: clusterNetwork type: - scalar: numeric - default: 0 - - name: version + list: + elementType: + namedType: com.github.openshift.api.operator.v1.ClusterNetworkEntry + elementRelationship: atomic + - name: defaultNetwork type: - scalar: string -- name: com.github.openshift.api.operator.v1.OpenShiftControllerManager - map: - fields: - - name: apiVersion + namedType: com.github.openshift.api.operator.v1.DefaultNetworkDefinition + default: {} + - name: deployKubeProxy type: - scalar: string - - name: kind + scalar: boolean + - name: disableMultiNetwork type: - scalar: string - - name: metadata + scalar: boolean + - name: disableNetworkDiagnostics type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec + scalar: boolean + default: false + - name: exportNetworkFlows type: - namedType: com.github.openshift.api.operator.v1.OpenShiftControllerManagerSpec - default: {} - - name: status + namedType: com.github.openshift.api.operator.v1.ExportNetworkFlows + - name: kubeProxyConfig type: - namedType: com.github.openshift.api.operator.v1.OpenShiftControllerManagerStatus - default: {} -- name: com.github.openshift.api.operator.v1.OpenShiftControllerManagerSpec - map: - fields: + namedType: com.github.openshift.api.operator.v1.ProxyConfig - name: logLevel type: scalar: string @@ -3281,16 +3089,28 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" + - name: migration + type: + namedType: com.github.openshift.api.operator.v1.NetworkMigration - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string + - name: serviceNetwork + type: + list: + elementType: + scalar: string + elementRelationship: atomic - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.OpenShiftControllerManagerStatus + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io + - name: useMultiNetworkPolicy + type: + scalar: boolean +- name: com.github.openshift.api.operator.v1.NetworkStatus map: fields: - name: conditions @@ -3309,168 +3129,148 @@ var schemaYAML = typed.YAMLObject(`types: elementRelationship: associative keys: - group - - resource - - namespace - - name - - name: latestAvailableRevision - type: - scalar: numeric - - name: observedGeneration - type: - scalar: numeric - - name: readyReplicas - type: - scalar: numeric - default: 0 - - name: version - type: - scalar: string -- name: com.github.openshift.api.operator.v1.OpenShiftSDNConfig - map: - fields: - - name: enableUnidling - type: - scalar: boolean - - name: mode - type: - scalar: string - default: "" - - name: mtu + - resource + - namespace + - name + - name: latestAvailableRevision type: scalar: numeric - - name: useExternalOpenvswitch + - name: observedGeneration type: - scalar: boolean - - name: vxlanPort + scalar: numeric + - name: readyReplicas type: scalar: numeric -- name: com.github.openshift.api.operator.v1.OpenStackLoadBalancerParameters - map: - fields: - - name: floatingIP + default: 0 + - name: version type: scalar: string -- name: com.github.openshift.api.operator.v1.OperatorCondition +- name: com.github.openshift.api.operator.v1.NoOverlayConfig map: fields: - - name: lastTransitionTime - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: message - type: - scalar: string - - name: reason - type: - scalar: string - - name: status + - name: outboundSNAT type: scalar: string - default: "" - - name: type + - name: routing type: scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.PartialSelector +- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyClusterStatus map: fields: - - name: machineResourceSelector + - name: files type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector -- name: com.github.openshift.api.operator.v1.Perspective + list: + elementType: + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusFile + elementRelationship: associative + keys: + - path + - name: sshkey + type: + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusSSHKey + default: {} + - name: units + type: + list: + elementType: + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusUnit + elementRelationship: associative + keys: + - name +- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyConfig map: fields: - - name: id - type: - scalar: string - default: "" - - name: pinnedResources + - name: files type: list: elementType: - namedType: com.github.openshift.api.operator.v1.PinnedResourceReference - elementRelationship: atomic - - name: visibility + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecFile + elementRelationship: associative + keys: + - path + - name: sshkey type: - namedType: com.github.openshift.api.operator.v1.PerspectiveVisibility + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecSSHKey default: {} -- name: com.github.openshift.api.operator.v1.PerspectiveVisibility + - name: units + type: + list: + elementType: + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecUnit + elementRelationship: associative + keys: + - name +- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction map: fields: - - name: accessReview + - name: reload type: - namedType: com.github.openshift.api.operator.v1.ResourceAttributesAccessReview - - name: state + namedType: com.github.openshift.api.operator.v1.ReloadService + - name: restart + type: + namedType: com.github.openshift.api.operator.v1.RestartService + - name: type type: scalar: string default: "" unions: - - discriminator: state + - discriminator: type fields: - - fieldName: accessReview - discriminatorValue: AccessReview -- name: com.github.openshift.api.operator.v1.PinnedResourceReference + - fieldName: reload + discriminatorValue: Reload + - fieldName: restart + discriminatorValue: Restart +- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecFile map: fields: - - name: group - type: - scalar: string - default: "" - - name: resource + - name: actions type: - scalar: string - default: "" - - name: version + list: + elementType: + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction + elementRelationship: atomic + - name: path type: scalar: string default: "" -- name: com.github.openshift.api.operator.v1.PolicyAuditConfig - map: - fields: - - name: destination - type: - scalar: string - - name: maxFileSize - type: - scalar: numeric - - name: maxLogFiles - type: - scalar: numeric - - name: rateLimit - type: - scalar: numeric - - name: syslogFacility - type: - scalar: string -- name: com.github.openshift.api.operator.v1.PrivateStrategy +- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecSSHKey map: fields: - - name: protocol + - name: actions type: - scalar: string -- name: com.github.openshift.api.operator.v1.ProjectAccess + list: + elementType: + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecUnit map: fields: - - name: availableClusterRoles + - name: actions type: list: elementType: - scalar: string + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.ProviderLoadBalancerParameters + - name: name + type: + scalar: string + default: "" +- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatus map: fields: - - name: aws - type: - namedType: com.github.openshift.api.operator.v1.AWSLoadBalancerParameters - - name: gcp + - name: clusterPolicies type: - namedType: com.github.openshift.api.operator.v1.GCPLoadBalancerParameters - - name: ibm + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyClusterStatus + default: {} +- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction + map: + fields: + - name: reload type: - namedType: com.github.openshift.api.operator.v1.IBMLoadBalancerParameters - - name: openstack + namedType: com.github.openshift.api.operator.v1.ReloadService + - name: restart type: - namedType: com.github.openshift.api.operator.v1.OpenStackLoadBalancerParameters + namedType: com.github.openshift.api.operator.v1.RestartService - name: type type: scalar: string @@ -3478,115 +3278,104 @@ var schemaYAML = typed.YAMLObject(`types: unions: - discriminator: type fields: - - fieldName: aws - discriminatorValue: AWS - - fieldName: gcp - discriminatorValue: GCP - - fieldName: ibm - discriminatorValue: IBM - - fieldName: openstack - discriminatorValue: OpenStack -- name: com.github.openshift.api.operator.v1.ProxyConfig - map: - fields: - - name: bindAddress - type: - scalar: string - - name: iptablesSyncPeriod - type: - scalar: string - - name: proxyArguments - type: - map: - elementType: - list: - elementType: - scalar: string - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.QuickStarts + - fieldName: reload + discriminatorValue: Reload + - fieldName: restart + discriminatorValue: Restart +- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusFile map: fields: - - name: disabled + - name: actions type: list: elementType: - scalar: string + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.ReloadService - map: - fields: - - name: serviceName + - name: path type: scalar: string default: "" -- name: com.github.openshift.api.operator.v1.ResourceAttributesAccessReview +- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusSSHKey map: fields: - - name: missing + - name: actions type: list: elementType: - namedType: io.k8s.api.authorization.v1.ResourceAttributes + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction elementRelationship: atomic - - name: required +- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusUnit + map: + fields: + - name: actions type: list: elementType: - namedType: io.k8s.api.authorization.v1.ResourceAttributes + namedType: com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.RestartService - map: - fields: - - name: serviceName + - name: name type: scalar: string default: "" -- name: com.github.openshift.api.operator.v1.RouteAdmissionPolicy +- name: com.github.openshift.api.operator.v1.NodePlacement map: fields: - - name: namespaceOwnership - type: - scalar: string - - name: wildcardPolicy + - name: nodeSelector type: - scalar: string -- name: com.github.openshift.api.operator.v1.SFlowConfig - map: - fields: - - name: collectors + namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io + - name: tolerations type: list: elementType: - scalar: string + namedType: Toleration.v1.core.api.k8s.io elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.Server +- name: com.github.openshift.api.operator.v1.NodePortStrategy map: fields: - - name: forwardPlugin + - name: protocol type: - namedType: com.github.openshift.api.operator.v1.ForwardPlugin - default: {} - - name: name + scalar: string +- name: com.github.openshift.api.operator.v1.NodeStatus + map: + fields: + - name: currentRevision + type: + scalar: numeric + - name: lastFailedCount + type: + scalar: numeric + - name: lastFailedReason type: scalar: string - default: "" - - name: zones + - name: lastFailedRevision + type: + scalar: numeric + - name: lastFailedRevisionErrors type: list: elementType: scalar: string elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.ServiceAccountIssuerStatus - map: - fields: - - name: expirationTime + - name: lastFailedTime type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: name + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: lastFallbackCount + type: + scalar: numeric + - name: nodeName type: scalar: string default: "" -- name: com.github.openshift.api.operator.v1.ServiceCA + - name: targetRevision + type: + scalar: numeric +- name: com.github.openshift.api.operator.v1.OAuthAPIServerStatus + map: + fields: + - name: latestAvailableRevision + type: + scalar: numeric +- name: com.github.openshift.api.operator.v1.OLM map: fields: - name: apiVersion @@ -3597,17 +3386,17 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1.ServiceCASpec + namedType: com.github.openshift.api.operator.v1.OLMSpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1.ServiceCAStatus + namedType: com.github.openshift.api.operator.v1.OLMStatus default: {} -- name: com.github.openshift.api.operator.v1.ServiceCASpec +- name: com.github.openshift.api.operator.v1.OLMSpec map: fields: - name: logLevel @@ -3619,14 +3408,14 @@ var schemaYAML = typed.YAMLObject(`types: default: "" - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.ServiceCAStatus + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.OLMStatus map: fields: - name: conditions @@ -3661,7 +3450,60 @@ var schemaYAML = typed.YAMLObject(`types: - name: version type: scalar: string -- name: com.github.openshift.api.operator.v1.ServiceCatalogAPIServer +- name: com.github.openshift.api.operator.v1.OVNKubernetesConfig + map: + fields: + - name: bgpManagedConfig + type: + namedType: com.github.openshift.api.operator.v1.BGPManagedConfig + default: {} + - name: egressIPConfig + type: + namedType: com.github.openshift.api.operator.v1.EgressIPConfig + default: {} + - name: gatewayConfig + type: + namedType: com.github.openshift.api.operator.v1.GatewayConfig + - name: genevePort + type: + scalar: numeric + - name: hybridOverlayConfig + type: + namedType: com.github.openshift.api.operator.v1.HybridOverlayConfig + - name: ipsecConfig + type: + namedType: com.github.openshift.api.operator.v1.IPsecConfig + default: + mode: Disabled + - name: ipv4 + type: + namedType: com.github.openshift.api.operator.v1.IPv4OVNKubernetesConfig + - name: ipv6 + type: + namedType: com.github.openshift.api.operator.v1.IPv6OVNKubernetesConfig + - name: mtu + type: + scalar: numeric + - name: noOverlayConfig + type: + namedType: com.github.openshift.api.operator.v1.NoOverlayConfig + default: {} + - name: policyAuditConfig + type: + namedType: com.github.openshift.api.operator.v1.PolicyAuditConfig + - name: routeAdvertisements + type: + scalar: string + - name: transport + type: + scalar: string + - name: v4InternalSubnet + type: + scalar: string + - name: v6InternalSubnet + type: + scalar: string +- name: com.github.openshift.api.operator.v1.OpenShiftAPIServer map: fields: - name: apiVersion @@ -3672,17 +3514,17 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1.ServiceCatalogAPIServerSpec + namedType: com.github.openshift.api.operator.v1.OpenShiftAPIServerSpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1.ServiceCatalogAPIServerStatus + namedType: com.github.openshift.api.operator.v1.OpenShiftAPIServerStatus default: {} -- name: com.github.openshift.api.operator.v1.ServiceCatalogAPIServerSpec +- name: com.github.openshift.api.operator.v1.OpenShiftAPIServerSpec map: fields: - name: logLevel @@ -3694,14 +3536,14 @@ var schemaYAML = typed.YAMLObject(`types: default: "" - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.ServiceCatalogAPIServerStatus + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.OpenShiftAPIServerStatus map: fields: - name: conditions @@ -3736,7 +3578,7 @@ var schemaYAML = typed.YAMLObject(`types: - name: version type: scalar: string -- name: com.github.openshift.api.operator.v1.ServiceCatalogControllerManager +- name: com.github.openshift.api.operator.v1.OpenShiftControllerManager map: fields: - name: apiVersion @@ -3747,17 +3589,17 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerSpec + namedType: com.github.openshift.api.operator.v1.OpenShiftControllerManagerSpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerStatus + namedType: com.github.openshift.api.operator.v1.OpenShiftControllerManagerStatus default: {} -- name: com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerSpec +- name: com.github.openshift.api.operator.v1.OpenShiftControllerManagerSpec map: fields: - name: logLevel @@ -3769,14 +3611,14 @@ var schemaYAML = typed.YAMLObject(`types: default: "" - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerStatus + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.OpenShiftControllerManagerStatus map: fields: - name: conditions @@ -3811,85 +3653,268 @@ var schemaYAML = typed.YAMLObject(`types: - name: version type: scalar: string -- name: com.github.openshift.api.operator.v1.SimpleMacvlanConfig +- name: com.github.openshift.api.operator.v1.OpenShiftSDNConfig + map: + fields: + - name: enableUnidling + type: + scalar: boolean + - name: mode + type: + scalar: string + default: "" + - name: mtu + type: + scalar: numeric + - name: useExternalOpenvswitch + type: + scalar: boolean + - name: vxlanPort + type: + scalar: numeric +- name: com.github.openshift.api.operator.v1.OpenStackLoadBalancerParameters + map: + fields: + - name: floatingIP + type: + scalar: string +- name: com.github.openshift.api.operator.v1.OperatorCondition + map: + fields: + - name: lastTransitionTime + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: