diff --git a/config/applyconfigurations/config/v1/criocredentialproviderconfig.go b/config/applyconfigurations/config/v1/criocredentialproviderconfig.go new file mode 100644 index 0000000000..94be7a1cda --- /dev/null +++ b/config/applyconfigurations/config/v1/criocredentialproviderconfig.go @@ -0,0 +1,285 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + configv1 "github.com/openshift/api/config/v1" + internal "github.com/openshift/client-go/config/applyconfigurations/internal" + apismetav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + managedfields "k8s.io/apimachinery/pkg/util/managedfields" + metav1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// CRIOCredentialProviderConfigApplyConfiguration represents a declarative configuration of the CRIOCredentialProviderConfig type for use +// with apply. +// +// CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is "cluster". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. +// For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. +// CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. +// Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout. +// +// The resource is a singleton named "cluster". +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +type CRIOCredentialProviderConfigApplyConfiguration struct { + metav1.TypeMetaApplyConfiguration `json:",inline"` + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + *metav1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` + // spec defines the desired configuration of the CRI-O Credential Provider. + // This field is required and must be provided when creating the resource. + Spec *CRIOCredentialProviderConfigSpecApplyConfiguration `json:"spec,omitempty"` + // status represents the current state of the CRIOCredentialProviderConfig. + // When omitted or nil, it indicates that the status has not yet been set by the controller. + // The controller will populate this field with validation conditions and operational state. + Status *CRIOCredentialProviderConfigStatusApplyConfiguration `json:"status,omitempty"` +} + +// CRIOCredentialProviderConfig constructs a declarative configuration of the CRIOCredentialProviderConfig type for use with +// apply. +func CRIOCredentialProviderConfig(name string) *CRIOCredentialProviderConfigApplyConfiguration { + b := &CRIOCredentialProviderConfigApplyConfiguration{} + b.WithName(name) + b.WithKind("CRIOCredentialProviderConfig") + b.WithAPIVersion("config.openshift.io/v1") + return b +} + +// ExtractCRIOCredentialProviderConfigFrom extracts the applied configuration owned by fieldManager from +// cRIOCredentialProviderConfig for the specified subresource. Pass an empty string for subresource to extract +// the main resource. Common subresources include "status", "scale", etc. +// cRIOCredentialProviderConfig must be a unmodified CRIOCredentialProviderConfig API object that was retrieved from the Kubernetes API. +// ExtractCRIOCredentialProviderConfigFrom provides a way to perform a extract/modify-in-place/apply workflow. +// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously +// applied if another fieldManager has updated or force applied any of the previously applied fields. +func ExtractCRIOCredentialProviderConfigFrom(cRIOCredentialProviderConfig *configv1.CRIOCredentialProviderConfig, fieldManager string, subresource string) (*CRIOCredentialProviderConfigApplyConfiguration, error) { + b := &CRIOCredentialProviderConfigApplyConfiguration{} + err := managedfields.ExtractInto(cRIOCredentialProviderConfig, internal.Parser().Type("com.github.openshift.api.config.v1.CRIOCredentialProviderConfig"), fieldManager, b, subresource) + if err != nil { + return nil, err + } + b.WithName(cRIOCredentialProviderConfig.Name) + + b.WithKind("CRIOCredentialProviderConfig") + b.WithAPIVersion("config.openshift.io/v1") + return b, nil +} + +// ExtractCRIOCredentialProviderConfig extracts the applied configuration owned by fieldManager from +// cRIOCredentialProviderConfig. If no managedFields are found in cRIOCredentialProviderConfig for fieldManager, a +// CRIOCredentialProviderConfigApplyConfiguration is returned with only the Name, Namespace (if applicable), +// APIVersion and Kind populated. It is possible that no managed fields were found for because other +// field managers have taken ownership of all the fields previously owned by fieldManager, or because +// the fieldManager never owned fields any fields. +// cRIOCredentialProviderConfig must be a unmodified CRIOCredentialProviderConfig API object that was retrieved from the Kubernetes API. +// ExtractCRIOCredentialProviderConfig provides a way to perform a extract/modify-in-place/apply workflow. +// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously +// applied if another fieldManager has updated or force applied any of the previously applied fields. +func ExtractCRIOCredentialProviderConfig(cRIOCredentialProviderConfig *configv1.CRIOCredentialProviderConfig, fieldManager string) (*CRIOCredentialProviderConfigApplyConfiguration, error) { + return ExtractCRIOCredentialProviderConfigFrom(cRIOCredentialProviderConfig, fieldManager, "") +} + +// ExtractCRIOCredentialProviderConfigStatus extracts the applied configuration owned by fieldManager from +// cRIOCredentialProviderConfig for the status subresource. +func ExtractCRIOCredentialProviderConfigStatus(cRIOCredentialProviderConfig *configv1.CRIOCredentialProviderConfig, fieldManager string) (*CRIOCredentialProviderConfigApplyConfiguration, error) { + return ExtractCRIOCredentialProviderConfigFrom(cRIOCredentialProviderConfig, fieldManager, "status") +} + +func (b CRIOCredentialProviderConfigApplyConfiguration) IsApplyConfiguration() {} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithKind(value string) *CRIOCredentialProviderConfigApplyConfiguration { + b.TypeMetaApplyConfiguration.Kind = &value + return b +} + +// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APIVersion field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithAPIVersion(value string) *CRIOCredentialProviderConfigApplyConfiguration { + b.TypeMetaApplyConfiguration.APIVersion = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithName(value string) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Name = &value + return b +} + +// WithGenerateName sets the GenerateName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GenerateName field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithGenerateName(value string) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.GenerateName = &value + return b +} + +// WithNamespace sets the Namespace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Namespace field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithNamespace(value string) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Namespace = &value + return b +} + +// WithUID sets the UID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UID field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithUID(value types.UID) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.UID = &value + return b +} + +// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ResourceVersion field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithResourceVersion(value string) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.ResourceVersion = &value + return b +} + +// WithGeneration sets the Generation field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Generation field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithGeneration(value int64) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Generation = &value + return b +} + +// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CreationTimestamp field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithCreationTimestamp(value apismetav1.Time) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.CreationTimestamp = &value + return b +} + +// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionTimestamp field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithDeletionTimestamp(value apismetav1.Time) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.DeletionTimestamp = &value + return b +} + +// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.DeletionGracePeriodSeconds = &value + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithLabels(entries map[string]string) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.ObjectMetaApplyConfiguration.Labels == nil && len(entries) > 0 { + b.ObjectMetaApplyConfiguration.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ObjectMetaApplyConfiguration.Labels[k] = v + } + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithAnnotations(entries map[string]string) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.ObjectMetaApplyConfiguration.Annotations == nil && len(entries) > 0 { + b.ObjectMetaApplyConfiguration.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ObjectMetaApplyConfiguration.Annotations[k] = v + } + return b +} + +// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OwnerReferences field. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithOwnerReferences(values ...*metav1.OwnerReferenceApplyConfiguration) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + if values[i] == nil { + panic("nil value passed to WithOwnerReferences") + } + b.ObjectMetaApplyConfiguration.OwnerReferences = append(b.ObjectMetaApplyConfiguration.OwnerReferences, *values[i]) + } + return b +} + +// WithFinalizers adds the given value to the Finalizers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Finalizers field. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithFinalizers(values ...string) *CRIOCredentialProviderConfigApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + b.ObjectMetaApplyConfiguration.Finalizers = append(b.ObjectMetaApplyConfiguration.Finalizers, values[i]) + } + return b +} + +func (b *CRIOCredentialProviderConfigApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { + if b.ObjectMetaApplyConfiguration == nil { + b.ObjectMetaApplyConfiguration = &metav1.ObjectMetaApplyConfiguration{} + } +} + +// WithSpec sets the Spec field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Spec field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithSpec(value *CRIOCredentialProviderConfigSpecApplyConfiguration) *CRIOCredentialProviderConfigApplyConfiguration { + b.Spec = value + return b +} + +// WithStatus sets the Status field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Status field is set to the value of the last call. +func (b *CRIOCredentialProviderConfigApplyConfiguration) WithStatus(value *CRIOCredentialProviderConfigStatusApplyConfiguration) *CRIOCredentialProviderConfigApplyConfiguration { + b.Status = value + return b +} + +// GetKind retrieves the value of the Kind field in the declarative configuration. +func (b *CRIOCredentialProviderConfigApplyConfiguration) GetKind() *string { + return b.TypeMetaApplyConfiguration.Kind +} + +// GetAPIVersion retrieves the value of the APIVersion field in the declarative configuration. +func (b *CRIOCredentialProviderConfigApplyConfiguration) GetAPIVersion() *string { + return b.TypeMetaApplyConfiguration.APIVersion +} + +// GetName retrieves the value of the Name field in the declarative configuration. +func (b *CRIOCredentialProviderConfigApplyConfiguration) GetName() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.ObjectMetaApplyConfiguration.Name +} + +// GetNamespace retrieves the value of the Namespace field in the declarative configuration. +func (b *CRIOCredentialProviderConfigApplyConfiguration) GetNamespace() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.ObjectMetaApplyConfiguration.Namespace +} diff --git a/config/applyconfigurations/config/v1/criocredentialproviderconfigspec.go b/config/applyconfigurations/config/v1/criocredentialproviderconfigspec.go new file mode 100644 index 0000000000..4820041d74 --- /dev/null +++ b/config/applyconfigurations/config/v1/criocredentialproviderconfigspec.go @@ -0,0 +1,72 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + configv1 "github.com/openshift/api/config/v1" +) + +// CRIOCredentialProviderConfigSpecApplyConfiguration represents a declarative configuration of the CRIOCredentialProviderConfigSpec type for use +// with apply. +// +// CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider. +type CRIOCredentialProviderConfigSpecApplyConfiguration struct { + // matchImages is a list of string patterns used to determine whether + // the CRI-O credential provider should be invoked for a given image. This list is + // passed to the kubelet CredentialProviderConfig, and if any pattern matches + // the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling + // that image or its mirrors. + // Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider. + // Conflicts between the existing platform specific provider image match configuration and this list will be handled by + // the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those + // from the CRIOCredentialProviderConfig when both match the same image. + // To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with + // existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml). + // You can check the resource's Status conditions + // to see if any entries were ignored due to exact matches with known built-in provider patterns. + // + // This field is optional, the items of the list must contain between 1 and 50 entries. + // The list is treated as a set, so duplicate entries are not allowed. + // + // For more details, see: + // https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/ + // https://github.com/cri-o/crio-credential-provider#architecture + // + // Each entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters. + // Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io', + // and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net'). + // A global wildcard '*' (matching any domain) is not allowed. + // Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path. + // For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not. + // Each wildcard matches only a single domain label, + // so '*.io' does **not** match '*.k8s.io'. + // + // A match exists between an image and a matchImage when all of the below are true: + // Both contain the same number of domain parts and each part matches. + // The URL path of an matchImages must be a prefix of the target image URL path. + // If the matchImages contains a port, then the port must match in the image as well. + // + // Example values of matchImages: + // - 123456789.dkr.ecr.us-east-1.amazonaws.com + // - *.azurecr.io + // - gcr.io + // - *.*.registry.io + // - registry.io:8080/path + MatchImages []configv1.MatchImage `json:"matchImages,omitempty"` +} + +// CRIOCredentialProviderConfigSpecApplyConfiguration constructs a declarative configuration of the CRIOCredentialProviderConfigSpec type for use with +// apply. +func CRIOCredentialProviderConfigSpec() *CRIOCredentialProviderConfigSpecApplyConfiguration { + return &CRIOCredentialProviderConfigSpecApplyConfiguration{} +} + +// WithMatchImages adds the given value to the MatchImages field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the MatchImages field. +func (b *CRIOCredentialProviderConfigSpecApplyConfiguration) WithMatchImages(values ...configv1.MatchImage) *CRIOCredentialProviderConfigSpecApplyConfiguration { + for i := range values { + b.MatchImages = append(b.MatchImages, values[i]) + } + return b +} diff --git a/config/applyconfigurations/config/v1/criocredentialproviderconfigstatus.go b/config/applyconfigurations/config/v1/criocredentialproviderconfigstatus.go new file mode 100644 index 0000000000..903292fe8d --- /dev/null +++ b/config/applyconfigurations/config/v1/criocredentialproviderconfigstatus.go @@ -0,0 +1,41 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// CRIOCredentialProviderConfigStatusApplyConfiguration represents a declarative configuration of the CRIOCredentialProviderConfigStatus type for use +// with apply. +// +// CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig +type CRIOCredentialProviderConfigStatusApplyConfiguration struct { + // conditions represent the latest available observations of the configuration state. + // When omitted, it indicates that no conditions have been reported yet. + // The maximum number of conditions is 16. + // Conditions are stored as a map keyed by condition type, ensuring uniqueness. + // + // Expected condition types include: + // "Validated": indicates whether the matchImages configuration is valid + Conditions []metav1.ConditionApplyConfiguration `json:"conditions,omitempty"` +} + +// CRIOCredentialProviderConfigStatusApplyConfiguration constructs a declarative configuration of the CRIOCredentialProviderConfigStatus type for use with +// apply. +func CRIOCredentialProviderConfigStatus() *CRIOCredentialProviderConfigStatusApplyConfiguration { + return &CRIOCredentialProviderConfigStatusApplyConfiguration{} +} + +// WithConditions adds the given value to the Conditions field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Conditions field. +func (b *CRIOCredentialProviderConfigStatusApplyConfiguration) WithConditions(values ...