message + type: + scalar: string + - name: reason + type: + scalar: string + - name: status + type: + scalar: string + default: "" + - name: type + type: + scalar: string + default: "" +- name: com.github.openshift.api.operator.v1.PartialSelector + map: + fields: + - name: machineResourceSelector + type: + namedType: LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.Perspective + map: + fields: + - name: id + type: + scalar: string + default: "" + - name: pinnedResources + type: + list: + elementType: + namedType: com.github.openshift.api.operator.v1.PinnedResourceReference + elementRelationship: atomic + - name: visibility + type: + namedType: com.github.openshift.api.operator.v1.PerspectiveVisibility + default: {} +- name: com.github.openshift.api.operator.v1.PerspectiveVisibility + map: + fields: + - name: accessReview + type: + namedType: com.github.openshift.api.operator.v1.ResourceAttributesAccessReview + - name: state + type: + scalar: string + default: "" + unions: + - discriminator: state + fields: + - fieldName: accessReview + discriminatorValue: AccessReview +- name: com.github.openshift.api.operator.v1.PinnedResourceReference + map: + fields: + - name: group + type: + scalar: string + default: "" + - name: resource + type: + scalar: string + default: "" + - name: version + type: + scalar: string + default: "" +- name: com.github.openshift.api.operator.v1.PolicyAuditConfig + map: + fields: + - name: destination + type: + scalar: string + - name: maxFileSize + type: + scalar: numeric + - name: maxLogFiles + type: + scalar: numeric + - name: rateLimit + type: + scalar: numeric + - name: syslogFacility + type: + scalar: string +- name: com.github.openshift.api.operator.v1.PrivateStrategy + map: + fields: + - name: protocol + type: + scalar: string +- name: com.github.openshift.api.operator.v1.ProjectAccess + map: + fields: + - name: availableClusterRoles + type: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.ProviderLoadBalancerParameters + map: + fields: + - name: aws + type: + namedType: com.github.openshift.api.operator.v1.AWSLoadBalancerParameters + - name: gcp + type: + namedType: com.github.openshift.api.operator.v1.GCPLoadBalancerParameters + - name: ibm + type: + namedType: com.github.openshift.api.operator.v1.IBMLoadBalancerParameters + - name: openstack + type: + namedType: com.github.openshift.api.operator.v1.OpenStackLoadBalancerParameters + - name: type + type: + scalar: string + default: "" + unions: + - discriminator: type + fields: + - fieldName: aws + discriminatorValue: AWS + - fieldName: gcp + discriminatorValue: GCP + - fieldName: ibm + discriminatorValue: IBM + - fieldName: openstack + discriminatorValue: OpenStack +- name: com.github.openshift.api.operator.v1.ProxyConfig map: fields: - - name: ipamConfig - type: - namedType: com.github.openshift.api.operator.v1.IPAMConfig - - name: master + - name: bindAddress type: scalar: string - - name: mode + - name: iptablesSyncPeriod type: scalar: string - - name: mtu + - name: proxyArguments type: - scalar: numeric -- name: com.github.openshift.api.operator.v1.StaticIPAMAddresses + map: + elementType: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.QuickStarts map: fields: - - name: address + - name: disabled type: - scalar: string - default: "" - - name: gateway + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.ReloadService + map: + fields: + - name: serviceName type: scalar: string -- name: com.github.openshift.api.operator.v1.StaticIPAMConfig + default: "" +- name: com.github.openshift.api.operator.v1.ResourceAttributesAccessReview map: fields: - - name: addresses + - name: missing type: list: elementType: - namedType: com.github.openshift.api.operator.v1.StaticIPAMAddresses + namedType: ResourceAttributes.v1.authorization.api.k8s.io elementRelationship: atomic - - name: dns - type: - namedType: com.github.openshift.api.operator.v1.StaticIPAMDNS - - name: routes + - name: required type: list: elementType: - namedType: com.github.openshift.api.operator.v1.StaticIPAMRoutes + namedType: ResourceAttributes.v1.authorization.api.k8s.io elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.StaticIPAMDNS +- name: com.github.openshift.api.operator.v1.RestartService map: fields: - - name: domain + - name: serviceName type: scalar: string - - name: nameservers + default: "" +- name: com.github.openshift.api.operator.v1.RouteAdmissionPolicy + map: + fields: + - name: namespaceOwnership type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: search + scalar: string + - name: wildcardPolicy + type: + scalar: string +- name: com.github.openshift.api.operator.v1.SFlowConfig + map: + fields: + - name: collectors type: list: elementType: scalar: string elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.StaticIPAMRoutes +- name: com.github.openshift.api.operator.v1.Server map: fields: - - name: destination + - name: forwardPlugin + type: + namedType: com.github.openshift.api.operator.v1.ForwardPlugin + default: {} + - name: name type: scalar: string default: "" - - name: gateway + - name: zones type: - scalar: string -- name: com.github.openshift.api.operator.v1.StatuspageProvider + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.ServiceAccountIssuerStatus map: fields: - - name: pageID + - name: expirationTime + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: name type: scalar: string default: "" -- name: com.github.openshift.api.operator.v1.Storage +- name: com.github.openshift.api.operator.v1.ServiceCA map: fields: - name: apiVersion @@ -3900,17 +3925,17 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1.StorageSpec + namedType: com.github.openshift.api.operator.v1.ServiceCASpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1.StorageStatus + namedType: com.github.openshift.api.operator.v1.ServiceCAStatus default: {} -- name: com.github.openshift.api.operator.v1.StorageSpec +- name: com.github.openshift.api.operator.v1.ServiceCASpec map: fields: - name: logLevel @@ -3922,18 +3947,14 @@ var schemaYAML = typed.YAMLObject(`types: default: "" - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ - - name: vsphereStorageDriver - type: - scalar: string - default: "" -- name: com.github.openshift.api.operator.v1.StorageStatus + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.ServiceCAStatus map: fields: - name: conditions @@ -3968,100 +3989,82 @@ var schemaYAML = typed.YAMLObject(`types: - name: version type: scalar: string -- name: com.github.openshift.api.operator.v1.SyslogLoggingDestinationParameters +- name: com.github.openshift.api.operator.v1.ServiceCatalogAPIServer map: fields: - - name: address + - name: apiVersion type: scalar: string - default: "" - - name: facility + - name: kind type: scalar: string - - name: maxLength - type: - scalar: numeric - - name: port + - name: metadata type: - scalar: numeric - default: 0 -- name: com.github.openshift.api.operator.v1.Theme - map: - fields: - - name: mode + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec type: - scalar: string - default: "" - - name: source + namedType: com.github.openshift.api.operator.v1.ServiceCatalogAPIServerSpec + default: {} + - name: status type: - namedType: com.github.openshift.api.operator.v1.FileReferenceSource + namedType: com.github.openshift.api.operator.v1.ServiceCatalogAPIServerStatus default: {} -- name: com.github.openshift.api.operator.v1.Upstream +- name: com.github.openshift.api.operator.v1.ServiceCatalogAPIServerSpec map: fields: - - name: address + - name: logLevel type: scalar: string - - name: port - type: - scalar: numeric - - name: type + - name: managementState type: scalar: string default: "" -- name: com.github.openshift.api.operator.v1.UpstreamResolvers - map: - fields: - - name: policy + - name: observedConfig type: - scalar: string - - name: protocolStrategy + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io + - name: operatorLogLevel type: scalar: string - default: "" - - name: transportConfig + - name: unsupportedConfigOverrides type: - namedType: com.github.openshift.api.operator.v1.DNSTransportConfig - default: {} - - name: upstreams + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.ServiceCatalogAPIServerStatus + map: + fields: + - name: conditions type: list: elementType: - namedType: com.github.openshift.api.operator.v1.Upstream - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1.VSphereCSIDriverConfigSpec - map: - fields: - - name: globalMaxSnapshotsPerBlockVolume + namedType: com.github.openshift.api.operator.v1.OperatorCondition + elementRelationship: associative + keys: + - type + - name: generations type: - scalar: numeric - - name: granularMaxSnapshotsPerBlockVolumeInVSAN + list: + elementType: + namedType: com.github.openshift.api.operator.v1.GenerationStatus + elementRelationship: associative + keys: + - group + - resource + - namespace + - name + - name: latestAvailableRevision type: scalar: numeric - - name: granularMaxSnapshotsPerBlockVolumeInVVOL + - name: observedGeneration type: scalar: numeric - - name: maxAllowedBlockVolumesPerNode + - name: readyReplicas type: scalar: numeric - - name: topologyCategories - type: - list: - elementType: - scalar: string - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1alpha1.BackupJobReference - map: - fields: - - name: name - type: - scalar: string - default: "" - - name: namespace + default: 0 + - name: version type: scalar: string - default: "" -- name: com.github.openshift.api.operator.v1alpha1.ClusterAPI +- name: com.github.openshift.api.operator.v1.ServiceCatalogControllerManager map: fields: - name: apiVersion @@ -4072,142 +4075,149 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1alpha1.ClusterAPISpec + namedType: com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerSpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1alpha1.ClusterAPIStatus + namedType: com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerStatus default: {} -- name: com.github.openshift.api.operator.v1alpha1.ClusterAPISpec +- name: com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerSpec map: fields: - - name: unmanagedCustomResourceDefinitions + - name: logLevel type: - list: - elementType: - scalar: string - elementRelationship: associative -- name: com.github.openshift.api.operator.v1alpha1.ClusterAPIStatus + scalar: string + - name: managementState + type: + scalar: string + default: "" + - name: observedConfig + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io + - name: operatorLogLevel + type: + scalar: string + - name: unsupportedConfigOverrides + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerStatus map: fields: - - name: activeConfigMaps + - name: conditions type: list: elementType: - scalar: string - elementRelationship: atomic - - name: targetConfigMaps + namedType: com.github.openshift.api.operator.v1.OperatorCondition + elementRelationship: associative + keys: + - type + - name: generations type: list: elementType: - scalar: string - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperator - map: - fields: - - name: apiVersion - type: - scalar: string - - name: kind + namedType: com.github.openshift.api.operator.v1.GenerationStatus + elementRelationship: associative + keys: + - group + - resource + - namespace + - name + - name: latestAvailableRevision type: - scalar: string - - name: metadata + scalar: numeric + - name: observedGeneration type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec + scalar: numeric + - name: readyReplicas type: - namedType: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorSpec - default: {} - - name: status + scalar: numeric + default: 0 + - name: version type: - namedType: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorStatus - default: {} -- name: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorSpec + scalar: string +- name: com.github.openshift.api.operator.v1.SimpleMacvlanConfig map: fields: - - name: operatorLogLevel + - name: ipamConfig + type: + namedType: com.github.openshift.api.operator.v1.IPAMConfig + - name: master type: scalar: string -- name: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorStatus - map: - fields: - - name: observedGeneration + - name: mode + type: + scalar: string + - name: mtu type: scalar: numeric -- name: com.github.openshift.api.operator.v1alpha1.EtcdBackup +- name: com.github.openshift.api.operator.v1.StaticIPAMAddresses map: fields: - - name: apiVersion + - name: address type: scalar: string - - name: kind + default: "" + - name: gateway type: scalar: string - - name: metadata +- name: com.github.openshift.api.operator.v1.StaticIPAMConfig + map: + fields: + - name: addresses type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec + list: + elementType: + namedType: com.github.openshift.api.operator.v1.StaticIPAMAddresses + elementRelationship: atomic + - name: dns type: - namedType: com.github.openshift.api.operator.v1alpha1.EtcdBackupSpec - default: {} - - name: status + namedType: com.github.openshift.api.operator.v1.StaticIPAMDNS + - name: routes type: - namedType: com.github.openshift.api.operator.v1alpha1.EtcdBackupStatus - default: {} -- name: com.github.openshift.api.operator.v1alpha1.EtcdBackupSpec + list: + elementType: + namedType: com.github.openshift.api.operator.v1.StaticIPAMRoutes + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.StaticIPAMDNS map: fields: - - name: pvcName + - name: domain type: scalar: string - default: "" -- name: com.github.openshift.api.operator.v1alpha1.EtcdBackupStatus - map: - fields: - - name: backupJob + - name: nameservers type: - namedType: com.github.openshift.api.operator.v1alpha1.BackupJobReference - - name: conditions + list: + elementType: + scalar: string + elementRelationship: atomic + - name: search type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition - elementRelationship: associative - keys: - - type -- name: com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicy + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.StaticIPAMRoutes map: fields: - - name: apiVersion + - name: destination type: scalar: string - - name: kind + default: "" + - name: gateway type: scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec - type: - namedType: com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicySpec - default: {} -- name: com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicySpec +- name: com.github.openshift.api.operator.v1.StatuspageProvider map: fields: - - name: repositoryDigestMirrors + - name: pageID type: - list: - elementType: - namedType: com.github.openshift.api.operator.v1alpha1.RepositoryDigestMirrors - elementRelationship: atomic -- name: com.github.openshift.api.operator.v1alpha1.OLM + scalar: string + default: "" +- name: com.github.openshift.api.operator.v1.Storage map: fields: - name: apiVersion @@ -4218,17 +4228,17 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: spec type: - namedType: com.github.openshift.api.operator.v1alpha1.OLMSpec + namedType: com.github.openshift.api.operator.v1.StorageSpec default: {} - name: status type: - namedType: com.github.openshift.api.operator.v1alpha1.OLMStatus + namedType: com.github.openshift.api.operator.v1.StorageStatus default: {} -- name: com.github.openshift.api.operator.v1alpha1.OLMSpec +- name: com.github.openshift.api.operator.v1.StorageSpec map: fields: - name: logLevel @@ -4240,14 +4250,18 @@ var schemaYAML = typed.YAMLObject(`types: default: "" - name: observedConfig type: - namedType: __untyped_atomic_ + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io - name: operatorLogLevel type: scalar: string - name: unsupportedConfigOverrides type: - namedType: __untyped_atomic_ -- name: com.github.openshift.api.operator.v1alpha1.OLMStatus + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io + - name: vsphereStorageDriver + type: + scalar: string + default: "" +- name: com.github.openshift.api.operator.v1.StorageStatus map: fields: - name: conditions @@ -4282,314 +4296,402 @@ var schemaYAML = typed.YAMLObject(`types: - name: version type: scalar: string -- name: com.github.openshift.api.operator.v1alpha1.RepositoryDigestMirrors +- name: com.github.openshift.api.operator.v1.SyslogLoggingDestinationParameters map: fields: - - name: mirrors - type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: source + - name: address type: scalar: string default: "" -- name: io.k8s.api.authorization.v1.FieldSelectorAttributes - map: - fields: - - name: rawSelector + - name: facility type: scalar: string - - name: requirements + - name: maxLength type: - list: - elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.FieldSelectorRequirement - elementRelationship: atomic -- name: io.k8s.api.authorization.v1.LabelSelectorAttributes + scalar: numeric + - name: port + type: + scalar: numeric + default: 0 +- name: com.github.openshift.api.operator.v1.Theme map: fields: - - name: rawSelector + - name: mode type: scalar: string - - name: requirements + default: "" + - name: source type: - list: - elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement - elementRelationship: atomic -- name: io.k8s.api.authorization.v1.ResourceAttributes + namedType: com.github.openshift.api.operator.v1.FileReferenceSource + default: {} +- name: com.github.openshift.api.operator.v1.Upstream map: fields: - - name: fieldSelector - type: - namedType: io.k8s.api.authorization.v1.FieldSelectorAttributes - - name: group + - name: address type: scalar: string - - name: labelSelector + - name: port type: - namedType: io.k8s.api.authorization.v1.LabelSelectorAttributes - - name: name + scalar: numeric + - name: type type: scalar: string - - name: namespace + default: "" +- name: com.github.openshift.api.operator.v1.UpstreamResolvers + map: + fields: + - name: policy type: scalar: string - - name: resource + - name: protocolStrategy type: scalar: string - - name: subresource + default: "" + - name: transportConfig type: - scalar: string - - name: verb + namedType: com.github.openshift.api.operator.v1.DNSTransportConfig + default: {} + - name: upstreams type: - scalar: string - - name: version + list: + elementType: + namedType: com.github.openshift.api.operator.v1.Upstream + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1.VSphereCSIDriverConfigSpec + map: + fields: + - name: globalMaxSnapshotsPerBlockVolume type: - scalar: string -- name: io.k8s.api.core.v1.LocalObjectReference + scalar: numeric + - name: granularMaxSnapshotsPerBlockVolumeInVSAN + type: + scalar: numeric + - name: granularMaxSnapshotsPerBlockVolumeInVVOL + type: + scalar: numeric + - name: maxAllowedBlockVolumesPerNode + type: + scalar: numeric + - name: topologyCategories + type: + list: + elementType: + scalar: string + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1alpha1.BackupJobReference map: fields: - name: name type: scalar: string default: "" - elementRelationship: atomic -- name: io.k8s.api.core.v1.Toleration + - name: namespace + type: + scalar: string + default: "" +- name: com.github.openshift.api.operator.v1alpha1.ClusterAPI map: fields: - - name: effect + - name: apiVersion type: scalar: string - - name: key + - name: kind type: scalar: string - - name: operator + - name: metadata type: - scalar: string - - name: tolerationSeconds + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec type: - scalar: numeric - - name: value + namedType: com.github.openshift.api.operator.v1alpha1.ClusterAPISpec + - name: status type: - scalar: string -- name: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + namedType: com.github.openshift.api.operator.v1alpha1.ClusterAPIStatus + default: {} +- name: com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponent map: fields: - - name: lastTransitionTime - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: message - type: - scalar: string - default: "" - - name: observedGeneration - type: - scalar: numeric - - name: reason + - name: image type: - scalar: string - default: "" - - name: status + namedType: com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponentImage + default: {} + - name: name type: scalar: string - default: "" - name: type type: scalar: string - default: "" -- name: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - scalar: string -- name: io.k8s.apimachinery.pkg.apis.meta.v1.FieldSelectorRequirement + unions: + - discriminator: type + fields: + - fieldName: image + discriminatorValue: Image +- name: com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponentImage map: fields: - - name: key + - name: profile type: scalar: string - default: "" - - name: operator + - name: ref type: scalar: string - default: "" - - name: values +- name: com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerRevision + map: + fields: + - name: components type: list: elementType: - scalar: string + namedType: com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponent elementRelationship: atomic -- name: io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1 - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable -- name: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector - map: - fields: - - name: matchExpressions + - name: contentID + type: + scalar: string + - name: manifestSubstitutions type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement + namedType: com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerRevisionManifestSubstitution elementRelationship: atomic - - name: matchLabels + - name: name type: - map: + scalar: string + - name: revision + type: + scalar: numeric + - name: unmanagedCustomResourceDefinitions + type: + list: elementType: scalar: string + elementRelationship: atomic elementRelationship: atomic -- name: io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement +- name: com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerRevisionManifestSubstitution map: fields: - name: key type: scalar: string - default: "" - - name: operator + - name: value type: scalar: string - default: "" - - name: values +- name: com.github.openshift.api.operator.v1alpha1.ClusterAPISpec + map: + fields: + - name: unmanagedCustomResourceDefinitions type: list: elementType: scalar: string - elementRelationship: atomic -- name: io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry + elementRelationship: associative +- name: com.github.openshift.api.operator.v1alpha1.ClusterAPIStatus map: fields: - - name: apiVersion + - name: currentRevision type: scalar: string - - name: fieldsType + - name: desiredRevision type: scalar: string - - name: fieldsV1 + - name: observedRevisionGeneration type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1 - - name: manager + scalar: numeric + - name: revisions + type: + list: + elementType: + namedType: com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerRevision + elementRelationship: atomic +- name: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperator + map: + fields: + - name: apiVersion type: scalar: string - - name: operation + - name: kind type: scalar: string - - name: subresource + - name: metadata + type: + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec + type: + namedType: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorSpec + default: {} + - name: status + type: + namedType: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorStatus + default: {} +- name: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorSpec + map: + fields: + - name: operatorLogLevel type: scalar: string - - name: time +- name: com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorStatus + map: + fields: + - name: observedGeneration type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time -- name: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + scalar: numeric +- name: com.github.openshift.api.operator.v1alpha1.EtcdBackup map: fields: - - name: annotations + - name: apiVersion type: - map: - elementType: - scalar: string - - name: creationTimestamp + scalar: string + - name: kind type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: deletionGracePeriodSeconds + scalar: string + - name: metadata type: - scalar: numeric - - name: deletionTimestamp + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: finalizers + namedType: com.github.openshift.api.operator.v1alpha1.EtcdBackupSpec + default: {} + - name: status + type: + namedType: com.github.openshift.api.operator.v1alpha1.EtcdBackupStatus + default: {} +- name: com.github.openshift.api.operator.v1alpha1.EtcdBackupSpec + map: + fields: + - name: pvcName + type: + scalar: string + default: "" +- name: com.github.openshift.api.operator.v1alpha1.EtcdBackupStatus + map: + fields: + - name: backupJob + type: + namedType: com.github.openshift.api.operator.v1alpha1.BackupJobReference + - name: conditions type: list: elementType: - scalar: string + namedType: Condition.v1.meta.apis.pkg.apimachinery.k8s.io elementRelationship: associative - - name: generateName + keys: + - type +- name: com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicy + map: + fields: + - name: apiVersion type: scalar: string - - name: generation + - name: kind type: - scalar: numeric - - name: labels + scalar: string + - name: metadata type: - map: - elementType: - scalar: string - - name: managedFields + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec + type: + namedType: com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicySpec + default: {} +- name: com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicySpec + map: + fields: + - name: repositoryDigestMirrors type: list: elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry + namedType: com.github.openshift.api.operator.v1alpha1.RepositoryDigestMirrors elementRelationship: atomic - - name: name +- name: com.github.openshift.api.operator.v1alpha1.OLM + map: + fields: + - name: apiVersion type: scalar: string - - name: namespace + - name: kind type: scalar: string - - name: ownerReferences + - name: metadata type: - list: - elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference - elementRelationship: associative - keys: - - uid - - name: resourceVersion + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + default: {} + - name: spec + type: + namedType: com.github.openshift.api.operator.v1alpha1.OLMSpec + default: {} + - name: status + type: + namedType: com.github.openshift.api.operator.v1alpha1.OLMStatus + default: {} +- name: com.github.openshift.api.operator.v1alpha1.OLMSpec + map: + fields: + - name: logLevel type: scalar: string - - name: selfLink + - name: managementState type: scalar: string - - name: uid + default: "" + - name: observedConfig + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io + - name: operatorLogLevel type: scalar: string -- name: io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference + - name: unsupportedConfigOverrides + type: + namedType: RawExtension.runtime.pkg.apimachinery.k8s.io +- name: com.github.openshift.api.operator.v1alpha1.OLMStatus map: fields: - - name: apiVersion + - name: conditions type: - scalar: string - default: "" - - name: blockOwnerDeletion + list: + elementType: + namedType: com.github.openshift.api.operator.v1.OperatorCondition + elementRelationship: associative + keys: + - type + - name: generations type: - scalar: boolean - - name: controller + list: + elementType: + namedType: com.github.openshift.api.operator.v1.GenerationStatus + elementRelationship: associative + keys: + - group + - resource + - namespace + - name + - name: latestAvailableRevision type: - scalar: boolean - - name: kind + scalar: numeric + - name: observedGeneration type: - scalar: string - default: "" - - name: name + scalar: numeric + - name: readyReplicas + type: + scalar: numeric + default: 0 + - name: version type: scalar: string - default: "" - - name: uid +- name: com.github.openshift.api.operator.v1alpha1.RepositoryDigestMirrors + map: + fields: + - name: mirrors + type: + list: + elementType: + scalar: string + elementRelationship: atomic + - name: source type: scalar: string default: "" - elementRelationship: atomic -- name: io.k8s.apimachinery.pkg.apis.meta.v1.Time - scalar: untyped -- name: io.k8s.apimachinery.pkg.runtime.RawExtension - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable - name: __untyped_atomic_ scalar: untyped list: diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/awscsidriverconfigspec.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/awscsidriverconfigspec.go index 9274b84ad6..f527a9312a 100644 --- a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/awscsidriverconfigspec.go +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/awscsidriverconfigspec.go @@ -10,6 +10,12 @@ type AWSCSIDriverConfigSpecApplyConfiguration struct { // kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, // rather than the default KMS key used by AWS. // The value may be either the ARN or Alias ARN of a KMS key. + // + // The ARN must follow the format: arn::kms:::(key|alias)/, where: + // is the AWS partition (aws, aws-cn, aws-us-gov, aws-iso, aws-iso-b, aws-iso-e, aws-iso-f, or aws-eusc), + // is the AWS region, + // is a 12-digit numeric identifier for the AWS account, + // is the KMS key ID or alias name. KMSKeyARN *string `json:"kmsKeyARN,omitempty"` // efsVolumeMetrics sets the configuration for collecting metrics from EFS volumes used by the EFS CSI Driver. EFSVolumeMetrics *AWSEFSVolumeMetricsApplyConfiguration `json:"efsVolumeMetrics,omitempty"` diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/bgpmanagedconfig.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/bgpmanagedconfig.go new file mode 100644 index 0000000000..071ac3fc23 --- /dev/null +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/bgpmanagedconfig.go @@ -0,0 +1,46 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + operatorv1 "github.com/openshift/api/operator/v1" +) + +// BGPManagedConfigApplyConfiguration represents a declarative configuration of the BGPManagedConfig type for use +// with apply. +// +// BGPManagedConfig contains configuration options for BGP when routing is "Managed". +type BGPManagedConfigApplyConfiguration struct { + // asNumber is the 2-byte or 4-byte Autonomous System Number (ASN) + // to be used in the generated FRR configuration. + // Valid values are 1 to 4294967295. + // When omitted, this defaults to 64512. + ASNumber *int64 `json:"asNumber,omitempty"` + // bgpTopology defines the BGP topology to be used. + // Allowed values are "FullMesh". + // When set to "FullMesh", every node peers directly with every other node via BGP. + // This field is required when BGPManagedConfig is specified. + BGPTopology *operatorv1.BGPTopology `json:"bgpTopology,omitempty"` +} + +// BGPManagedConfigApplyConfiguration constructs a declarative configuration of the BGPManagedConfig type for use with +// apply. +func BGPManagedConfig() *BGPManagedConfigApplyConfiguration { + return &BGPManagedConfigApplyConfiguration{} +} + +// WithASNumber sets the ASNumber field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ASNumber field is set to the value of the last call. +func (b *BGPManagedConfigApplyConfiguration) WithASNumber(value int64) *BGPManagedConfigApplyConfiguration { + b.ASNumber = &value + return b +} + +// WithBGPTopology sets the BGPTopology field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the BGPTopology field is set to the value of the last call. +func (b *BGPManagedConfigApplyConfiguration) WithBGPTopology(value operatorv1.BGPTopology) *BGPManagedConfigApplyConfiguration { + b.BGPTopology = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/ingresscontrollertuningoptions.