*metav1.ConditionApplyConfiguration) *CRIOCredentialProviderConfigStatusApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithConditions") + } + b.Conditions = append(b.Conditions, *values[i]) + } + return b +} diff --git a/config/applyconfigurations/config/v1/infrastructurespec.go b/config/applyconfigurations/config/v1/infrastructurespec.go index e48e1368b3..135e8568dd 100644 --- a/config/applyconfigurations/config/v1/infrastructurespec.go +++ b/config/applyconfigurations/config/v1/infrastructurespec.go @@ -2,6 +2,10 @@ package v1 +import ( + configv1 "github.com/openshift/api/config/v1" +) + // InfrastructureSpecApplyConfiguration represents a declarative configuration of the InfrastructureSpec type for use // with apply. // @@ -23,6 +27,16 @@ type InfrastructureSpecApplyConfiguration struct { // platformSpec holds desired information specific to the underlying // infrastructure provider. PlatformSpec *PlatformSpecApplyConfiguration `json:"platformSpec,omitempty"` + // controlPlaneTopology expresses the desired topology configuration for control nodes. + // + // When status.controlPlaneTopology is 'SingleReplica' and spec.controlPlaneTopology is set to 'HighlyAvailable', + // a transition will be triggered to reconfigure the cluster from SingleReplica to HighlyAvailable. + // + // When left blank or status.controlPlaneTopology and spec.controlPlaneTopology are the same value, + // no changes are required and no transitions will be triggered. + // + // This value may be set to match status.controlPlaneTopology regardless of the current value. + ControlPlaneTopology *configv1.TopologyMode `json:"controlPlaneTopology,omitempty"` } // InfrastructureSpecApplyConfiguration constructs a declarative configuration of the InfrastructureSpec type for use with @@ -46,3 +60,11 @@ func (b *InfrastructureSpecApplyConfiguration) WithPlatformSpec(value *PlatformS b.PlatformSpec = value return b } + +// WithControlPlaneTopology sets the ControlPlaneTopology field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ControlPlaneTopology field is set to the value of the last call. +func (b *InfrastructureSpecApplyConfiguration) WithControlPlaneTopology(value configv1.TopologyMode) *InfrastructureSpecApplyConfiguration { + b.ControlPlaneTopology = &value + return b +} diff --git a/config/applyconfigurations/internal/internal.go b/config/applyconfigurations/internal/internal.go index 54d664c97f..2251f8427e 100644 --- a/config/applyconfigurations/internal/internal.go +++ b/config/applyconfigurations/internal/internal.go @@ -561,6 +561,16 @@ var schemaYAML = typed.YAMLObject(`types: type: namedType: com.github.openshift.api.config.v1.BuildOverrides default: {} +- name: com.github.openshift.api.config.v1.CRIOCredentialProviderConfig + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable - name: com.github.openshift.api.config.v1.ClientCredentialConfig map: fields: @@ -2083,6 +2093,9 @@ var schemaYAML = typed.YAMLObject(`types: type: namedType: com.github.openshift.api.config.v1.ConfigMapFileReference default: {} + - name: controlPlaneTopology + type: + scalar: string - name: platformSpec type: namedType: com.github.openshift.api.config.v1.PlatformSpec diff --git a/config/applyconfigurations/utils.go b/config/applyconfigurations/utils.go index b5690c4d81..e849c0e45c 100644 --- a/config/applyconfigurations/utils.go +++ b/config/applyconfigurations/utils.go @@ -136,6 +136,12 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &configv1.ConsoleSpecApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("ConsoleStatus"): return &configv1.ConsoleStatusApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("CRIOCredentialProviderConfig"): + return &configv1.CRIOCredentialProviderConfigApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("CRIOCredentialProviderConfigSpec"): + return &configv1.CRIOCredentialProviderConfigSpecApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("CRIOCredentialProviderConfigStatus"): + return &configv1.CRIOCredentialProviderConfigStatusApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("Custom"): return &configv1.CustomApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("CustomFeatureGates"): diff --git a/config/clientset/versioned/typed/config/v1/config_client.go b/config/clientset/versioned/typed/config/v1/config_client.go index afce6aef52..6235cd977b 100644 --- a/config/clientset/versioned/typed/config/v1/config_client.go +++ b/config/clientset/versioned/typed/config/v1/config_client.go @@ -15,6 +15,7 @@ type ConfigV1Interface interface { APIServersGetter AuthenticationsGetter BuildsGetter + CRIOCredentialProviderConfigsGetter ClusterImagePoliciesGetter ClusterOperatorsGetter ClusterVersionsGetter @@ -55,6 +56,10 @@ func (c *ConfigV1Client) Builds() BuildInterface { return newBuilds(c) } +func (c *ConfigV1Client) CRIOCredentialProviderConfigs() CRIOCredentialProviderConfigInterface { + return newCRIOCredentialProviderConfigs(c) +} + func (c *ConfigV1Client) ClusterImagePolicies() ClusterImagePolicyInterface { return newClusterImagePolicies(c) } diff --git a/config/clientset/versioned/typed/config/v1/criocredentialproviderconfig.go b/config/clientset/versioned/typed/config/v1/criocredentialproviderconfig.go new file mode 100644 index 0000000000..69272fac40 --- /dev/null +++ b/config/clientset/versioned/typed/config/v1/criocredentialproviderconfig.go @@ -0,0 +1,58 @@ +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + context "context" + + configv1 "github.com/openshift/api/config/v1" + applyconfigurationsconfigv1 "github.com/openshift/client-go/config/applyconfigurations/config/v1" + scheme "github.com/openshift/client-go/config/clientset/versioned/scheme" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + gentype "k8s.io/client-go/gentype" +) + +// CRIOCredentialProviderConfigsGetter has a method to return a CRIOCredentialProviderConfigInterface. +// A group's client should implement this interface. +type CRIOCredentialProviderConfigsGetter interface { + CRIOCredentialProviderConfigs() CRIOCredentialProviderConfigInterface +} + +// CRIOCredentialProviderConfigInterface has methods to work with CRIOCredentialProviderConfig resources. +type CRIOCredentialProviderConfigInterface interface { + Create(ctx context.Context, cRIOCredentialProviderConfig *configv1.CRIOCredentialProviderConfig, opts metav1.CreateOptions) (*configv1.CRIOCredentialProviderConfig, error) + Update(ctx context.Context, cRIOCredentialProviderConfig *configv1.CRIOCredentialProviderConfig, opts metav1.UpdateOptions) (*configv1.CRIOCredentialProviderConfig, error) + // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). + UpdateStatus(ctx context.Context, cRIOCredentialProviderConfig *configv1.CRIOCredentialProviderConfig, opts metav1.UpdateOptions) (*configv1.CRIOCredentialProviderConfig, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*configv1.CRIOCredentialProviderConfig, error) + List(ctx context.Context, opts metav1.ListOptions) (*configv1.CRIOCredentialProviderConfigList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *configv1.CRIOCredentialProviderConfig, err error) + Apply(ctx context.Context, cRIOCredentialProviderConfig *applyconfigurationsconfigv1.CRIOCredentialProviderConfigApplyConfiguration, opts metav1.ApplyOptions) (result *configv1.CRIOCredentialProviderConfig, err error) + // Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). + ApplyStatus(ctx context.Context, cRIOCredentialProviderConfig *applyconfigurationsconfigv1.CRIOCredentialProviderConfigApplyConfiguration, opts metav1.ApplyOptions) (result *configv1.CRIOCredentialProviderConfig, err error) + CRIOCredentialProviderConfigExpansion +} + +// cRIOCredentialProviderConfigs implements CRIOCredentialProviderConfigInterface +type cRIOCredentialProviderConfigs struct { + *gentype.ClientWithListAndApply[*configv1.CRIOCredentialProviderConfig, *configv1.CRIOCredentialProviderConfigList, *applyconfigurationsconfigv1.CRIOCredentialProviderConfigApplyConfiguration] +} + +// newCRIOCredentialProviderConfigs returns a CRIOCredentialProviderConfigs +func newCRIOCredentialProviderConfigs(c *ConfigV1Client) *cRIOCredentialProviderConfigs { + return &cRIOCredentialProviderConfigs{ + gentype.NewClientWithListAndApply[*configv1.CRIOCredentialProviderConfig, *configv1.CRIOCredentialProviderConfigList, *applyconfigurationsconfigv1.CRIOCredentialProviderConfigApplyConfiguration]( + "criocredentialproviderconfigs", + c.RESTClient(), + scheme.ParameterCodec, + "", + func() *configv1.CRIOCredentialProviderConfig { return &configv1.CRIOCredentialProviderConfig{} }, + func() *configv1.CRIOCredentialProviderConfigList { return &configv1.CRIOCredentialProviderConfigList{} }, + ), + } +} diff --git a/config/clientset/versioned/typed/config/v1/fake/fake_config_client.go b/config/clientset/versioned/typed/config/v1/fake/fake_config_client.go index b5a1a52573..5fb7425da0 100644 --- a/config/clientset/versioned/typed/config/v1/fake/fake_config_client.go +++ b/config/clientset/versioned/typed/config/v1/fake/fake_config_client.go @@ -24,6 +24,10 @@ func (c *FakeConfigV1) Builds() v1.BuildInterface { return newFakeBuilds(c) } +func (c *FakeConfigV1) CRIOCredentialProviderConfigs() v1.CRIOCredentialProviderConfigInterface { + return newFakeCRIOCredentialProviderConfigs(c) +} + func (c *FakeConfigV1) ClusterImagePolicies() v1.ClusterImagePolicyInterface { return newFakeClusterImagePolicies(c) } diff --git a/config/clientset/versioned/typed/config/v1/fake/fake_criocredentialproviderconfig.go b/config/clientset/versioned/typed/config/v1/fake/fake_criocredentialproviderconfig.go new file mode 100644 index 0000000000..d4c3fd7f1c --- /dev/null +++ b/config/clientset/versioned/typed/config/v1/fake/fake_criocredentialproviderconfig.go @@ -0,0 +1,37 @@ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1 "github.com/openshift/api/config/v1" + configv1 "github.com/openshift/client-go/config/applyconfigurations/config/v1" + typedconfigv1 "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1" + gentype "k8s.io/client-go/gentype" +) + +// fakeCRIOCredentialProviderConfigs implements CRIOCredentialProviderConfigInterface +type fakeCRIOCredentialProviderConfigs struct { + *gentype.FakeClientWithListAndApply[*v1.CRIOCredentialProviderConfig, *v1.CRIOCredentialProviderConfigList, *configv1.CRIOCredentialProviderConfigApplyConfiguration] + Fake *FakeConfigV1 +} + +func newFakeCRIOCredentialProviderConfigs(fake *FakeConfigV1) typedconfigv1.CRIOCredentialProviderConfigInterface { + return &fakeCRIOCredentialProviderConfigs{ + gentype.NewFakeClientWithListAndApply[*v1.CRIOCredentialProviderConfig, *v1.CRIOCredentialProviderConfigList, *configv1.CRIOCredentialProviderConfigApplyConfiguration]( + fake.Fake, + "", + v1.SchemeGroupVersion.WithResource("criocredentialproviderconfigs"), + v1.SchemeGroupVersion.WithKind("CRIOCredentialProviderConfig"), + func() *v1.CRIOCredentialProviderConfig { return &v1.CRIOCredentialProviderConfig{} }, + func() *v1.CRIOCredentialProviderConfigList { return &v1.CRIOCredentialProviderConfigList{} }, + func(dst, src *v1.CRIOCredentialProviderConfigList) { dst.ListMeta = src.ListMeta }, + func(list *v1.CRIOCredentialProviderConfigList) []*v1.CRIOCredentialProviderConfig { + return gentype.ToPointerSlice(list.Items) + }, + func(list *v1.CRIOCredentialProviderConfigList, items []*v1.CRIOCredentialProviderConfig) { + list.Items = gentype.FromPointerSlice(items) + }, + ), + fake, + } +} diff --git a/config/clientset/versioned/typed/config/v1/generated_expansion.go b/config/clientset/versioned/typed/config/v1/generated_expansion.go index 27c5fd110b..0f3e44588f 100644 --- a/config/clientset/versioned/typed/config/v1/generated_expansion.go +++ b/config/clientset/versioned/typed/config/v1/generated_expansion.go @@ -8,6 +8,8 @@ type AuthenticationExpansion interface{} type BuildExpansion interface{} +type CRIOCredentialProviderConfigExpansion interface{} + type ClusterImagePolicyExpansion interface{} type ClusterOperatorExpansion interface{} diff --git a/config/informers/externalversions/config/v1/criocredentialproviderconfig.go b/config/informers/externalversions/config/v1/criocredentialproviderconfig.go new file mode 100644 index 0000000000..6f7db0c7bd --- /dev/null +++ b/config/informers/externalversions/config/v1/criocredentialproviderconfig.go @@ -0,0 +1,85 @@ +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + context "context" + time "time" + + apiconfigv1 "github.com/openshift/api/config/v1" + versioned "github.com/openshift/client-go/config/clientset/versioned" + internalinterfaces "github.com/openshift/client-go/config/informers/externalversions/internalinterfaces" + configv1 "github.com/openshift/client-go/config/listers/config/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// CRIOCredentialProviderConfigInformer provides access to a shared informer and lister for +// CRIOCredentialProviderConfigs. +type CRIOCredentialProviderConfigInformer interface { + Informer() cache.SharedIndexInformer + Lister() configv1.CRIOCredentialProviderConfigLister +} + +type cRIOCredentialProviderConfigInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewCRIOCredentialProviderConfigInformer constructs a new informer for CRIOCredentialProviderConfig type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewCRIOCredentialProviderConfigInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredCRIOCredentialProviderConfigInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredCRIOCredentialProviderConfigInformer constructs a new informer for CRIOCredentialProviderConfig type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredCRIOCredentialProviderConfigInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + cache.ToListWatcherWithWatchListSemantics(&cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1().CRIOCredentialProviderConfigs().List(context.Background(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1().CRIOCredentialProviderConfigs().Watch(context.Background(), options) + }, + ListWithContextFunc: func(ctx context.Context, options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1().CRIOCredentialProviderConfigs().List(ctx, options) + }, + WatchFuncWithContext: func(ctx context.Context, options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ConfigV1().CRIOCredentialProviderConfigs().Watch(ctx, options) + }, + }, client), + &apiconfigv1.CRIOCredentialProviderConfig{}, + resyncPeriod, + indexers, + ) +} + +func (f *cRIOCredentialProviderConfigInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredCRIOCredentialProviderConfigInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *cRIOCredentialProviderConfigInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&apiconfigv1.CRIOCredentialProviderConfig{}, f.defaultInformer) +} + +func (f *cRIOCredentialProviderConfigInformer) Lister() configv1.CRIOCredentialProviderConfigLister { + return configv1.NewCRIOCredentialProviderConfigLister(f.Informer().GetIndexer()) +} diff --git a/config/informers/externalversions/config/v1/interface.go b/config/informers/externalversions/config/v1/interface.go index 0ad1b98f37..2f762ff422 100644 --- a/config/informers/externalversions/config/v1/interface.go +++ b/config/informers/externalversions/config/v1/interface.go @@ -14,6 +14,8 @@ type Interface interface { Authentications() AuthenticationInformer // Builds returns a BuildInformer. Builds() BuildInformer + // CRIOCredentialProviderConfigs returns a CRIOCredentialProviderConfigInformer. + CRIOCredentialProviderConfigs() CRIOCredentialProviderConfigInformer // ClusterImagePolicies returns a ClusterImagePolicyInformer. ClusterImagePolicies() ClusterImagePolicyInformer // ClusterOperators returns a ClusterOperatorInformer. @@ -84,6 +86,11 @@ func (v *version) Builds() BuildInformer { return &buildInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} } +// CRIOCredentialProviderConfigs returns a CRIOCredentialProviderConfigInformer. +func (v *version) CRIOCredentialProviderConfigs() CRIOCredentialProviderConfigInformer { + return &cRIOCredentialProviderConfigInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} + // ClusterImagePolicies returns a ClusterImagePolicyInformer. func (v *version) ClusterImagePolicies() ClusterImagePolicyInformer { return &clusterImagePolicyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} diff --git a/config/informers/externalversions/generic.go b/config/informers/externalversions/generic.go index 4c00a13f17..fbc19aaefd 100644 --- a/config/informers/externalversions/generic.go +++ b/config/informers/externalversions/generic.go @@ -45,6 +45,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1().Authentications().Informer()}, nil case v1.SchemeGroupVersion.WithResource("builds"): return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1().Builds().Informer()}, nil + case v1.SchemeGroupVersion.WithResource("criocredentialproviderconfigs"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1().CRIOCredentialProviderConfigs().Informer()}, nil case v1.SchemeGroupVersion.WithResource("clusterimagepolicies"): return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1().ClusterImagePolicies().Informer()}, nil case v1.SchemeGroupVersion.WithResource("clusteroperators"): diff --git a/config/listers/config/v1/criocredentialproviderconfig.go b/config/listers/config/v1/criocredentialproviderconfig.go new file mode 100644 index 0000000000..7b4c42adeb --- /dev/null +++ b/config/listers/config/v1/criocredentialproviderconfig.go @@ -0,0 +1,32 @@ +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + configv1 "github.com/openshift/api/config/v1" + labels "k8s.io/apimachinery/pkg/labels" + listers "k8s.io/client-go/listers" + cache "k8s.io/client-go/tools/cache" +) + +// CRIOCredentialProviderConfigLister helps list CRIOCredentialProviderConfigs. +// All objects returned here must be treated as read-only. +type CRIOCredentialProviderConfigLister interface { + // List lists all CRIOCredentialProviderConfigs in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*configv1.CRIOCredentialProviderConfig, err error) + // Get retrieves the CRIOCredentialProviderConfig from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*configv1.CRIOCredentialProviderConfig, error) + CRIOCredentialProviderConfigListerExpansion +} + +// cRIOCredentialProviderConfigLister implements the CRIOCredentialProviderConfigLister interface. +type cRIOCredentialProviderConfigLister struct { + listers.ResourceIndexer[*configv1.CRIOCredentialProviderConfig] +} + +// NewCRIOCredentialProviderConfigLister returns a new CRIOCredentialProviderConfigLister. +func NewCRIOCredentialProviderConfigLister(indexer cache.Indexer) CRIOCredentialProviderConfigLister { + return &cRIOCredentialProviderConfigLister{listers.New[*configv1.CRIOCredentialProviderConfig](indexer, configv1.Resource("criocredentialproviderconfig"))} +} diff --git a/config/listers/config/v1/expansion_generated.go b/config/listers/config/v1/expansion_generated.go index ca93cb2838..f41c1f2fb4 100644 --- a/config/listers/config/v1/expansion_generated.go +++ b/config/listers/config/v1/expansion_generated.go @@ -14,6 +14,10 @@ type AuthenticationListerExpansion interface{} // BuildLister. type BuildListerExpansion interface{} +// CRIOCredentialProviderConfigListerExpansion allows custom methods to be added to +// CRIOCredentialProviderConfigLister. +type CRIOCredentialProviderConfigListerExpansion