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/ingresscontrollertuningoptions.go index 831ef5130e..d62c99282a 100644 --- a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/ingresscontrollertuningoptions.go +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/ingresscontrollertuningoptions.go @@ -3,6 +3,7 @@ package v1 import ( + operatorv1 "github.com/openshift/api/operator/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -209,6 +210,32 @@ type IngressControllerTuningOptionsApplyConfiguration struct { // be reloaded less frequently, and newly created routes will not be served until the // subsequent reload. ReloadInterval *metav1.Duration `json:"reloadInterval,omitempty"` + // configurationManagement specifies how OpenShift router should update + // the HAProxy configuration. The following values are valid for this + // field: + // + // * "ForkAndReload". + // * "Dynamic". + // + // Omitting this field means that the user has no opinion and the + // platform may choose a reasonable default. This default is subject to + // change over time. The current default is "ForkAndReload". + // + // "ForkAndReload" means that OpenShift router should rewrite the + // HAProxy configuration file and instruct HAProxy to fork and reload. + // This is OpenShift router's traditional approach. + // + // "Dynamic" means that OpenShift router may use HAProxy's control + // socket for some configuration updates and fall back to fork and + // reload for other configuration updates. This is a newer approach, + // which may be less mature than ForkAndReload. This setting can + // improve load-balancing fairness and metrics accuracy and reduce CPU + // and memory usage if HAProxy has frequent configuration updates for + // route and endpoints updates. + // + // Note: The "Dynamic" option is currently experimental and should not + // be enabled on production clusters. + ConfigurationManagement *operatorv1.IngressControllerConfigurationManagement `json:"configurationManagement,omitempty"` } // IngressControllerTuningOptionsApplyConfiguration constructs a declarative configuration of the IngressControllerTuningOptions type for use with @@ -328,3 +355,11 @@ func (b *IngressControllerTuningOptionsApplyConfiguration) WithReloadInterval(va b.ReloadInterval = &value return b } + +// WithConfigurationManagement sets the ConfigurationManagement field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ConfigurationManagement field is set to the value of the last call. +func (b *IngressControllerTuningOptionsApplyConfiguration) WithConfigurationManagement(value operatorv1.IngressControllerConfigurationManagement) *IngressControllerTuningOptionsApplyConfiguration { + b.ConfigurationManagement = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/nooverlayconfig.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/nooverlayconfig.go new file mode 100644 index 0000000000..0feb3009ea --- /dev/null +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/nooverlayconfig.go @@ -0,0 +1,50 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + operatorv1 "github.com/openshift/api/operator/v1" +) + +// NoOverlayConfigApplyConfiguration represents a declarative configuration of the NoOverlayConfig type for use +// with apply. +// +// NoOverlayConfig contains configuration options for networks operating in no-overlay mode. +type NoOverlayConfigApplyConfiguration struct { + // outboundSNAT defines the SNAT behavior for outbound traffic from pods. + // Allowed values are "Enabled" and "Disabled". + // When set to "Enabled", SNAT is performed on outbound traffic from pods. + // When set to "Disabled", SNAT is not performed and pod IPs are preserved in outbound traffic. + // This field is required when the network operates in no-overlay mode. + // This field can be set to any value at installation time and can be changed afterwards. + OutboundSNAT *operatorv1.SNATOption `json:"outboundSNAT,omitempty"` + // routing specifies whether the pod network routing is managed by OVN-Kubernetes or users. + // Allowed values are "Managed" and "Unmanaged". + // When set to "Managed", OVN-Kubernetes manages the pod network routing configuration through BGP. + // When set to "Unmanaged", users are responsible for configuring the pod network routing. + // This field is required when the network operates in no-overlay mode. + // This field is immutable once set. + Routing *operatorv1.RoutingOption `json:"routing,omitempty"` +} + +// NoOverlayConfigApplyConfiguration constructs a declarative configuration of the NoOverlayConfig type for use with +// apply. +func NoOverlayConfig() *NoOverlayConfigApplyConfiguration { + return &NoOverlayConfigApplyConfiguration{} +} + +// WithOutboundSNAT sets the OutboundSNAT field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the OutboundSNAT field is set to the value of the last call. +func (b *NoOverlayConfigApplyConfiguration) WithOutboundSNAT(value operatorv1.SNATOption) *NoOverlayConfigApplyConfiguration { + b.OutboundSNAT = &value + return b +} + +// WithRouting sets the Routing field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Routing field is set to the value of the last call. +func (b *NoOverlayConfigApplyConfiguration) WithRouting(value operatorv1.RoutingOption) *NoOverlayConfigApplyConfiguration { + b.Routing = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/ovnkubernetesconfig.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/ovnkubernetesconfig.go index 6a2d864421..ead45f83b5 100644 --- a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/ovnkubernetesconfig.go +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/ovnkubernetesconfig.go @@ -62,6 +62,27 @@ type OVNKubernetesConfigApplyConfiguration struct { // reasonable defaults. These defaults are subject to change over time. The // current default is "Disabled". RouteAdvertisements *operatorv1.RouteAdvertisementsEnablement `json:"routeAdvertisements,omitempty"` + // transport sets the transport mode for pods on the default network. + // Allowed values are "NoOverlay" and "Geneve". + // "NoOverlay" avoids tunnel encapsulation, routing pod traffic directly between nodes. + // "Geneve" encapsulates pod traffic using Geneve tunnels between nodes. + // When omitted, this means the user has no opinion and the platform chooses + // a reasonable default which is subject to change over time. + // The current default is "Geneve". + // "NoOverlay" can only be set at installation time and cannot be changed afterwards. + // "Geneve" may be set explicitly at any time to lock in the current default. + Transport *operatorv1.TransportOption `json:"transport,omitempty"` + // noOverlayConfig contains configuration for no-overlay mode. + // This configuration applies to the default network only. + // It is required when transport is "NoOverlay". + // When omitted, this means the user does not configure no-overlay mode options. + NoOverlayConfig *NoOverlayConfigApplyConfiguration `json:"noOverlayConfig,omitempty"` + // bgpManagedConfig configures the BGP properties for networks (default network or CUDNs) + // in no-overlay mode that specify routing="Managed" in their noOverlayConfig. + // It is required when noOverlayConfig.routing is set to "Managed". + // When omitted, this means the user does not configure BGP for managed routing. + // This field can be set at installation time or on day 2, and can be modified at any time. + BGPManagedConfig *BGPManagedConfigApplyConfiguration `json:"bgpManagedConfig,omitempty"` } // OVNKubernetesConfigApplyConfiguration constructs a declarative configuration of the OVNKubernetesConfig type for use with @@ -165,3 +186,27 @@ func (b *OVNKubernetesConfigApplyConfiguration) WithRouteAdvertisements(value op b.RouteAdvertisements = &value return b } + +// WithTransport sets the Transport field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Transport field is set to the value of the last call. +func (b *OVNKubernetesConfigApplyConfiguration) WithTransport(value operatorv1.TransportOption) *OVNKubernetesConfigApplyConfiguration { + b.Transport = &value + return b +} + +// WithNoOverlayConfig sets the NoOverlayConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the NoOverlayConfig field is set to the value of the last call. +func (b *OVNKubernetesConfigApplyConfiguration) WithNoOverlayConfig(value *NoOverlayConfigApplyConfiguration) *OVNKubernetesConfigApplyConfiguration { + b.NoOverlayConfig = value + return b +} + +// WithBGPManagedConfig sets the BGPManagedConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the BGPManagedConfig field is set to the value of the last call. +func (b *OVNKubernetesConfigApplyConfiguration) WithBGPManagedConfig(value *BGPManagedConfigApplyConfiguration) *OVNKubernetesConfigApplyConfiguration { + b.BGPManagedConfig = value + return b +} diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallercomponent.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallercomponent.go index 1de725d88e..17044ff5cf 100644 --- a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallercomponent.go +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallercomponent.go @@ -11,13 +11,12 @@ import ( // // ClusterAPIInstallerComponent defines a component which will be installed by this revision. type ClusterAPIInstallerComponentApplyConfiguration struct { - // type is the source type of the component. - // The only valid value is Image. - // When set to Image, the image field must be set and will define an image source for the component. - Type *operatorv1alpha1.InstallerComponentType `json:"type,omitempty"` - // image defines an image source for a component. The image must contain a - // /capi-operator-installer directory containing the component manifests. - Image *ClusterAPIInstallerComponentImageApplyConfiguration `json:"image,omitempty"` + // name is the human-readable name of the component. The value has no + // effect, and will not be set if the component does not define a name in + // its manifests. If set it must consist of alphanumeric characters, or + // '-', and may not exceed 255 characters. + Name *string `json:"name,omitempty"` + ClusterAPIInstallerComponentSourceApplyConfiguration `json:",inline"` } // ClusterAPIInstallerComponentApplyConfiguration constructs a declarative configuration of the ClusterAPIInstallerComponent type for use with @@ -26,11 +25,19 @@ func ClusterAPIInstallerComponent() *ClusterAPIInstallerComponentApplyConfigurat return &ClusterAPIInstallerComponentApplyConfiguration{} } +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *ClusterAPIInstallerComponentApplyConfiguration) WithName(value string) *ClusterAPIInstallerComponentApplyConfiguration { + b.Name = &value + return b +} + // WithType sets the Type field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Type field is set to the value of the last call. func (b *ClusterAPIInstallerComponentApplyConfiguration) WithType(value operatorv1alpha1.InstallerComponentType) *ClusterAPIInstallerComponentApplyConfiguration { - b.Type = &value + b.ClusterAPIInstallerComponentSourceApplyConfiguration.Type = &value return b } @@ -38,6 +45,6 @@ func (b *ClusterAPIInstallerComponentApplyConfiguration) WithType(value operator // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Image field is set to the value of the last call. func (b *ClusterAPIInstallerComponentApplyConfiguration) WithImage(value *ClusterAPIInstallerComponentImageApplyConfiguration) *ClusterAPIInstallerComponentApplyConfiguration { - b.Image = value + b.ClusterAPIInstallerComponentSourceApplyConfiguration.Image = value return b } diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallercomponentsource.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallercomponentsource.go new file mode 100644 index 0000000000..03f0ac94ee --- /dev/null +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallercomponentsource.go @@ -0,0 +1,43 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + operatorv1alpha1 "github.com/openshift/api/operator/v1alpha1" +) + +// ClusterAPIInstallerComponentSourceApplyConfiguration represents a declarative configuration of the ClusterAPIInstallerComponentSource type for use +// with apply. +// +// ClusterAPIInstallerComponentSource defines the source of a component which will be installed by this revision. +type ClusterAPIInstallerComponentSourceApplyConfiguration struct { + // type is the source type of the component. + // The only valid value is Image. + // When set to Image, the image field must be set and will define an image source for the component. + Type *operatorv1alpha1.InstallerComponentType `json:"type,omitempty"` + // image defines an image source for a component. The image must contain a + // /capi-operator-installer directory containing the component manifests. + Image *ClusterAPIInstallerComponentImageApplyConfiguration `json:"image,omitempty"` +} + +// ClusterAPIInstallerComponentSourceApplyConfiguration constructs a declarative configuration of the ClusterAPIInstallerComponentSource type for use with +// apply. +func ClusterAPIInstallerComponentSource() *ClusterAPIInstallerComponentSourceApplyConfiguration { + return &ClusterAPIInstallerComponentSourceApplyConfiguration{} +} + +// WithType sets the Type field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Type field is set to the value of the last call. +func (b *ClusterAPIInstallerComponentSourceApplyConfiguration) WithType(value operatorv1alpha1.InstallerComponentType) *ClusterAPIInstallerComponentSourceApplyConfiguration { + b.Type = &value + return b +} + +// WithImage sets the Image field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Image field is set to the value of the last call. +func (b *ClusterAPIInstallerComponentSourceApplyConfiguration) WithImage(value *ClusterAPIInstallerComponentImageApplyConfiguration) *ClusterAPIInstallerComponentSourceApplyConfiguration { + b.Image = value + return b +} diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallerrevision.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallerrevision.go index fbd3687f68..1206e0825c 100644 --- a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallerrevision.go +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallerrevision.go @@ -21,6 +21,11 @@ type ClusterAPIInstallerRevisionApplyConfiguration struct { // revision, but which should not be installed or updated. If not set, all // CRDs in the revision will be managed by the CAPI operator. UnmanagedCustomResourceDefinitions []string `json:"unmanagedCustomResourceDefinitions,omitempty"` + // manifestSubstitutions is a list of envsubst style substitutions which + // will be applied to manifests in the revision during rendering. If + // defined it must not be empty, and may not contain more than 32 items. + // Each manifest substitution must have a unique key. + ManifestSubstitutions []ClusterAPIInstallerRevisionManifestSubstitutionApplyConfiguration `json:"manifestSubstitutions,omitempty"` // components is a list of components which will be installed by this // revision. Components will be installed in the order they are listed. If // omitted no components will be installed. @@ -69,6 +74,19 @@ func (b *ClusterAPIInstallerRevisionApplyConfiguration) WithUnmanagedCustomResou return b } +// WithManifestSubstitutions adds the given value to the ManifestSubstitutions field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the ManifestSubstitutions field. +func (b *ClusterAPIInstallerRevisionApplyConfiguration) WithManifestSubstitutions(values ...*ClusterAPIInstallerRevisionManifestSubstitutionApplyConfiguration) *ClusterAPIInstallerRevisionApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithManifestSubstitutions") + } + b.ManifestSubstitutions = append(b.ManifestSubstitutions, *values[i]) + } + return b +} + // WithComponents adds the given value to the Components field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the Components field. diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallerrevisionmanifestsubstitution.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallerrevisionmanifestsubstitution.go new file mode 100644 index 0000000000..1731b5cb3b --- /dev/null +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapiinstallerrevisionmanifestsubstitution.go @@ -0,0 +1,43 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// ClusterAPIInstallerRevisionManifestSubstitutionApplyConfiguration represents a declarative configuration of the ClusterAPIInstallerRevisionManifestSubstitution type for use +// with apply. +// +// ClusterAPIInstallerRevisionManifestSubstitution defines an envsubst style +// substitution which will be applied to manifests in a revision during +// rendering. +type ClusterAPIInstallerRevisionManifestSubstitutionApplyConfiguration struct { + // key is the name of the envsubst variable to substitute. It must be a + // valid envsubst variable name, consisting of letters, digits, and + // underscores, and must start with a letter or underscore. The key must + // not be empty, and must not exceed 255 characters. + Key *string `json:"key,omitempty"` + // value is the value to substitute for the envsubst variable. It may be + // empty, in which case the variable will be substituted with an empty + // string. The value must not exceed 4096 characters. + Value *string `json:"value,omitempty"` +} + +// ClusterAPIInstallerRevisionManifestSubstitutionApplyConfiguration constructs a declarative configuration of the ClusterAPIInstallerRevisionManifestSubstitution type for use with +// apply. +func ClusterAPIInstallerRevisionManifestSubstitution() *ClusterAPIInstallerRevisionManifestSubstitutionApplyConfiguration { + return &ClusterAPIInstallerRevisionManifestSubstitutionApplyConfiguration{} +} + +// WithKey sets the Key field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Key field is set to the value of the last call. +func (b *ClusterAPIInstallerRevisionManifestSubstitutionApplyConfiguration) WithKey(value string) *ClusterAPIInstallerRevisionManifestSubstitutionApplyConfiguration { + b.Key = &value + return b +} + +// WithValue sets the Value field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Value field is set to the value of the last call. +func (b *ClusterAPIInstallerRevisionManifestSubstitutionApplyConfiguration) WithValue(value string) *ClusterAPIInstallerRevisionManifestSubstitutionApplyConfiguration { + b.Value = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapistatus.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapistatus.go index a684c0a6ce..300921f5bd 100644 --- a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapistatus.go +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1/clusterapistatus.go @@ -30,6 +30,9 @@ type ClusterAPIStatusApplyConfiguration struct { // When adding a revision, the revision number must be greater than the highest revision number in the list. // Revisions are immutable, although they can be deleted. Revisions []ClusterAPIInstallerRevisionApplyConfiguration `json:"revisions,omitempty"` + // observedRevisionGeneration is the generation of the ClusterAPI object that was last observed by the revision controller. + // If specified it must be greater than or equal to 1, and less than 2^53. It may not decrease or be unset once set. + ObservedRevisionGeneration *int64 `json:"observedRevisionGeneration,omitempty"` } // ClusterAPIStatusApplyConfiguration constructs a declarative configuration of the ClusterAPIStatus type for use with @@ -66,3 +69,11 @@ func (b *ClusterAPIStatusApplyConfiguration) WithRevisions(values ...*ClusterAPI } return b } + +// WithObservedRevisionGeneration sets the ObservedRevisionGeneration field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ObservedRevisionGeneration field is set to the value of the last call. +func (b *ClusterAPIStatusApplyConfiguration) WithObservedRevisionGeneration(value int64) *ClusterAPIStatusApplyConfiguration { + b.ObservedRevisionGeneration = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/utils.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/utils.go index 3d08f40d09..41aa696852 100644 --- a/vendor/github.com/openshift/client-go/operator/applyconfigurations/utils.go +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/utils.go @@ -50,6 +50,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &operatorv1.AzureCSIDriverConfigSpecApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("AzureDiskEncryptionSet"): return &operatorv1.AzureDiskEncryptionSetApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("BGPManagedConfig"): + return &operatorv1.BGPManagedConfigApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("BootImageSkewEnforcementConfig"): return &operatorv1.BootImageSkewEnforcementConfigApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("BootImageSkewEnforcementStatus"): @@ -318,6 +320,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &operatorv1.NodePortStrategyApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("NodeStatus"): return &operatorv1.NodeStatusApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("NoOverlayConfig"): + return &operatorv1.NoOverlayConfigApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("OAuthAPIServerStatus"): return &operatorv1.OAuthAPIServerStatusApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("OLM"): @@ -444,8 +448,12 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &operatorv1alpha1.ClusterAPIInstallerComponentApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("ClusterAPIInstallerComponentImage"): return &operatorv1alpha1.ClusterAPIInstallerComponentImageApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("ClusterAPIInstallerComponentSource"): + return &operatorv1alpha1.ClusterAPIInstallerComponentSourceApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("ClusterAPIInstallerRevision"): return &operatorv1alpha1.ClusterAPIInstallerRevisionApplyConfiguration{} + case v1alpha1.SchemeGroupVersion.WithKind("ClusterAPIInstallerRevisionManifestSubstitution"): + return &operatorv1alpha1.ClusterAPIInstallerRevisionManifestSubstitutionApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("ClusterAPISpec"): return &operatorv1alpha1.ClusterAPISpecApplyConfiguration{} case v1alpha1.SchemeGroupVersion.WithKind("ClusterAPIStatus"): diff --git a/vendor/github.com/openshift/client-go/security/applyconfigurations/internal/internal.go b/vendor/github.com/openshift/client-go/security/applyconfigurations/internal/internal.go index dcb584450d..851c515a23 100644 --- a/vendor/github.com/openshift/client-go/security/applyconfigurations/internal/internal.go +++ b/vendor/github.com/openshift/client-go/security/applyconfigurations/internal/internal.go @@ -23,6 +23,148 @@ func Parser() *typed.Parser { var parserOnce sync.Once var parser *typed.Parser var schemaYAML = typed.YAMLObject(`types: +- name: FieldsV1.v1.meta.apis.pkg.apimachinery.k8s.io + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: ManagedFieldsEntry.v1.meta.apis.pkg.apimachinery.k8s.io + map: + fields: + - name: apiVersion + type: + scalar: string + - name: fieldsType + type: + scalar: string + - name: fieldsV1 + type: + namedType: FieldsV1.v1.meta.apis.pkg.apimachinery.k8s.io + - name: manager + type: + scalar: string + - name: operation + type: + scalar: string + - name: subresource + type: + scalar: string + - name: time + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io +- name: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io + map: + fields: + - name: annotations + type: + map: + elementType: + scalar: string + - name: creationTimestamp + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: deletionGracePeriodSeconds + type: + scalar: numeric + - name: deletionTimestamp + type: + namedType: Time.v1.meta.apis.pkg.apimachinery.k8s.io + - name: finalizers + type: + list: + elementType: + scalar: string + elementRelationship: associative + - name: generateName + type: + scalar: string + - name: generation + type: + scalar: numeric + - name: labels + type: + map: + elementType: + scalar: string + - name: managedFields + type: + list: + elementType: + namedType: ManagedFieldsEntry.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: atomic + - name: name + type: + scalar: string + - name: namespace + type: + scalar: string + - name: ownerReferences + type: + list: + elementType: + namedType: OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io + elementRelationship: associative + keys: + - uid + - name: resourceVersion + type: + scalar: string + - name: selfLink + type: + scalar: string + - name: uid + type: + scalar: string +- name: OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io + map: + fields: + - name: apiVersion + type: + scalar: string + default: "" + - name: blockOwnerDeletion + type: + scalar: boolean + - name: controller + type: + scalar: boolean + - name: kind + type: + scalar: string + default: "" + - name: name + type: + scalar: string + default: "" + - name: uid + type: + scalar: string + default: "" + elementRelationship: atomic +- name: SELinuxOptions.v1.core.api.k8s.io + map: + fields: + - name: level + type: + scalar: string + - name: role + type: + scalar: string + - name: type + type: + scalar: string + - name: user + type: + scalar: string +- name: Time.v1.meta.apis.pkg.apimachinery.k8s.io + scalar: untyped - name: com.github.openshift.api.security.v1.AllowedFlexVolume map: fields: @@ -65,7 +207,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: range type: @@ -91,7 +233,7 @@ var schemaYAML = typed.YAMLObject(`types: fields: - name: seLinuxOptions type: - namedType: io.k8s.api.core.v1.SELinuxOptions + namedType: SELinuxOptions.v1.core.api.k8s.io - name: type type: scalar: string @@ -176,7 +318,7 @@ var schemaYAML = typed.YAMLObject(`types: scalar: string - name: metadata type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + namedType: ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io default: {} - name: priority type: @@ -237,148 +379,6 @@ var schemaYAML = typed.YAMLObject(`types: - name: type type: scalar: string -- name: io.k8s.api.core.v1.SELinuxOptions - map: - fields: - - name: level - type: - scalar: string - - name: role - type: - scalar: string - - name: type - type: - scalar: string - - name: user - type: - scalar: string -- name: io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1 - map: - elementType: - scalar: untyped - list: - elementType: - namedType: __untyped_atomic_ - elementRelationship: atomic - map: - elementType: - namedType: __untyped_deduced_ - elementRelationship: separable -- name: io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry - map: - fields: - - name: apiVersion - type: - scalar: string - - name: fieldsType - type: - scalar: string - - name: fieldsV1 - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1 - - name: manager - type: - scalar: string - - name: operation - type: - scalar: string - - name: subresource - type: - scalar: string - - name: time - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time -- name: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - map: - fields: - - name: annotations - type: - map: - elementType: - scalar: string - - name: creationTimestamp - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: deletionGracePeriodSeconds - type: - scalar: numeric - - name: deletionTimestamp - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time - - name: finalizers - type: - list: - elementType: - scalar: string - elementRelationship: associative - - name: generateName - type: - scalar: string - - name: generation - type: - scalar: numeric - - name: labels - type: - map: - elementType: - scalar: string - - name: managedFields - type: - list: - elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry - elementRelationship: atomic - - name: name - type: - scalar: string - - name: namespace - type: - scalar: string - - name: ownerReferences - type: - list: - elementType: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference - elementRelationship: associative - keys: - - uid - - name: resourceVersion - type: - scalar: string - - name: selfLink - type: - scalar: string - - name: uid - type: - scalar: string -- name: io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference - map: - fields: - - name: apiVersion - type: - scalar: string - default: "" - - name: blockOwnerDeletion - type: - scalar: boolean - - name: controller - type: - scalar: boolean - - name: kind - type: - scalar: string - default: "" - - name: name - type: - scalar: string - default: "" - - name: uid - type: - scalar: string - default: "" - elementRelationship: atomic -- name: io.k8s.apimachinery.pkg.apis.meta.v1.Time - scalar: untyped - name: __untyped_atomic_ scalar: untyped list: diff --git a/vendor/github.com/openshift/library-go/pkg/crypto/cert_config.go b/vendor/github.com/openshift/library-go/pkg/crypto/cert_config.go new file mode 100644 index 0000000000..76d71da2ab --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/crypto/cert_config.go @@ -0,0 +1,225 @@ +package crypto + +import ( + "crypto" + "crypto/x509" + "crypto/x509/pkix" + "fmt" + "time" + + "k8s.io/apimachinery/pkg/util/sets" + "k8s.io/apiserver/pkg/authentication/user" +) + +// KeyPairGenerator generates a cryptographic key pair. +type KeyPairGenerator interface { + GenerateKeyPair() (crypto.PublicKey, crypto.PrivateKey, error) +} + +// NewSigningCertificate creates a CA certificate. +// By default it creates a self-signed root CA. Use WithSigner to create an +// intermediate CA signed by a parent CA. +// The name parameter is used as the CommonName unless overridden with WithSubject. +// Optional: WithSigner, WithSubject, WithLifetime (defaults to DefaultCACertificateLifetimeDuration). +func NewSigningCertificate(name string, keyGen KeyPairGenerator, opts ...CertificateOption) (*TLSCertificateConfig, error) { + o := &CertificateOptions{ + lifetime: DefaultCACertificateLifetimeDuration, + } + for _, opt := range opts { + opt(o) + } + + subject := pkix.Name{CommonName: name} + if o.subject != nil { + subject = *o.subject + } + + publicKey, privateKey, err := keyGen.GenerateKeyPair() + if err != nil { + return nil, fmt.Errorf("failed to generate key pair: %w", err) + } + subjectKeyId, err := SubjectKeyIDFromPublicKey(publicKey) + if err != nil { + return nil, fmt.Errorf("failed to compute subject key ID: %w", err) + } + + if o.signer != nil { + // Intermediate CA signed by the provided signer. + authorityKeyId := o.signer.Config.Certs[0].SubjectKeyId + template := newSigningCertificateTemplateForDuration(subject, o.lifetime, time.Now, authorityKeyId, subjectKeyId) + template.SignatureAlgorithm = 0 + template.KeyUsage = KeyUsageForPublicKey(publicKey) | x509.KeyUsageCertSign + + cert, err := o.signer.SignCertificate(template, publicKey) + if err != nil { + return nil, fmt.Errorf("failed to sign certificate: %w", err) + } + + return &TLSCertificateConfig{ + Certs: append([]*x509.Certificate{cert}, o.signer.Config.Certs...), + Key: privateKey, + }, nil + } + + // Self-signed root CA. AuthorityKeyId and SubjectKeyId match. + template := newSigningCertificateTemplateForDuration(subject, o.lifetime, time.Now, subjectKeyId, subjectKeyId) + template.SignatureAlgorithm = 0 + template.KeyUsage = KeyUsageForPublicKey(publicKey) | x509.KeyUsageCertSign + + cert, err := signCertificate(template, publicKey, template, privateKey) + if err != nil { + return nil, fmt.Errorf("failed to sign certificate: %w", err) + } + + return &TLSCertificateConfig{ + Certs: []*x509.Certificate{cert}, + Key: privateKey, + }, nil +} + +// NewServerCertificate creates a server/serving certificate signed by this CA. +// Optional: WithLifetime (defaults to DefaultCertificateLifetimeDuration), WithExtensions. +func (ca *CA) NewServerCertificate(hostnames sets.Set[string], keyGen KeyPairGenerator, opts ...CertificateOption) (*TLSCertificateConfig, error) { + o := &CertificateOptions{ + lifetime: DefaultCertificateLifetimeDuration, + } + for _, opt := range opts { + opt(o) + } + + publicKey, privateKey, err := keyGen.GenerateKeyPair() + if err != nil { + return nil, fmt.Errorf("failed to generate key pair: %w", err) + } + subjectKeyId, err := SubjectKeyIDFromPublicKey(publicKey) + if err != nil { + return nil, fmt.Errorf("failed to compute subject key ID: %w", err) + } + + sortedHostnames := sets.List(hostnames) + authorityKeyId := ca.Config.Certs[0].SubjectKeyId + template := newServerCertificateTemplateForDuration( + pkix.Name{CommonName: sortedHostnames[0]}, + sortedHostnames, + o.lifetime, + time.Now, + authorityKeyId, + subjectKeyId, + ) + // Let x509.CreateCertificate auto-detect the signature algorithm from the CA's key. + template.SignatureAlgorithm = 0 + template.KeyUsage = KeyUsageForPublicKey(publicKey) + + for _, fn := range o.extensionFns { + if err := fn(template); err != nil { + return nil, fmt.Errorf("failed to apply certificate extension: %w", err) + } + } + + cert, err := ca.SignCertificate(template, publicKey) + if err != nil { + return nil, fmt.Errorf("failed to sign certificate: %w", err) + } + + return &TLSCertificateConfig{ + Certs: append([]*x509.Certificate{cert}, ca.Config.Certs...), + Key: privateKey, + }, nil +} + +// NewClientCertificate creates a client certificate signed by this CA. +// Optional: WithLifetime (defaults to DefaultCertificateLifetimeDuration). +func (ca *CA) NewClientCertificate(u user.Info, keyGen KeyPairGenerator, opts ...CertificateOption) (*TLSCertificateConfig, error) { + o := &CertificateOptions{ + lifetime: DefaultCertificateLifetimeDuration, + } + for _, opt := range opts { + opt(o) + } + + publicKey, privateKey, err := keyGen.GenerateKeyPair() + if err != nil { + return nil, fmt.Errorf("failed to generate key pair: %w", err) + } + subjectKeyId, err := SubjectKeyIDFromPublicKey(publicKey) + if err != nil { + return nil, fmt.Errorf("failed to compute subject key ID: %w", err) + } + + authorityKeyId := ca.Config.Certs[0].SubjectKeyId + template := NewClientCertificateTemplateForDuration(UserToSubject(u), o.lifetime, time.Now) + template.AuthorityKeyId = authorityKeyId + template.SubjectKeyId = subjectKeyId + // Let x509.CreateCertificate auto-detect the signature algorithm from the CA's key. + template.SignatureAlgorithm = 0 + template.KeyUsage = KeyUsageForPublicKey(publicKey) + + cert, err := ca.SignCertificate(template, publicKey) + if err != nil { + return nil, fmt.Errorf("failed to sign certificate: %w", err) + } + + return &TLSCertificateConfig{ + Certs: append([]*x509.Certificate{cert}, ca.Config.Certs...), + Key: privateKey, + }, nil +} + +// NewPeerCertificate creates a peer certificate (both server and client auth) +// signed by this CA. +// Optional: WithLifetime (defaults to DefaultCertificateLifetimeDuration), WithExtensions. +func (ca *CA) NewPeerCertificate(hostnames sets.Set[string], u user.Info, keyGen KeyPairGenerator, opts ...CertificateOption) (*TLSCertificateConfig, error) { + o := &CertificateOptions{ + lifetime: DefaultCertificateLifetimeDuration, + } + for _, opt := range opts { + opt(o) + } + + publicKey, privateKey, err := keyGen.GenerateKeyPair() + if err != nil { + return nil, fmt.Errorf("failed to generate key pair: %w", err) + } + subjectKeyId, err := SubjectKeyIDFromPublicKey(publicKey) + if err != nil { + return nil, fmt.Errorf("failed to compute subject key ID: %w", err) + } + + sortedHostnames := sets.List(hostnames) + authorityKeyId := ca.Config.Certs[0].SubjectKeyId + + // Start from a server certificate template for the hostnames. + template := newServerCertificateTemplateForDuration( + pkix.Name{CommonName: sortedHostnames[0]}, + sortedHostnames, + o.lifetime, + time.Now, + authorityKeyId, + subjectKeyId, + ) + // Let x509.CreateCertificate auto-detect the signature algorithm from the CA's key. + template.SignatureAlgorithm = 0 + template.KeyUsage = KeyUsageForPublicKey(publicKey) + + // Set subject from user info for client authentication. + template.Subject = UserToSubject(u) + + // Enable both server and client authentication. + template.