interface{} + // ClusterImagePolicyListerExpansion allows custom methods to be added to // ClusterImagePolicyLister. type ClusterImagePolicyListerExpansion interface{} diff --git a/go.mod b/go.mod index 0d8c7b743a..5ed453cec5 100644 --- a/go.mod +++ b/go.mod @@ -72,3 +72,5 @@ retract v3.9.0+incompatible // To make go aware of the retraction, we need to tag a new version that can be // retracted by itself. retract v0.0.1 + +replace github.com/openshift/api => github.com/pawanpinjarkar/api v0.0.0-20260626172148-831b00a7d164 diff --git a/go.sum b/go.sum index 8eea0db7f8..2a1c934b43 100644 --- a/go.sum +++ b/go.sum @@ -71,10 +71,10 @@ github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFd github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/openshift/api v0.0.0-20260619095050-5346161d1bf2 h1:oZkYkIvQHkQV8pN0oe8AfPfc7y9+svwmsQHwbOWyJBw= -github.com/openshift/api v0.0.0-20260619095050-5346161d1bf2/go.mod h1:Jm45pE7O6/G0tYYhiLzNyZykTjmf9BfhsKYuGfLLwTE= github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee h1:+Sp5GGnjHDhT/a/nQ1xdp43UscBMr7G5wxsYotyhzJ4= github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee/go.mod h1:8jcm8UPtg2mCAsxfqKil1xrmRMI3a+XU2TZ9fF8A7TE= +github.com/pawanpinjarkar/api v0.0.0-20260626172148-831b00a7d164 h1:a9sWdvVmSSXxevQX/KCEE7VnQlf/lTe80sXjHfIFjtg= +github.com/pawanpinjarkar/api v0.0.0-20260626172148-831b00a7d164/go.mod h1:Jm45pE7O6/G0tYYhiLzNyZykTjmf9BfhsKYuGfLLwTE= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= diff --git a/machineconfiguration/applyconfigurations/internal/internal.go b/machineconfiguration/applyconfigurations/internal/internal.go index d73a44a705..d75576e2b8 100644 --- a/machineconfiguration/applyconfigurations/internal/internal.go +++ b/machineconfiguration/applyconfigurations/internal/internal.go @@ -43,6 +43,16 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable +- name: com.github.openshift.api.machineconfiguration.v1.InternalReleaseImage + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable - name: com.github.openshift.api.machineconfiguration.v1.KubeletConfig scalar: untyped list: diff --git a/machineconfiguration/applyconfigurations/machineconfiguration/v1/internalreleaseimage.go b/machineconfiguration/applyconfigurations/machineconfiguration/v1/internalreleaseimage.go new file mode 100644 index 0000000000..a3bc9b1e88 --- /dev/null +++ b/machineconfiguration/applyconfigurations/machineconfiguration/v1/internalreleaseimage.go @@ -0,0 +1,280 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + machineconfigurationv1 "github.com/openshift/api/machineconfiguration/v1" + internal "github.com/openshift/client-go/machineconfiguration/applyconfigurations/internal" + apismetav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + managedfields "k8s.io/apimachinery/pkg/util/managedfields" + metav1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// InternalReleaseImageApplyConfiguration represents a declarative configuration of the InternalReleaseImage type for use +// with apply. +// +// InternalReleaseImage is used to keep track and manage a set +// of release bundles (OCP and OLM operators images) that are stored +// into the control planes nodes. +// This is a singleton resource with 'cluster' as the only valid name. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +type InternalReleaseImageApplyConfiguration struct { + metav1.TypeMetaApplyConfiguration `json:",inline"` + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + *metav1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` + // spec describes the configuration of this internal release image. + Spec *InternalReleaseImageSpecApplyConfiguration `json:"spec,omitempty"` + // status describes the last observed state of this internal release image. + Status *InternalReleaseImageStatusApplyConfiguration `json:"status,omitempty"` +} + +// InternalReleaseImage constructs a declarative configuration of the InternalReleaseImage type for use with +// apply. +func InternalReleaseImage(name string) *InternalReleaseImageApplyConfiguration { + b := &InternalReleaseImageApplyConfiguration{} + b.WithName(name) + b.WithKind("InternalReleaseImage") + b.WithAPIVersion("machineconfiguration.openshift.io/v1") + return b +} + +// ExtractInternalReleaseImageFrom extracts the applied configuration owned by fieldManager from +// internalReleaseImage for the specified subresource. Pass an empty string for subresource to extract +// the main resource. Common subresources include "status", "scale", etc. +// internalReleaseImage must be a unmodified InternalReleaseImage API object that was retrieved from the Kubernetes API. +// ExtractInternalReleaseImageFrom provides a way to perform a extract/modify-in-place/apply workflow. +// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously +// applied if another fieldManager has updated or force applied any of the previously applied fields. +func ExtractInternalReleaseImageFrom(internalReleaseImage *machineconfigurationv1.InternalReleaseImage, fieldManager string, subresource string) (*InternalReleaseImageApplyConfiguration, error) { + b := &InternalReleaseImageApplyConfiguration{} + err := managedfields.ExtractInto(internalReleaseImage, internal.Parser().Type("com.github.openshift.api.machineconfiguration.v1.InternalReleaseImage"), fieldManager, b, subresource) + if err != nil { + return nil, err + } + b.WithName(internalReleaseImage.Name) + + b.WithKind("InternalReleaseImage") + b.WithAPIVersion("machineconfiguration.openshift.io/v1") + return b, nil +} + +// ExtractInternalReleaseImage extracts the applied configuration owned by fieldManager from +// internalReleaseImage. If no managedFields are found in internalReleaseImage for fieldManager, a +// InternalReleaseImageApplyConfiguration is returned with only the Name, Namespace (if applicable), +// APIVersion and Kind populated. It is possible that no managed fields were found for because other +// field managers have taken ownership of all the fields previously owned by fieldManager, or because +// the fieldManager never owned fields any fields. +// internalReleaseImage must be a unmodified InternalReleaseImage API object that was retrieved from the Kubernetes API. +// ExtractInternalReleaseImage provides a way to perform a extract/modify-in-place/apply workflow. +// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously +// applied if another fieldManager has updated or force applied any of the previously applied fields. +func ExtractInternalReleaseImage(internalReleaseImage *machineconfigurationv1.InternalReleaseImage, fieldManager string) (*InternalReleaseImageApplyConfiguration, error) { + return ExtractInternalReleaseImageFrom(internalReleaseImage, fieldManager, "") +} + +// ExtractInternalReleaseImageStatus extracts the applied configuration owned by fieldManager from +// internalReleaseImage for the status subresource. +func ExtractInternalReleaseImageStatus(internalReleaseImage *machineconfigurationv1.InternalReleaseImage, fieldManager string) (*InternalReleaseImageApplyConfiguration, error) { + return ExtractInternalReleaseImageFrom(internalReleaseImage, fieldManager, "status") +} + +func (b InternalReleaseImageApplyConfiguration) IsApplyConfiguration() {} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithKind(value string) *InternalReleaseImageApplyConfiguration { + b.TypeMetaApplyConfiguration.Kind = &value + return b +} + +// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APIVersion field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithAPIVersion(value string) *InternalReleaseImageApplyConfiguration { + b.TypeMetaApplyConfiguration.APIVersion = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithName(value string) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Name = &value + return b +} + +// WithGenerateName sets the GenerateName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GenerateName field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithGenerateName(value string) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.GenerateName = &value + return b +} + +// WithNamespace sets the Namespace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Namespace field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithNamespace(value string) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Namespace = &value + return b +} + +// WithUID sets the UID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UID field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithUID(value types.UID) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.UID = &value + return b +} + +// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ResourceVersion field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithResourceVersion(value string) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.ResourceVersion = &value + return b +} + +// WithGeneration sets the Generation field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Generation field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithGeneration(value int64) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Generation = &value + return b +} + +// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CreationTimestamp field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithCreationTimestamp(value apismetav1.Time) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.CreationTimestamp = &value + return b +} + +// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionTimestamp field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithDeletionTimestamp(value apismetav1.Time) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.DeletionTimestamp = &value + return b +} + +// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.DeletionGracePeriodSeconds = &value + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *InternalReleaseImageApplyConfiguration) WithLabels(entries map[string]string) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.ObjectMetaApplyConfiguration.Labels == nil && len(entries) > 0 { + b.ObjectMetaApplyConfiguration.