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth} + + for _, fn := range o.extensionFns { + if err := fn(template); err != nil { + return nil, fmt.Errorf("failed to apply certificate extension: %w", err) + } + } + + cert, err := ca.SignCertificate(template, publicKey) + if err != nil { + return nil, fmt.Errorf("failed to sign certificate: %w", err) + } + + return &TLSCertificateConfig{ + Certs: append([]*x509.Certificate{cert}, ca.Config.Certs...), + Key: privateKey, + }, nil +} diff --git a/vendor/github.com/openshift/library-go/pkg/crypto/keygen.go b/vendor/github.com/openshift/library-go/pkg/crypto/keygen.go new file mode 100644 index 0000000000..96b7559468 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/crypto/keygen.go @@ -0,0 +1,118 @@ +package crypto + +import ( + "crypto" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/rsa" + "crypto/sha256" + "crypto/x509" + "fmt" +) + +// KeyAlgorithm identifies the key generation algorithm. +type KeyAlgorithm string + +const ( + // RSAKeyAlgorithm specifies RSA key generation. + RSAKeyAlgorithm KeyAlgorithm = "RSA" + // ECDSAKeyAlgorithm specifies ECDSA key generation. + ECDSAKeyAlgorithm KeyAlgorithm = "ECDSA" +) + +// ECDSACurve identifies a named ECDSA curve. +type ECDSACurve string + +const ( + // P256 specifies the NIST P-256 curve (secp256r1), providing 128-bit security. + P256 ECDSACurve = "P256" + // P384 specifies the NIST P-384 curve (secp384r1), providing 192-bit security. + P384 ECDSACurve = "P384" + // P521 specifies the NIST P-521 curve (secp521r1), providing 256-bit security. + P521 ECDSACurve = "P521" +) + +// RSAKeyPairGenerator generates RSA key pairs. +type RSAKeyPairGenerator struct { + // Bits is the RSA key size in bits. Must be >= 2048. + Bits int +} + +func (g RSAKeyPairGenerator) GenerateKeyPair() (crypto.PublicKey, crypto.PrivateKey, error) { + bits := g.Bits + if bits == 0 { + bits = keyBits + } + privateKey, err := rsa.GenerateKey(rand.Reader, bits) + if err != nil { + return nil, nil, err + } + return &privateKey.PublicKey, privateKey, nil +} + +// ECDSAKeyPairGenerator generates ECDSA key pairs. +type ECDSAKeyPairGenerator struct { + // Curve is the named ECDSA curve. + Curve ECDSACurve +} + +func (g ECDSAKeyPairGenerator) GenerateKeyPair() (crypto.PublicKey, crypto.PrivateKey, error) { + curve, err := g.ellipticCurve() + if err != nil { + return nil, nil, err + } + privateKey, err := ecdsa.GenerateKey(curve, rand.Reader) + if err != nil { + return nil, nil, err + } + return &privateKey.PublicKey, privateKey, nil +} + +func (g ECDSAKeyPairGenerator) ellipticCurve() (elliptic.Curve, error) { + switch g.Curve { + case P256: + return elliptic.P256(), nil + case P384: + return elliptic.P384(), nil + case P521: + return elliptic.P521(), nil + default: + return nil, fmt.Errorf("unsupported ECDSA curve: %q", g.Curve) + } +} + +// KeyUsageForPublicKey returns the x509.KeyUsage flags appropriate for the +// given public key type. ECDSA keys use DigitalSignature only; RSA keys also +// include KeyEncipherment. +func KeyUsageForPublicKey(pub crypto.PublicKey) x509.KeyUsage { + switch pub.(type) { + case *ecdsa.PublicKey: + return x509.KeyUsageDigitalSignature + default: + return x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature + } +} + +// SubjectKeyIDFromPublicKey computes a truncated SHA-256 hash suitable for +// use as a certificate SubjectKeyId from any supported public key type. +// This uses the first 160 bits of the SHA-256 hash per RFC 7093, consistent +// with the Go standard library since Go 1.25 (go.dev/issue/71746) and +// Let's Encrypt. Prior Go versions used SHA-1 which is not FIPS-compatible. +func SubjectKeyIDFromPublicKey(pub crypto.PublicKey) ([]byte, error) { + var rawBytes []byte + switch pub := pub.(type) { + case *rsa.PublicKey: + rawBytes = pub.N.Bytes() + case *ecdsa.PublicKey: + ecdhKey, err := pub.ECDH() + if err != nil { + return nil, fmt.Errorf("failed to convert ECDSA public key: %w", err) + } + rawBytes = ecdhKey.Bytes() + default: + return nil, fmt.Errorf("unsupported public key type: %T", pub) + } + hash := sha256.Sum256(rawBytes) + return hash[:20], nil +} diff --git a/vendor/github.com/openshift/library-go/pkg/crypto/options.go b/vendor/github.com/openshift/library-go/pkg/crypto/options.go new file mode 100644 index 0000000000..983b115d22 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/crypto/options.go @@ -0,0 +1,49 @@ +package crypto + +import ( + "crypto/x509/pkix" + "time" +) + +// CertificateOptions holds optional configuration collected from functional options. +type CertificateOptions struct { + lifetime time.Duration + subject *pkix.Name + extensionFns []CertificateExtensionFunc + signer *CA +} + +// CertificateOption is a functional option for certificate creation. +type CertificateOption func(*CertificateOptions) + +// WithLifetime sets the certificate lifetime duration. +func WithLifetime(d time.Duration) CertificateOption { + return func(o *CertificateOptions) { + o.lifetime = d + } +} + +// WithSubject overrides the certificate subject. For signing certificates, +// this overrides the default subject derived from the name parameter. +func WithSubject(s pkix.Name) CertificateOption { + return func(o *CertificateOptions) { + o.subject = &s + } +} + +// WithSigner specifies a CA to sign the certificate. When used with +// NewSigningCertificate, this creates an intermediate CA signed by the +// given CA instead of a self-signed root CA. +func WithSigner(ca *CA) CertificateOption { + return func(o *CertificateOptions) { + o.signer = ca + } +} + +// WithExtensions adds certificate extension functions that are called +// to modify the certificate template before signing. +func WithExtensions(fns ...CertificateExtensionFunc) CertificateOption { + return func(o *CertificateOptions) { + o.extensionFns = append(o.extensionFns, fns...) + } +} diff --git a/vendor/github.com/openshift/library-go/pkg/crypto/tls_adherence.go b/vendor/github.com/openshift/library-go/pkg/crypto/tls_adherence.go new file mode 100644 index 0000000000..ef0e1af51a --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/crypto/tls_adherence.go @@ -0,0 +1,23 @@ +package crypto + +import ( + configv1 "github.com/openshift/api/config/v1" +) + +// ShouldHonorClusterTLSProfile returns true if the component should honor the +// cluster-wide TLS security profile settings from apiserver.config.openshift.io/cluster. +// +// When this returns true (StrictAllComponents mode), components must honor the +// cluster-wide TLS profile unless they have a component-specific TLS configuration +// that overrides it. +// +// Unknown enum values are treated as StrictAllComponents for forward compatibility +// and to default to the more secure behavior. +func ShouldHonorClusterTLSProfile(tlsAdherence configv1.TLSAdherencePolicy) bool { + switch tlsAdherence { + case configv1.TLSAdherencePolicyNoOpinion, configv1.TLSAdherencePolicyLegacyAdheringComponentsOnly: + return false + default: + return true + } +} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/client_cert_rotation_controller.go b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/client_cert_rotation_controller.go index f9ad1fc14b..dbacb066e9 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/client_cert_rotation_controller.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/client_cert_rotation_controller.go @@ -6,13 +6,12 @@ import ( "time" operatorv1 "github.com/openshift/api/operator/v1" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/wait" - "github.com/openshift/library-go/pkg/controller/factory" "github.com/openshift/library-go/pkg/operator/condition" "github.com/openshift/library-go/pkg/operator/events" "github.com/openshift/library-go/pkg/operator/v1helpers" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/wait" ) const ( @@ -80,6 +79,7 @@ func NewCertRotationController( RotatedSelfSignedCertKeySecret: rotatedSelfSignedCertKeySecret, StatusReporter: reporter, } + return factory.New(). ResyncEvery(time.Minute). WithSync(c.Sync). diff --git a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/signer.go b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/signer.go index c2c8b8368f..019cce7d5a 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/signer.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/signer.go @@ -9,6 +9,7 @@ import ( "github.com/openshift/library-go/pkg/crypto" "github.com/openshift/library-go/pkg/operator/events" "github.com/openshift/library-go/pkg/operator/resource/resourcehelper" + "github.com/openshift/library-go/pkg/pki" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -48,6 +49,13 @@ type RotatedSigningCASecret struct { // AdditionalAnnotations is a collection of annotations set for the secret AdditionalAnnotations AdditionalAnnotations + // CertificateName is the logical name of this certificate for PKI profile resolution. + CertificateName string + + // PKIProfileProvider, when non-nil, enables ConfigurablePKI certificate + // key algorithm resolution. When nil, legacy certificate generation is used. + PKIProfileProvider pki.PKIProfileProvider + // Plumbing: Informer corev1informers.SecretInformer Lister corev1listers.SecretLister @@ -87,12 +95,12 @@ func (c RotatedSigningCASecret) EnsureSigningCertKeyPair(ctx context.Context) (* // run Update if signer content needs changing signerUpdated := false - if needed, reason := needNewSigningCertKeyPair(signingCertKeyPairSecret, c.Refresh, c.RefreshOnlyWhenExpired); needed || creationRequired { + if needed, reason := c.needNewSigningCertKeyPair(signingCertKeyPairSecret); needed || creationRequired { if creationRequired { reason = "secret doesn't exist" } c.EventRecorder.Eventf("SignerUpdateRequired", "%q in %q requires a new signing cert/key pair: %v", c.Name, c.Namespace, reason) - if err = setSigningCertKeyPairSecretAndTLSAnnotations(signingCertKeyPairSecret, c.Validity, c.Refresh, c.AdditionalAnnotations); err != nil { + if err = c.setSigningCertKeyPairSecretAndTLSAnnotations(signingCertKeyPairSecret); err != nil { return nil, false, err } @@ -149,7 +157,7 @@ func ensureOwnerReference(meta *metav1.ObjectMeta, owner *metav1.OwnerReference) return false } -func needNewSigningCertKeyPair(secret *corev1.Secret, refresh time.Duration, refreshOnlyWhenExpired bool) (bool, string) { +func (c RotatedSigningCASecret) needNewSigningCertKeyPair(secret *corev1.Secret) (bool, string) { annotations := secret.Annotations notBefore, notAfter, reason := getValidityFromAnnotations(annotations) if len(reason) > 0 { @@ -160,7 +168,7 @@ func needNewSigningCertKeyPair(secret *corev1.Secret, refresh time.Duration, ref return true, "already expired" } - if refreshOnlyWhenExpired { + if c.RefreshOnlyWhenExpired { return false, "" } @@ -170,7 +178,7 @@ func needNewSigningCertKeyPair(secret *corev1.Secret, refresh time.Duration, ref return true, fmt.Sprintf("past refresh time (80%% of validity): %v", at80Percent) } - developerSpecifiedRefresh := notBefore.Add(refresh) + developerSpecifiedRefresh := notBefore.Add(c.Refresh) if time.Now().After(developerSpecifiedRefresh) { return true, fmt.Sprintf("past its refresh time %v", developerSpecifiedRefresh) } @@ -199,22 +207,67 @@ func getValidityFromAnnotations(annotations map[string]string) (notBefore time.T return notBefore, notAfter, "" } +func (c RotatedSigningCASecret) resolveKeyPairGenerator() (crypto.KeyPairGenerator, error) { + return resolveKeyPairGeneratorWithFallback(c.PKIProfileProvider, pki.CertificateTypeSigner, c.CertificateName) +} + +// resolveKeyPairGeneratorWithFallback resolves the key pair generator from the +// PKI profile provider. Returns nil for Unmanaged mode (no key override). +// +// TODO(sanchezl): Remove the fallback to DefaultPKIProfile() once installer +// support for the PKI resource is in place. Until then, the PKI resource may +// not exist in TechPreview clusters. Once removed, callers can use +// pki.ResolveCertificateConfig directly. +func resolveKeyPairGeneratorWithFallback(provider pki.PKIProfileProvider, certType pki.CertificateType, name string) (crypto.KeyPairGenerator, error) { + cfg, err := pki.ResolveCertificateConfig(provider, certType, name) + if err != nil { + klog.Warningf("Failed to resolve PKI config for %s %q, falling back to default profile: %v", certType, name, err) + defaultProfile := pki.DefaultPKIProfile() + cfg, err = pki.ResolveCertificateConfig(pki.NewStaticPKIProfileProvider(&defaultProfile), certType, name) + if err != nil { + return nil, err + } + } + if cfg == nil { + return nil, nil + } + return cfg.Key, nil +} + // setSigningCertKeyPairSecretAndTLSAnnotations generates a new signing certificate and key pair, // stores them in the specified secret, and adds predefined TLS annotations to that secret. -func setSigningCertKeyPairSecretAndTLSAnnotations(signingCertKeyPairSecret *corev1.Secret, validity, refresh time.Duration, tlsAnnotations AdditionalAnnotations) error { - ca, err := setSigningCertKeyPairSecret(signingCertKeyPairSecret, validity) +func (c RotatedSigningCASecret) setSigningCertKeyPairSecretAndTLSAnnotations(signingCertKeyPairSecret *corev1.Secret) error { + ca, err := c.setSigningCertKeyPairSecret(signingCertKeyPairSecret) if err != nil { return err } - setTLSAnnotationsOnSigningCertKeyPairSecret(signingCertKeyPairSecret, ca, refresh, tlsAnnotations) + c.setTLSAnnotationsOnSigningCertKeyPairSecret(signingCertKeyPairSecret, ca) return nil } -// setSigningCertKeyPairSecret creates a new signing cert/key pair and sets them in the secret -func setSigningCertKeyPairSecret(signingCertKeyPairSecret *corev1.Secret, validity time.Duration) (*crypto.TLSCertificateConfig, error) { +// setSigningCertKeyPairSecret creates a new signing cert/key pair and sets them in the secret. +func (c RotatedSigningCASecret) setSigningCertKeyPairSecret(signingCertKeyPairSecret *corev1.Secret) (*crypto.TLSCertificateConfig, error) { signerName := fmt.Sprintf("%s_%s@%d", signingCertKeyPairSecret.Namespace, signingCertKeyPairSecret.Name, time.Now().Unix()) - ca, err := crypto.MakeSelfSignedCAConfigForDuration(signerName, validity) + + var ca *crypto.TLSCertificateConfig + var err error + if c.PKIProfileProvider != nil { + keyGen, err := c.resolveKeyPairGenerator() + if err != nil { + return nil, err + } + if keyGen != nil { + ca, err = crypto.NewSigningCertificate(signerName, keyGen, crypto.WithLifetime(c.Validity)) + if err != nil { + return nil, err + } + } + // nil keyGen means Unmanaged: fall through to legacy cert generation + } + if ca == nil { + ca, err = crypto.MakeSelfSignedCAConfigForDuration(signerName, c.Validity) + } if err != nil { return nil, err } @@ -243,11 +296,12 @@ func setSigningCertKeyPairSecret(signingCertKeyPairSecret *corev1.Secret, validi // // These assumptions are safe because this function is only called after the secret // has been initialized in setSigningCertKeyPairSecret. -func setTLSAnnotationsOnSigningCertKeyPairSecret(signingCertKeyPairSecret *corev1.Secret, ca *crypto.TLSCertificateConfig, refresh time.Duration, tlsAnnotations AdditionalAnnotations) { +func (c RotatedSigningCASecret) setTLSAnnotationsOnSigningCertKeyPairSecret(signingCertKeyPairSecret *corev1.Secret, ca *crypto.TLSCertificateConfig) { signingCertKeyPairSecret.Annotations[CertificateIssuer] = ca.Certs[0].Issuer.CommonName + tlsAnnotations := c.AdditionalAnnotations tlsAnnotations.NotBefore = ca.Certs[0].NotBefore.Format(time.RFC3339) tlsAnnotations.NotAfter = ca.Certs[0].NotAfter.Format(time.RFC3339) - tlsAnnotations.RefreshPeriod = refresh.String() + tlsAnnotations.RefreshPeriod = c.Refresh.String() _ = tlsAnnotations.EnsureTLSMetadataUpdate(&signingCertKeyPairSecret.ObjectMeta) } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/target.go b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/target.go index 88cd41189e..b76c494402 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/target.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/target.go @@ -18,6 +18,7 @@ import ( "github.com/openshift/library-go/pkg/crypto" "github.com/openshift/library-go/pkg/operator/events" "github.com/openshift/library-go/pkg/operator/resource/resourcehelper" + "github.com/openshift/library-go/pkg/pki" corev1informers "k8s.io/client-go/informers/core/v1" corev1client "k8s.io/client-go/kubernetes/typed/core/v1" corev1listers "k8s.io/client-go/listers/core/v1" @@ -64,6 +65,13 @@ type RotatedSelfSignedCertKeySecret struct { // CertCreator does the actual cert generation. CertCreator TargetCertCreator + // CertificateName is the logical name of this certificate for PKI profile resolution. + CertificateName string + + // PKIProfileProvider, when non-nil, enables ConfigurablePKI certificate + // key algorithm resolution. When nil, legacy certificate generation is used. + PKIProfileProvider pki.PKIProfileProvider + // Plumbing: Informer corev1informers.SecretInformer Lister corev1listers.SecretLister @@ -72,12 +80,15 @@ type RotatedSelfSignedCertKeySecret struct { } type TargetCertCreator interface { - // NewCertificate creates a new key-cert pair with the given signer. - NewCertificate(signer *crypto.CA, validity time.Duration) (*crypto.TLSCertificateConfig, error) + // NewCertificate creates a new key-cert pair with the given signer. If keyGen + // is non-nil, it is used to generate the key pair; otherwise legacy defaults are used. + NewCertificate(signer *crypto.CA, validity time.Duration, keyGen crypto.KeyPairGenerator) (*crypto.TLSCertificateConfig, error) // NeedNewTargetCertKeyPair decides whether a new cert-key pair is needed. It returns a non-empty reason if it is the case. NeedNewTargetCertKeyPair(currentCertSecret *corev1.Secret, signer *crypto.CA, caBundleCerts []*x509.Certificate, refresh time.Duration, refreshOnlyWhenExpired, creationRequired bool) string // SetAnnotations gives an option to override or set additional annotations SetAnnotations(cert *crypto.TLSCertificateConfig, annotations map[string]string) map[string]string + // CertificateType returns the category of certificate this creator produces. + CertificateType() pki.CertificateType } // TargetCertRechecker is an optional interface to be implemented by the TargetCertCreator to enforce @@ -121,7 +132,7 @@ func (c RotatedSelfSignedCertKeySecret) EnsureTargetCertKeyPair(ctx context.Cont if reason := c.CertCreator.NeedNewTargetCertKeyPair(targetCertKeyPairSecret, signingCertKeyPair, caBundleCerts, c.Refresh, c.RefreshOnlyWhenExpired, creationRequired); len(reason) > 0 { c.EventRecorder.Eventf("TargetUpdateRequired", "%q in %q requires a new target cert/key pair: %v", c.Name, c.Namespace, reason) - if err = setTargetCertKeyPairSecretAndTLSAnnotations(targetCertKeyPairSecret, c.Validity, c.Refresh, signingCertKeyPair, c.CertCreator, c.AdditionalAnnotations); err != nil { + if err = c.setTargetCertKeyPairSecretAndTLSAnnotations(targetCertKeyPairSecret, signingCertKeyPair); err != nil { return nil, err } @@ -239,19 +250,19 @@ func needNewTargetCertKeyPairForTime(annotations map[string]string, signer *cryp // setTargetCertKeyPairSecretAndTLSAnnotations generates a new cert/key pair, // stores them in the specified secret, and adds predefined TLS annotations to that secret. -func setTargetCertKeyPairSecretAndTLSAnnotations(targetCertKeyPairSecret *corev1.Secret, validity, refresh time.Duration, signer *crypto.CA, certCreator TargetCertCreator, tlsAnnotations AdditionalAnnotations) error { - certKeyPair, err := setTargetCertKeyPairSecret(targetCertKeyPairSecret, validity, signer, certCreator) +func (c RotatedSelfSignedCertKeySecret) setTargetCertKeyPairSecretAndTLSAnnotations(targetCertKeyPairSecret *corev1.Secret, signer *crypto.CA) error { + certKeyPair, err := c.setTargetCertKeyPairSecret(targetCertKeyPairSecret, signer) if err != nil { return err } - setTLSAnnotationsOnTargetCertKeyPairSecret(targetCertKeyPairSecret, certKeyPair, certCreator, refresh, tlsAnnotations) + c.setTLSAnnotationsOnTargetCertKeyPairSecret(targetCertKeyPairSecret, certKeyPair) return nil } // setTargetCertKeyPairSecret creates a new cert/key pair and sets them in the secret. Only one of client, serving, or signer rotation may be specified. // TODO refactor with an interface for actually signing and move the one-of check higher in the stack. -func setTargetCertKeyPairSecret(targetCertKeyPairSecret *corev1.Secret, validity time.Duration, signer *crypto.CA, certCreator TargetCertCreator) (*crypto.TLSCertificateConfig, error) { +func (c RotatedSelfSignedCertKeySecret) setTargetCertKeyPairSecret(targetCertKeyPairSecret *corev1.Secret, signer *crypto.CA) (*crypto.TLSCertificateConfig, error) { if targetCertKeyPairSecret.Annotations == nil { targetCertKeyPairSecret.Annotations = map[string]string{} } @@ -260,13 +271,22 @@ func setTargetCertKeyPairSecret(targetCertKeyPairSecret *corev1.Secret, validity } // our annotation is based on our cert validity, so we want to make sure that we don't specify something past our signer - targetValidity := validity + targetValidity := c.Validity remainingSignerValidity := signer.Config.Certs[0].NotAfter.Sub(time.Now()) - if remainingSignerValidity < validity { + if remainingSignerValidity < targetValidity { targetValidity = remainingSignerValidity } - certKeyPair, err := certCreator.NewCertificate(signer, targetValidity) + var keyGen crypto.KeyPairGenerator + if c.PKIProfileProvider != nil { + var err error + keyGen, err = c.resolveKeyPairGenerator() + if err != nil { + return nil, err + } + } + + certKeyPair, err := c.CertCreator.NewCertificate(signer, targetValidity, keyGen) if err != nil { return nil, err } @@ -282,22 +302,34 @@ func setTargetCertKeyPairSecret(targetCertKeyPairSecret *corev1.Secret, validity // // These assumptions are safe because this function is only called after the secret // has been initialized in setTargetCertKeyPairSecret. -func setTLSAnnotationsOnTargetCertKeyPairSecret(targetCertKeyPairSecret *corev1.Secret, certKeyPair *crypto.TLSCertificateConfig, certCreator TargetCertCreator, refresh time.Duration, tlsAnnotations AdditionalAnnotations) { +func (c RotatedSelfSignedCertKeySecret) setTLSAnnotationsOnTargetCertKeyPairSecret(targetCertKeyPairSecret *corev1.Secret, certKeyPair *crypto.TLSCertificateConfig) { targetCertKeyPairSecret.Annotations[CertificateIssuer] = certKeyPair.Certs[0].Issuer.CommonName + tlsAnnotations := c.AdditionalAnnotations tlsAnnotations.NotBefore = certKeyPair.Certs[0].NotBefore.Format(time.RFC3339) tlsAnnotations.NotAfter = certKeyPair.Certs[0].NotAfter.Format(time.RFC3339) - tlsAnnotations.RefreshPeriod = refresh.String() + tlsAnnotations.RefreshPeriod = c.Refresh.String() _ = tlsAnnotations.EnsureTLSMetadataUpdate(&targetCertKeyPairSecret.ObjectMeta) - certCreator.SetAnnotations(certKeyPair, targetCertKeyPairSecret.Annotations) + c.CertCreator.SetAnnotations(certKeyPair, targetCertKeyPairSecret.Annotations) +} + +func (c RotatedSelfSignedCertKeySecret) resolveKeyPairGenerator() (crypto.KeyPairGenerator, error) { + return resolveKeyPairGeneratorWithFallback(c.PKIProfileProvider, c.CertCreator.CertificateType(), c.CertificateName) } type ClientRotation struct { UserInfo user.Info } -func (r *ClientRotation) NewCertificate(signer *crypto.CA, validity time.Duration) (*crypto.TLSCertificateConfig, error) { +func (r *ClientRotation) CertificateType() pki.CertificateType { + return pki.CertificateTypeClient +} + +func (r *ClientRotation) NewCertificate(signer *crypto.CA, validity time.Duration, keyGen crypto.KeyPairGenerator) (*crypto.TLSCertificateConfig, error) { + if keyGen != nil { + return signer.NewClientCertificate(r.UserInfo, keyGen, crypto.WithLifetime(validity)) + } return signer.MakeClientCertificateForDuration(r.UserInfo, validity) } @@ -315,11 +347,23 @@ type ServingRotation struct { HostnamesChanged <-chan struct{} } -func (r *ServingRotation) NewCertificate(signer *crypto.CA, validity time.Duration) (*crypto.TLSCertificateConfig, error) { - if len(r.Hostnames()) == 0 { +func (r *ServingRotation) CertificateType() pki.CertificateType { + return pki.CertificateTypeServing +} + +func (r *ServingRotation) NewCertificate(signer *crypto.CA, validity time.Duration, keyGen crypto.KeyPairGenerator) (*crypto.TLSCertificateConfig, error) { + hostnames := r.Hostnames() + if len(hostnames) == 0 { return nil, fmt.Errorf("no hostnames set") } - return signer.MakeServerCertForDuration(sets.New(r.Hostnames()...), validity, r.CertificateExtensionFn...) + if keyGen != nil { + return signer.NewServerCertificate( + sets.New(hostnames...), keyGen, + crypto.WithLifetime(validity), + crypto.WithExtensions(r.CertificateExtensionFn...), + ) + } + return signer.MakeServerCertForDuration(sets.New(hostnames...), validity, r.CertificateExtensionFn...) } func (r *ServingRotation) RecheckChannel() <-chan struct{} { @@ -336,18 +380,25 @@ func (r *ServingRotation) NeedNewTargetCertKeyPair(currentCertSecret *corev1.Sec } func (r *ServingRotation) missingHostnames(annotations map[string]string) string { + return missingHostnames(annotations, r.Hostnames()) +} + +func (r *ServingRotation) SetAnnotations(cert *crypto.TLSCertificateConfig, annotations map[string]string) map[string]string { + return setHostnameAnnotations(cert, annotations) +} + +func missingHostnames(annotations map[string]string, hostnames []string) string { existingHostnames := sets.New(strings.Split(annotations[CertificateHostnames], ",")...) - requiredHostnames := sets.New(r.Hostnames()...) + requiredHostnames := sets.New(hostnames...) if !existingHostnames.Equal(requiredHostnames) { existingNotRequired := existingHostnames.Difference(requiredHostnames) requiredNotExisting := requiredHostnames.Difference(existingHostnames) return fmt.Sprintf("%q are existing and not required, %q are required and not existing", strings.Join(sets.List(existingNotRequired), ","), strings.Join(sets.List(requiredNotExisting), ",")) } - return "" } -func (r *ServingRotation) SetAnnotations(cert *crypto.TLSCertificateConfig, annotations map[string]string) map[string]string { +func setHostnameAnnotations(cert *crypto.TLSCertificateConfig, annotations map[string]string) map[string]string { hostnames := sets.Set[string]{} for _, ip := range cert.Certs[0].IPAddresses { hostnames.Insert(ip.String()) @@ -355,7 +406,6 @@ func (r *ServingRotation) SetAnnotations(cert *crypto.TLSCertificateConfig, anno for _, dnsName := range cert.Certs[0].DNSNames { hostnames.Insert(dnsName) } - // List does a sort so that we have a consistent representation annotations[CertificateHostnames] = strings.Join(sets.List(hostnames), ",") return annotations @@ -367,11 +417,81 @@ type SignerRotation struct { SignerName string } -func (r *SignerRotation) NewCertificate(signer *crypto.CA, validity time.Duration) (*crypto.TLSCertificateConfig, error) { +func (r *SignerRotation) CertificateType() pki.CertificateType { + return pki.CertificateTypeSigner +} + +func (r *SignerRotation) NewCertificate(signer *crypto.CA, validity time.Duration, keyGen crypto.KeyPairGenerator) (*crypto.TLSCertificateConfig, error) { signerName := fmt.Sprintf("%s_@%d", r.SignerName, time.Now().Unix()) + if keyGen != nil { + return crypto.NewSigningCertificate(signerName, keyGen, + crypto.WithSigner(signer), + crypto.WithLifetime(validity), + ) + } return crypto.MakeCAConfigForDuration(signerName, validity, signer) } +// PeerRotation creates certificates used for both server and client authentication +// (e.g., etcd peer certificates). It uses CertificateTypePeer for PKI profile +// resolution, which selects the stronger of the serving and client key configurations. +// +// When keyGen is non-nil (ConfigurablePKI enabled), it calls NewPeerCertificate +// which requires UserInfo for the client identity. When keyGen is nil (legacy), +// it falls back to MakeServerCertForDuration with an extension function that +// sets both ClientAuth and ServerAuth ExtKeyUsages. +type PeerRotation struct { + Hostnames ServingHostnameFunc + UserInfo user.Info + CertificateExtensionFn []crypto.CertificateExtensionFunc + HostnamesChanged <-chan struct{} +} + +func (r *PeerRotation) CertificateType() pki.CertificateType { + return pki.CertificateTypePeer +} + +func (r *PeerRotation) NewCertificate(signer *crypto.CA, validity time.Duration, keyGen crypto.KeyPairGenerator) (*crypto.TLSCertificateConfig, error) { + hostnames := r.Hostnames() + if len(hostnames) == 0 { + return nil, fmt.Errorf("no hostnames set") + } + if keyGen != nil { + if r.UserInfo == nil { + return nil, fmt.Errorf("PeerRotation requires UserInfo for configurable PKI certificates") + } + return signer.NewPeerCertificate( + sets.New(hostnames...), r.UserInfo, keyGen, + crypto.WithLifetime(validity), + crypto.WithExtensions(r.CertificateExtensionFn...), + ) + } + // Legacy path: use server cert template with extension fn to add both ExtKeyUsages. + // The subject CN comes from the first hostname (preserves current behavior). + peerExtFn := func(cert *x509.Certificate) error { + cert.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth} + return nil + } + extensions := append(append([]crypto.CertificateExtensionFunc{}, r.CertificateExtensionFn...), peerExtFn) + return signer.MakeServerCertForDuration(sets.New(hostnames...), validity, extensions...) +} + +func (r *PeerRotation) RecheckChannel() <-chan struct{} { + return r.HostnamesChanged +} + +func (r *PeerRotation) NeedNewTargetCertKeyPair(currentCertSecret *corev1.Secret, signer *crypto.CA, caBundleCerts []*x509.Certificate, refresh time.Duration, refreshOnlyWhenExpired, creationRequired bool) string { + reason := needNewTargetCertKeyPair(currentCertSecret, signer, caBundleCerts, refresh, refreshOnlyWhenExpired, creationRequired) + if len(reason) > 0 { + return reason + } + return missingHostnames(currentCertSecret.Annotations, r.Hostnames()) +} + +func (r *PeerRotation) SetAnnotations(cert *crypto.TLSCertificateConfig, annotations map[string]string) map[string]string { + return setHostnameAnnotations(cert, annotations) +} + func (r *SignerRotation) NeedNewTargetCertKeyPair(currentCertSecret *corev1.Secret, signer *crypto.CA, caBundleCerts []*x509.Certificate, refresh time.Duration, refreshOnlyWhenExpired, exists bool) string { return needNewTargetCertKeyPair(currentCertSecret, signer, caBundleCerts, refresh, refreshOnlyWhenExpired, exists) } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/helpers.go b/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/helpers.go index fd34ec6201..f4a0943e51 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/helpers.