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ObjectMetaApplyConfiguration.Labels[k] = v + } + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *InternalReleaseImageApplyConfiguration) WithAnnotations(entries map[string]string) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.ObjectMetaApplyConfiguration.Annotations == nil && len(entries) > 0 { + b.ObjectMetaApplyConfiguration.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ObjectMetaApplyConfiguration.Annotations[k] = v + } + return b +} + +// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OwnerReferences field. +func (b *InternalReleaseImageApplyConfiguration) WithOwnerReferences(values ...*metav1.OwnerReferenceApplyConfiguration) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + if values[i] == nil { + panic("nil value passed to WithOwnerReferences") + } + b.ObjectMetaApplyConfiguration.OwnerReferences = append(b.ObjectMetaApplyConfiguration.OwnerReferences, *values[i]) + } + return b +} + +// WithFinalizers adds the given value to the Finalizers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Finalizers field. +func (b *InternalReleaseImageApplyConfiguration) WithFinalizers(values ...string) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + b.ObjectMetaApplyConfiguration.Finalizers = append(b.ObjectMetaApplyConfiguration.Finalizers, values[i]) + } + return b +} + +func (b *InternalReleaseImageApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { + if b.ObjectMetaApplyConfiguration == nil { + b.ObjectMetaApplyConfiguration = &metav1.ObjectMetaApplyConfiguration{} + } +} + +// WithSpec sets the Spec field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Spec field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithSpec(value *InternalReleaseImageSpecApplyConfiguration) *InternalReleaseImageApplyConfiguration { + b.Spec = value + return b +} + +// WithStatus sets the Status field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Status field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithStatus(value *InternalReleaseImageStatusApplyConfiguration) *InternalReleaseImageApplyConfiguration { + b.Status = value + return b +} + +// GetKind retrieves the value of the Kind field in the declarative configuration. +func (b *InternalReleaseImageApplyConfiguration) GetKind() *string { + return b.TypeMetaApplyConfiguration.Kind +} + +// GetAPIVersion retrieves the value of the APIVersion field in the declarative configuration. +func (b *InternalReleaseImageApplyConfiguration) GetAPIVersion() *string { + return b.TypeMetaApplyConfiguration.APIVersion +} + +// GetName retrieves the value of the Name field in the declarative configuration. +func (b *InternalReleaseImageApplyConfiguration) GetName() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.ObjectMetaApplyConfiguration.Name +} + +// GetNamespace retrieves the value of the Namespace field in the declarative configuration. +func (b *InternalReleaseImageApplyConfiguration) GetNamespace() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.ObjectMetaApplyConfiguration.Namespace +} diff --git a/machineconfiguration/applyconfigurations/machineconfiguration/v1/internalreleaseimagebundlestatus.go b/machineconfiguration/applyconfigurations/machineconfiguration/v1/internalreleaseimagebundlestatus.go new file mode 100644 index 0000000000..bb1fe357f9 --- /dev/null +++ b/machineconfiguration/applyconfigurations/machineconfiguration/v1/internalreleaseimagebundlestatus.go @@ -0,0 +1,71 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// InternalReleaseImageBundleStatusApplyConfiguration represents a declarative configuration of the InternalReleaseImageBundleStatus type for use +// with apply. +// +// InternalReleaseImageBundleStatus describes the observed state of a single release bundle managed by the cluster. +type InternalReleaseImageBundleStatusApplyConfiguration struct { + // conditions represent the observations of an internal release image current state. Valid types are: + // Mounted, Installing, Available, Removing and Degraded. + // + // If Mounted is true, that means that a valid ISO has been discovered and mounted on one of the cluster nodes. + // If Installing is true, that means that a new release bundle is currently being copied on one (or more) cluster nodes, and not yet completed. + // If Available is true, it means that the release has been previously installed on all the cluster nodes, and it can be used. + // If Removing is true, it means that a release deletion is in progress on one (or more) cluster nodes, and not yet completed. + // If Degraded is true, that means something has gone wrong (possibly on one or more cluster nodes). + // + // In general, after installing a new release bundle, it is required to wait for the Conditions "Available" to become "True" (and all + // the other conditions to be equal to "False") before being able to pull its content. + // When present, conditions must contain at least 1 entry and must not exceed 5 entries. + Conditions []metav1.ConditionApplyConfiguration `json:"conditions,omitempty"` + // name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. + // The expected name format is ocp-release-bundle--. + Name *string `json:"name,omitempty"` + // image is an OCP release image referenced by digest. + // The format of the image pull spec is: host[:port][/namespace]/name@sha256:, + // where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. + // The length of the whole spec must be between 1 to 447 characters. + // The field is optional, and it will be provided after a release has been successfully installed. + Image *string `json:"image,omitempty"` +} + +// InternalReleaseImageBundleStatusApplyConfiguration constructs a declarative configuration of the InternalReleaseImageBundleStatus type for use with +// apply. +func InternalReleaseImageBundleStatus() *InternalReleaseImageBundleStatusApplyConfiguration { + return &InternalReleaseImageBundleStatusApplyConfiguration{} +} + +// WithConditions adds the given value to the Conditions field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Conditions field. +func (b *InternalReleaseImageBundleStatusApplyConfiguration) WithConditions(values ...*metav1.ConditionApplyConfiguration) *InternalReleaseImageBundleStatusApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithConditions") + } + b.Conditions = append(b.Conditions, *values[i]) + } + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *InternalReleaseImageBundleStatusApplyConfiguration) WithName(value string) *InternalReleaseImageBundleStatusApplyConfiguration { + b.Name = &value + return b +} + +// WithImage sets the Image field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Image field is set to the value of the last call. +func (b *InternalReleaseImageBundleStatusApplyConfiguration) WithImage(value string) *InternalReleaseImageBundleStatusApplyConfiguration { + b.Image = &value + return b +} diff --git a/machineconfiguration/applyconfigurations/machineconfiguration/v1/internalreleaseimageref.go b/machineconfiguration/applyconfigurations/machineconfiguration/v1/internalreleaseimageref.go new file mode 100644 index 0000000000..2660edfe98 --- /dev/null +++ b/machineconfiguration/applyconfigurations/machineconfiguration/v1/internalreleaseimageref.go @@ -0,0 +1,28 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// InternalReleaseImageRefApplyConfiguration represents a declarative configuration of the InternalReleaseImageRef type for use +// with apply. +// +// InternalReleaseImageRef is used to provide a simple reference for a release +// bundle. Currently it contains only the name field. +type InternalReleaseImageRefApplyConfiguration struct { + // name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. + // The expected name format is ocp-release-bundle--. + Name *string `json:"name,omitempty"` +} + +// InternalReleaseImageRefApplyConfiguration constructs a declarative configuration of the InternalReleaseImageRef type for use with +// apply. +func InternalReleaseImageRef() *InternalReleaseImageRefApplyConfiguration { + return &InternalReleaseImageRefApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *InternalReleaseImageRefApplyConfiguration) WithName(value string) *InternalReleaseImageRefApplyConfiguration { + b.Name = &value + return b +} diff --git a/machineconfiguration/applyconfigurations/machineconfiguration/v1/internalreleaseimagespec.go b/machineconfiguration/applyconfigurations/machineconfiguration/v1/internalreleaseimagespec.go new file mode 100644 index 0000000000..69dddfcc55 --- /dev/null +++ b/machineconfiguration/applyconfigurations/machineconfiguration/v1/internalreleaseimagespec.go @@ -0,0 +1,34 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// InternalReleaseImageSpecApplyConfiguration represents a declarative configuration of the InternalReleaseImageSpec type for use +// with apply. +// +// InternalReleaseImageSpec defines the desired state of a InternalReleaseImage. +type InternalReleaseImageSpecApplyConfiguration struct { + // releases is a list of release bundle identifiers that the user wants to + // add/remove to/from the control plane nodes. + // Entries must be unique, keyed on the name field. + // releases must contain at least one entry and must not exceed 16 entries. + Releases []InternalReleaseImageRefApplyConfiguration `json:"releases,omitempty"` +} + +// InternalReleaseImageSpecApplyConfiguration constructs a declarative configuration of the InternalReleaseImageSpec type for use with +// apply. +func InternalReleaseImageSpec() *InternalReleaseImageSpecApplyConfiguration { + return &InternalReleaseImageSpecApplyConfiguration{} +} + +// WithReleases adds the given value to the Releases field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Releases field. +func (b *InternalReleaseImageSpecApplyConfiguration) WithReleases(values ...*InternalReleaseImageRefApplyConfiguration) *InternalReleaseImageSpecApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithReleases") + } + b.Releases = append(b.Releases, *values[i]) + } + return b +} diff --git a/machineconfiguration/applyconfigurations/machineconfiguration/v1/internalreleaseimagestatus.go b/machineconfiguration/applyconfigurations/machineconfiguration/v1/internalreleaseimagestatus.go new file mode 100644 index 0000000000..a2a36881e5 --- /dev/null +++ b/machineconfiguration/applyconfigurations/machineconfiguration/v1/internalreleaseimagestatus.go @@ -0,0 +1,58 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// InternalReleaseImageStatusApplyConfiguration represents a declarative configuration of the InternalReleaseImageStatus type for use +// with apply. +// +// InternalReleaseImageStatus describes the current state of a InternalReleaseImage. +type InternalReleaseImageStatusApplyConfiguration struct { + // conditions represent the observations of the InternalReleaseImage controller current state. + // Valid types are: Degraded. + // If Degraded is true, that means something has gone wrong in the controller. + // The conditions list must contain at most 5 entries. + Conditions []metav1.ConditionApplyConfiguration `json:"conditions,omitempty"` + // releases is a list of the release bundles currently owned and managed by the + // cluster. + // A release bundle content could be safely pulled only when its Conditions field + // contains at least an Available entry set to "True" and Degraded to "False". + // Entries must be unique, keyed on the name field. + // releases must contain at least one entry and must not exceed 32 entries. + Releases []InternalReleaseImageBundleStatusApplyConfiguration `json:"releases,omitempty"` +} + +// InternalReleaseImageStatusApplyConfiguration constructs a declarative configuration of the InternalReleaseImageStatus type for use with +// apply. +func InternalReleaseImageStatus() *InternalReleaseImageStatusApplyConfiguration { + return &InternalReleaseImageStatusApplyConfiguration{} +} + +// WithConditions adds the given value to the Conditions field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Conditions field. +func (b *InternalReleaseImageStatusApplyConfiguration) WithConditions(values ...*metav1.ConditionApplyConfiguration) *InternalReleaseImageStatusApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithConditions") + } + b.Conditions = append(b.Conditions, *values[i]) + } + return b +} + +// WithReleases adds the given value to the Releases field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Releases field. +func (b *InternalReleaseImageStatusApplyConfiguration) WithReleases(values ...*InternalReleaseImageBundleStatusApplyConfiguration) *InternalReleaseImageStatusApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithReleases") + } + b.Releases = append(b.Releases, *values[i]) + } + return b +} diff --git a/machineconfiguration/applyconfigurations/utils.go b/machineconfiguration/applyconfigurations/utils.go index 7fb4007ae4..3a08201ffb 100644 --- a/machineconfiguration/applyconfigurations/utils.go +++ b/machineconfiguration/applyconfigurations/utils.go @@ -50,6 +50,16 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &machineconfigurationv1.ImageRegistryBundleApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("ImageSecretObjectReference"): return &machineconfigurationv1.ImageSecretObjectReferenceApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("InternalReleaseImage"): + return &machineconfigurationv1.InternalReleaseImageApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("InternalReleaseImageBundleStatus"): + return &machineconfigurationv1.InternalReleaseImageBundleStatusApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("InternalReleaseImageRef"): + return &machineconfigurationv1.InternalReleaseImageRefApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("InternalReleaseImageSpec"): + return &machineconfigurationv1.InternalReleaseImageSpecApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("InternalReleaseImageStatus"): + return &machineconfigurationv1.InternalReleaseImageStatusApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("IrreconcilableChangeDiff"): return &machineconfigurationv1.IrreconcilableChangeDiffApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("KubeletConfig"): diff --git a/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/fake/fake_internalreleaseimage.go b/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/fake/fake_internalreleaseimage.go new file mode 100644 index 0000000000..e4fc3ef150 --- /dev/null +++ b/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/fake/fake_internalreleaseimage.go @@ -0,0 +1,37 @@ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1 "github.com/openshift/api/machineconfiguration/v1" + machineconfigurationv1 "github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1" + typedmachineconfigurationv1 "github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1" + gentype "k8s.io/client-go/gentype" +) + +// fakeInternalReleaseImages implements InternalReleaseImageInterface +type fakeInternalReleaseImages struct { + *gentype.FakeClientWithListAndApply[*v1.InternalReleaseImage, *v1.InternalReleaseImageList, *machineconfigurationv1.InternalReleaseImageApplyConfiguration] + Fake *FakeMachineconfigurationV1 +} + +func newFakeInternalReleaseImages(fake *FakeMachineconfigurationV1) typedmachineconfigurationv1.InternalReleaseImageInterface { + return &fakeInternalReleaseImages{ + gentype.NewFakeClientWithListAndApply[*v1.InternalReleaseImage, *v1.InternalReleaseImageList, *machineconfigurationv1.InternalReleaseImageApplyConfiguration]( + fake.Fake, + "", + v1.SchemeGroupVersion.WithResource("internalreleaseimages"), + v1.SchemeGroupVersion.WithKind("InternalReleaseImage"), + func() *v1.InternalReleaseImage { return &v1.InternalReleaseImage{} }, + func() *v1.InternalReleaseImageList { return &v1.InternalReleaseImageList{} }, + func(dst, src *v1.InternalReleaseImageList) { dst.ListMeta = src.ListMeta }, + func(list *v1.InternalReleaseImageList) []*v1.InternalReleaseImage { + return gentype.ToPointerSlice(list.Items) + }, + func(list *v1.InternalReleaseImageList, items []*v1.InternalReleaseImage) { + list.Items = gentype.FromPointerSlice(items) + }, + ), + fake, + } +} diff --git a/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/fake/fake_machineconfiguration_client.go b/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/fake/fake_machineconfiguration_client.go index 81354c417e..05c4f2d80f 100644 --- a/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/fake/fake_machineconfiguration_client.go +++ b/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/fake/fake_machineconfiguration_client.go @@ -20,6 +20,10 @@ func (c *FakeMachineconfigurationV1) ControllerConfigs() v1.ControllerConfigInte return newFakeControllerConfigs(c) } +func (c *FakeMachineconfigurationV1) InternalReleaseImages() v1.InternalReleaseImageInterface { + return newFakeInternalReleaseImages(c) +} + func (c *FakeMachineconfigurationV1) KubeletConfigs() v1.KubeletConfigInterface { return newFakeKubeletConfigs(c) } diff --git a/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/generated_expansion.go b/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/generated_expansion.go index bd8ab6e162..fa409d9fbb 100644 --- a/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/generated_expansion.go +++ b/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/generated_expansion.go @@ -6,6 +6,8 @@ type ContainerRuntimeConfigExpansion