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/helpers.go @@ -123,11 +123,22 @@ type UpdateOperatorSpecFunc func(spec *operatorv1.OperatorSpec) error func UpdateSpec(ctx context.Context, client OperatorClient, updateFuncs ...UpdateOperatorSpecFunc) (*operatorv1.OperatorSpec, bool, error) { updated := false var operatorSpec *operatorv1.OperatorSpec + previousResourceVersion := "" err := retry.RetryOnConflict(retry.DefaultBackoff, func() error { oldSpec, _, resourceVersion, err := client.GetOperatorState() if err != nil { return err } + if resourceVersion == previousResourceVersion { + // Lister is stale (e.g. after a conflict or restart); do a live GET to get the current resourceVersion. + listerResourceVersion := resourceVersion + oldSpec, _, resourceVersion, err = client.GetOperatorStateWithQuorum(ctx) + if err != nil { + return err + } + klog.V(2).Infof("lister was stale at resourceVersion=%v, live get showed resourceVersion=%v", listerResourceVersion, resourceVersion) + } + previousResourceVersion = resourceVersion newSpec := oldSpec.DeepCopy() for _, update := range updateFuncs { diff --git a/vendor/github.com/openshift/library-go/pkg/pki/profile.go b/vendor/github.com/openshift/library-go/pkg/pki/profile.go new file mode 100644 index 0000000000..6f534c94f0 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/pki/profile.go @@ -0,0 +1,114 @@ +package pki + +import ( + "fmt" + + configv1alpha1 "github.com/openshift/api/config/v1alpha1" + "github.com/openshift/library-go/pkg/crypto" +) + +// DefaultPKIProfile returns the default PKIProfile for OpenShift. +func DefaultPKIProfile() configv1alpha1.PKIProfile { + return configv1alpha1.PKIProfile{ + Defaults: configv1alpha1.DefaultCertificateConfig{ + Key: configv1alpha1.KeyConfig{ + Algorithm: configv1alpha1.KeyAlgorithmECDSA, + ECDSA: configv1alpha1.ECDSAKeyConfig{Curve: configv1alpha1.ECDSACurveP256}, + }, + }, + SignerCertificates: configv1alpha1.CertificateConfig{ + Key: configv1alpha1.KeyConfig{ + Algorithm: configv1alpha1.KeyAlgorithmECDSA, + ECDSA: configv1alpha1.ECDSAKeyConfig{Curve: configv1alpha1.ECDSACurveP384}, + }, + }, + } +} + +// KeyPairGeneratorFromAPI converts a configv1alpha1.KeyConfig to a +// crypto.KeyPairGenerator. +func KeyPairGeneratorFromAPI(apiKey configv1alpha1.KeyConfig) (crypto.KeyPairGenerator, error) { + switch apiKey.Algorithm { + case configv1alpha1.KeyAlgorithmRSA: + return crypto.RSAKeyPairGenerator{ + Bits: int(apiKey.RSA.KeySize), + }, nil + case configv1alpha1.KeyAlgorithmECDSA: + curve, err := ecdsaCurveFromAPI(apiKey.ECDSA.Curve) + if err != nil { + return nil, err + } + return crypto.ECDSAKeyPairGenerator{ + Curve: curve, + }, nil + default: + return nil, fmt.Errorf("unknown key algorithm: %q", apiKey.Algorithm) + } +} + +// ecdsaCurveFromAPI converts an API ECDSA curve name to the crypto package's ECDSACurve. +func ecdsaCurveFromAPI(c configv1alpha1.ECDSACurve) (crypto.ECDSACurve, error) { + switch c { + case configv1alpha1.ECDSACurveP256: + return crypto.P256, nil + case configv1alpha1.ECDSACurveP384: + return crypto.P384, nil + case configv1alpha1.ECDSACurveP521: + return crypto.P521, nil + default: + return "", fmt.Errorf("unknown ECDSA curve: %q", c) + } +} + +// securityBits returns the NIST security strength in bits for a given +// KeyPairGenerator. For RSA, values come from the rsaSecurityStrength table. +// For ECDSA, security strength is half the key size (fixed per curve). +func securityBits(g crypto.KeyPairGenerator) int { + switch g := g.(type) { + case crypto.RSAKeyPairGenerator: + return rsaSecurityStrength[g.Bits] + case crypto.ECDSAKeyPairGenerator: + switch g.Curve { + case crypto.P256: + return 128 + case crypto.P384: + return 192 + case crypto.P521: + return 256 + } + } + return 0 +} + +// rsaSecurityStrength maps RSA key sizes (2048-8192 in 1024-bit increments) +// to their security strengths from NIST SP 800-56B Rev 2 Table 2 or +// pre-calculated from the GNFS complexity estimate. +var rsaSecurityStrength = map[int]int{ + 2048: 112, + 3072: 128, + 4096: 152, + 5120: 168, + 6144: 176, + 7168: 192, + 8192: 200, +} + +// strongerKeyPairGenerator returns whichever of a or b provides higher NIST +// security strength. In case of a tie, ECDSA is preferred over RSA. +func strongerKeyPairGenerator(a, b crypto.KeyPairGenerator) crypto.KeyPairGenerator { + sa, sb := securityBits(a), securityBits(b) + if sb > sa { + return b + } + if sa > sb { + return a + } + // Equal strength: prefer ECDSA over RSA. + if _, ok := a.(crypto.ECDSAKeyPairGenerator); ok { + return a + } + if _, ok := b.(crypto.ECDSAKeyPairGenerator); ok { + return b + } + return a +} diff --git a/vendor/github.com/openshift/library-go/pkg/pki/provider.go b/vendor/github.com/openshift/library-go/pkg/pki/provider.go new file mode 100644 index 0000000000..2007aa890e --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/pki/provider.go @@ -0,0 +1,75 @@ +package pki + +import ( + "fmt" + + configv1alpha1 "github.com/openshift/api/config/v1alpha1" + configv1alpha1listers "github.com/openshift/client-go/config/listers/config/v1alpha1" +) + +// PKIProfileProvider provides the PKIProfile that determines certificate key +// configuration. A nil profile indicates Unmanaged mode where the caller +// should use its own defaults. +type PKIProfileProvider interface { + PKIProfile() (*configv1alpha1.PKIProfile, error) +} + +// StaticPKIProfileProvider is a PKIProfileProvider backed by a fixed PKIProfile. +type StaticPKIProfileProvider struct { + profile *configv1alpha1.PKIProfile +} + +// NewStaticPKIProfileProvider returns a PKIProfileProvider backed by the given +// profile. A nil profile signals Unmanaged mode. +func NewStaticPKIProfileProvider(profile *configv1alpha1.PKIProfile) *StaticPKIProfileProvider { + return &StaticPKIProfileProvider{profile: profile} +} + +// PKIProfile returns the static PKIProfile. +func (s *StaticPKIProfileProvider) PKIProfile() (*configv1alpha1.PKIProfile, error) { + return s.profile, nil +} + +// ListerPKIProfileProvider is a PKIProfileProvider that reads a named +// cluster-scoped PKI resource via a lister. +type ListerPKIProfileProvider struct { + lister configv1alpha1listers.PKILister + resourceName string +} + +// NewClusterPKIProfileProvider creates a PKIProfileProvider that resolves the +// PKIProfile from the OpenShift cluster configuration PKI resource. +func NewClusterPKIProfileProvider(lister configv1alpha1listers.PKILister) *ListerPKIProfileProvider { + return NewListerPKIProfileProvider(lister, "cluster") +} + +// NewListerPKIProfileProvider returns a PKIProfileProvider that reads the +// named cluster-scoped PKI resource via a lister. +func NewListerPKIProfileProvider(lister configv1alpha1listers.PKILister, resourceName string) *ListerPKIProfileProvider { + return &ListerPKIProfileProvider{ + lister: lister, + resourceName: resourceName, + } +} + +// PKIProfile reads the PKI resource and returns the profile based on its +// certificate management mode. Returns nil for Unmanaged mode. +func (l *ListerPKIProfileProvider) PKIProfile() (*configv1alpha1.PKIProfile, error) { + pki, err := l.lister.Get(l.resourceName) + if err != nil { + return nil, fmt.Errorf("failed to get PKI resource %q: %w", l.resourceName, err) + } + + switch pki.Spec.CertificateManagement.Mode { + case configv1alpha1.PKICertificateManagementModeUnmanaged: + return nil, nil + case configv1alpha1.PKICertificateManagementModeDefault: + profile := DefaultPKIProfile() + return &profile, nil + case configv1alpha1.PKICertificateManagementModeCustom: + profile := pki.Spec.CertificateManagement.Custom.PKIProfile + return &profile, nil + default: + return nil, fmt.Errorf("unknown PKI certificate management mode: %q", pki.Spec.CertificateManagement.Mode) + } +} diff --git a/vendor/github.com/openshift/library-go/pkg/pki/resolve.go b/vendor/github.com/openshift/library-go/pkg/pki/resolve.go new file mode 100644 index 0000000000..1154fd48ea --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/pki/resolve.go @@ -0,0 +1,77 @@ +package pki + +import ( + "fmt" + + configv1alpha1 "github.com/openshift/api/config/v1alpha1" + "github.com/openshift/library-go/pkg/crypto" +) + +// CertificateConfig holds the resolved configuration for a specific certificate. +// Currently contains key configuration; will grow as the PKI API expands to +// include additional certificate properties. +type CertificateConfig struct { + // Key is the resolved key pair generator. + Key crypto.KeyPairGenerator +} + +// ResolveCertificateConfig resolves the effective certificate configuration +// for a given certificate type and name from the PKI profile. +// +// Returns nil if the provider returns a nil profile (Unmanaged mode), +// indicating that the caller should use its own default behavior. +// +// The name parameter is reserved for future per-certificate overrides and +// can be used for metrics and logging. +func ResolveCertificateConfig(provider PKIProfileProvider, certType CertificateType, name string) (*CertificateConfig, error) { + profile, err := provider.PKIProfile() + if err != nil { + return nil, fmt.Errorf("resolving PKI profile for %s certificate %q: %w", certType, name, err) + } + if profile == nil { + return nil, nil + } + + switch certType { + case CertificateTypeSigner: + return resolveKeyConfig(profile.Defaults, profile.SignerCertificates) + case CertificateTypeServing: + return resolveKeyConfig(profile.Defaults, profile.ServingCertificates) + case CertificateTypeClient: + return resolveKeyConfig(profile.Defaults, profile.ClientCertificates) + case CertificateTypePeer: + return resolvePeerKeyConfig(profile) + default: + return nil, fmt.Errorf("unknown certificate type: %q", certType) + } +} + +// resolveKeyConfig returns the override KeyConfig if its Algorithm is set, +// otherwise falls back to the default. +func resolveKeyConfig(defaults configv1alpha1.DefaultCertificateConfig, override configv1alpha1.CertificateConfig) (*CertificateConfig, error) { + apiKey := defaults.Key + if override.Key.Algorithm != "" { + apiKey = override.Key + } + g, err := KeyPairGeneratorFromAPI(apiKey) + if err != nil { + return nil, err + } + return &CertificateConfig{Key: g}, nil +} + +// resolvePeerKeyConfig resolves both the serving and client configs and +// returns whichever has higher NIST security strength. +func resolvePeerKeyConfig(profile *configv1alpha1.PKIProfile) (*CertificateConfig, error) { + servingCfg, err := resolveKeyConfig(profile.Defaults, profile.ServingCertificates) + if err != nil { + return nil, fmt.Errorf("resolving serving config for peer: %w", err) + } + clientCfg, err := resolveKeyConfig(profile.Defaults, profile.ClientCertificates) + if err != nil { + return nil, fmt.Errorf("resolving client config for peer: %w", err) + } + return &CertificateConfig{ + Key: strongerKeyPairGenerator(servingCfg.Key, clientCfg.Key), + }, nil +} diff --git a/vendor/github.com/openshift/library-go/pkg/pki/types.go b/vendor/github.com/openshift/library-go/pkg/pki/types.go new file mode 100644 index 0000000000..2cf8282255 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/pki/types.go @@ -0,0 +1,23 @@ +package pki + +// CertificateType identifies the category of a certificate for profile resolution. +type CertificateType string + +const ( + // CertificateTypeSigner identifies certificate authority (CA) certificates + // that sign other certificates. + CertificateTypeSigner CertificateType = "signer" + + // CertificateTypeServing identifies TLS server certificates used to serve + // HTTPS endpoints. + CertificateTypeServing CertificateType = "serving" + + // CertificateTypeClient identifies client authentication certificates used + // to authenticate to servers. + CertificateTypeClient CertificateType = "client" + + // CertificateTypePeer identifies certificates used for both server and client + // authentication. The resolved key configuration is the stronger of the + // serving and client configurations. + CertificateTypePeer CertificateType = "peer" +) diff --git a/vendor/modules.txt b/vendor/modules.txt index 25f0e168ce..0244249aee 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -211,7 +211,7 @@ github.com/openshift-eng/openshift-tests-extension/pkg/flags github.com/openshift-eng/openshift-tests-extension/pkg/ginkgo github.com/openshift-eng/openshift-tests-extension/pkg/util/sets github.com/openshift-eng/openshift-tests-extension/pkg/version -# github.com/openshift/api v0.0.0-20260302174620-dcac36b908db +# github.com/openshift/api v0.0.0-20260416105050-3c6b218b8a80 ## explicit; go 1.25.0 github.com/openshift/api github.com/openshift/api/annotations @@ -235,6 +235,7 @@ github.com/openshift/api/config/v1alpha2 github.com/openshift/api/console github.com/openshift/api/console/v1 github.com/openshift/api/etcd +github.com/openshift/api/etcd/v1 github.com/openshift/api/etcd/v1alpha1 github.com/openshift/api/features github.com/openshift/api/helm @@ -290,7 +291,7 @@ github.com/openshift/api/template github.com/openshift/api/template/v1 github.com/openshift/api/user github.com/openshift/api/user/v1 -# github.com/openshift/client-go v0.0.0-20260302182750-20813ce71ca6 +# github.com/openshift/client-go v0.0.0-20260416131737-a19e91702ab5 ## explicit; go 1.25.0 github.com/openshift/client-go/config/applyconfigurations github.com/openshift/client-go/config/applyconfigurations/config/v1 @@ -345,7 +346,7 @@ github.com/openshift/client-go/security/clientset/versioned/fake github.com/openshift/client-go/security/clientset/versioned/scheme github.com/openshift/client-go/security/clientset/versioned/typed/security/v1 github.com/openshift/client-go/security/clientset/versioned/typed/security/v1/fake -# github.com/openshift/library-go v0.0.0-20260303171201-5d9eb6295ff6 +# github.com/openshift/library-go v0.0.0-20260413093329-d2db42c961e1 ## explicit; go 1.25.0 github.com/openshift/library-go/pkg/apiserver/jsonpatch github.com/openshift/library-go/pkg/certs @@ -367,6 +368,7 @@ github.com/openshift/library-go/pkg/operator/resource/resourcemerge github.com/openshift/library-go/pkg/operator/resource/resourceread github.com/openshift/library-go/pkg/operator/resourcesynccontroller github.com/openshift/library-go/pkg/operator/v1helpers +github.com/openshift/library-go/pkg/pki github.com/openshift/library-go/pkg/verify github.com/openshift/library-go/pkg/verify/store github.com/openshift/library-go/pkg/verify/store/configmap From 2ff8337ea1e901233037ae0f63f04b6f7ecfe9bb Mon Sep 17 00:00:00 2001 From: David Hurta Date: Thu, 23 Apr 2026 19:59:45 +0200 Subject: [PATCH 2/2] fix: Add polling for leader election event in TestIntegrationCVO_gracefulStepDown Fix race condition where the test immediately checked for leader election events without polling, causing intermittent failures when event propagation took longer than expected. The fix adds proper polling logic (wait.PollUntilContextTimeout) to wait up to 10 seconds for the leader election event to become visible via the Events API, matching the pattern already used for lock acquisition verification in the same test. This issue was exposed by a recent dependency bump which likely changed timing characteristics in the OpenShift libraries, making event propagation delays more visible. Co-authored-by: Claude Code --- pkg/start/start_integration_test.go | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/pkg/start/start_integration_test.go b/pkg/start/start_integration_test.go index 5a2a9a67c6..b7738afc4d 100644 --- a/pkg/start/start_integration_test.go +++ b/pkg/start/start_integration_test.go @@ -382,13 +382,19 @@ func TestIntegrationCVO_gracefulStepDown(t *testing.T) { } t.Logf("verify the controller writes a leadership change event") - events, err := kc.CoreV1().Events(ns).List(ctx, metav1.ListOptions{}) + err = wait.PollUntilContextTimeout(ctx, 200*time.Millisecond, 10*time.Second, true, func(localCtx context.Context) (bool, error) { + events, err := kc.CoreV1().Events(ns).List(localCtx, metav1.ListOptions{}) + if err != nil { + return false, err + } + if hasLeaderEvent(events.Items, ns) { + return true, nil + } + return false, nil + }) if err != nil { t.Fatal(err) } - if !hasLeaderEvent(events.Items, ns) { - t.Fatalf("no leader election events found in\n%#v", events.Items) - } t.Logf("after the context is closed, the lock should be released quickly") cancel()