interface{} type ControllerConfigExpansion interface{} +type InternalReleaseImageExpansion interface{} + type KubeletConfigExpansion interface{} type MachineConfigExpansion interface{} diff --git a/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/internalreleaseimage.go b/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/internalreleaseimage.go new file mode 100644 index 0000000000..c0deae9ac4 --- /dev/null +++ b/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/internalreleaseimage.go @@ -0,0 +1,62 @@ +// Code generated by client-gen. DO NOT EDIT. + +package v1 + +import ( + context "context" + + machineconfigurationv1 "github.com/openshift/api/machineconfiguration/v1" + applyconfigurationsmachineconfigurationv1 "github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1" + scheme "github.com/openshift/client-go/machineconfiguration/clientset/versioned/scheme" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + gentype "k8s.io/client-go/gentype" +) + +// InternalReleaseImagesGetter has a method to return a InternalReleaseImageInterface. +// A group's client should implement this interface. +type InternalReleaseImagesGetter interface { + InternalReleaseImages() InternalReleaseImageInterface +} + +// InternalReleaseImageInterface has methods to work with InternalReleaseImage resources. +type InternalReleaseImageInterface interface { + Create(ctx context.Context, internalReleaseImage *machineconfigurationv1.InternalReleaseImage, opts metav1.CreateOptions) (*machineconfigurationv1.InternalReleaseImage, error) + Update(ctx context.Context, internalReleaseImage *machineconfigurationv1.InternalReleaseImage, opts metav1.UpdateOptions) (*machineconfigurationv1.InternalReleaseImage, error) + // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). + UpdateStatus(ctx context.Context, internalReleaseImage *machineconfigurationv1.InternalReleaseImage, opts metav1.UpdateOptions) (*machineconfigurationv1.InternalReleaseImage, error) + Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error + Get(ctx context.Context, name string, opts metav1.GetOptions) (*machineconfigurationv1.InternalReleaseImage, error) + List(ctx context.Context, opts metav1.ListOptions) (*machineconfigurationv1.InternalReleaseImageList, error) + Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *machineconfigurationv1.InternalReleaseImage, err error) + Apply(ctx context.Context, internalReleaseImage *applyconfigurationsmachineconfigurationv1.InternalReleaseImageApplyConfiguration, opts metav1.ApplyOptions) (result *machineconfigurationv1.InternalReleaseImage, err error) + // Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). + ApplyStatus(ctx context.Context, internalReleaseImage *applyconfigurationsmachineconfigurationv1.InternalReleaseImageApplyConfiguration, opts metav1.ApplyOptions) (result *machineconfigurationv1.InternalReleaseImage, err error) + InternalReleaseImageExpansion +} + +// internalReleaseImages implements InternalReleaseImageInterface +type internalReleaseImages struct { + *gentype.ClientWithListAndApply[*machineconfigurationv1.InternalReleaseImage, *machineconfigurationv1.InternalReleaseImageList, *applyconfigurationsmachineconfigurationv1.InternalReleaseImageApplyConfiguration] +} + +// newInternalReleaseImages returns a InternalReleaseImages +func newInternalReleaseImages(c *MachineconfigurationV1Client) *internalReleaseImages { + return &internalReleaseImages{ + gentype.NewClientWithListAndApply[*machineconfigurationv1.InternalReleaseImage, *machineconfigurationv1.InternalReleaseImageList, *applyconfigurationsmachineconfigurationv1.InternalReleaseImageApplyConfiguration]( + "internalreleaseimages", + c.RESTClient(), + scheme.ParameterCodec, + "", + func() *machineconfigurationv1.InternalReleaseImage { + return &machineconfigurationv1.InternalReleaseImage{} + }, + func() *machineconfigurationv1.InternalReleaseImageList { + return &machineconfigurationv1.InternalReleaseImageList{} + }, + ), + } +} diff --git a/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/machineconfiguration_client.go b/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/machineconfiguration_client.go index 8d661ff173..458b52ca97 100644 --- a/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/machineconfiguration_client.go +++ b/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/machineconfiguration_client.go @@ -14,6 +14,7 @@ type MachineconfigurationV1Interface interface { RESTClient() rest.Interface ContainerRuntimeConfigsGetter ControllerConfigsGetter + InternalReleaseImagesGetter KubeletConfigsGetter MachineConfigsGetter MachineConfigNodesGetter @@ -37,6 +38,10 @@ func (c *MachineconfigurationV1Client) ControllerConfigs() ControllerConfigInter return newControllerConfigs(c) } +func (c *MachineconfigurationV1Client) InternalReleaseImages() InternalReleaseImageInterface { + return newInternalReleaseImages(c) +} + func (c *MachineconfigurationV1Client) KubeletConfigs() KubeletConfigInterface { return newKubeletConfigs(c) } diff --git a/machineconfiguration/informers/externalversions/generic.go b/machineconfiguration/informers/externalversions/generic.go index d82e58acfb..a6365dde64 100644 --- a/machineconfiguration/informers/externalversions/generic.go +++ b/machineconfiguration/informers/externalversions/generic.go @@ -42,6 +42,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource return &genericInformer{resource: resource.GroupResource(), informer: f.Machineconfiguration().V1().ContainerRuntimeConfigs().Informer()}, nil case v1.SchemeGroupVersion.WithResource("controllerconfigs"): return &genericInformer{resource: resource.GroupResource(), informer: f.Machineconfiguration().V1().ControllerConfigs().Informer()}, nil + case v1.SchemeGroupVersion.WithResource("internalreleaseimages"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Machineconfiguration().V1().InternalReleaseImages().Informer()}, nil case v1.SchemeGroupVersion.WithResource("kubeletconfigs"): return &genericInformer{resource: resource.GroupResource(), informer: f.Machineconfiguration().V1().KubeletConfigs().Informer()}, nil case v1.SchemeGroupVersion.WithResource("machineconfigs"): diff --git a/machineconfiguration/informers/externalversions/machineconfiguration/v1/interface.go b/machineconfiguration/informers/externalversions/machineconfiguration/v1/interface.go index c947034b69..9638a47ffe 100644 --- a/machineconfiguration/informers/externalversions/machineconfiguration/v1/interface.go +++ b/machineconfiguration/informers/externalversions/machineconfiguration/v1/interface.go @@ -12,6 +12,8 @@ type Interface interface { ContainerRuntimeConfigs() ContainerRuntimeConfigInformer // ControllerConfigs returns a ControllerConfigInformer. ControllerConfigs() ControllerConfigInformer + // InternalReleaseImages returns a InternalReleaseImageInformer. + InternalReleaseImages() InternalReleaseImageInformer // KubeletConfigs returns a KubeletConfigInformer. KubeletConfigs() KubeletConfigInformer // MachineConfigs returns a MachineConfigInformer. @@ -51,6 +53,11 @@ func (v *version) ControllerConfigs() ControllerConfigInformer { return &controllerConfigInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} } +// InternalReleaseImages returns a InternalReleaseImageInformer. +func (v *version) InternalReleaseImages() InternalReleaseImageInformer { + return &internalReleaseImageInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} + // KubeletConfigs returns a KubeletConfigInformer. func (v *version) KubeletConfigs() KubeletConfigInformer { return &kubeletConfigInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} diff --git a/machineconfiguration/informers/externalversions/machineconfiguration/v1/internalreleaseimage.go b/machineconfiguration/informers/externalversions/machineconfiguration/v1/internalreleaseimage.go new file mode 100644 index 0000000000..0316261249 --- /dev/null +++ b/machineconfiguration/informers/externalversions/machineconfiguration/v1/internalreleaseimage.go @@ -0,0 +1,85 @@ +// Code generated by informer-gen. DO NOT EDIT. + +package v1 + +import ( + context "context" + time "time" + + apimachineconfigurationv1 "github.com/openshift/api/machineconfiguration/v1" + versioned "github.com/openshift/client-go/machineconfiguration/clientset/versioned" + internalinterfaces "github.com/openshift/client-go/machineconfiguration/informers/externalversions/internalinterfaces" + machineconfigurationv1 "github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// InternalReleaseImageInformer provides access to a shared informer and lister for +// InternalReleaseImages. +type InternalReleaseImageInformer interface { + Informer() cache.SharedIndexInformer + Lister() machineconfigurationv1.InternalReleaseImageLister +} + +type internalReleaseImageInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewInternalReleaseImageInformer constructs a new informer for InternalReleaseImage type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewInternalReleaseImageInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredInternalReleaseImageInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredInternalReleaseImageInformer constructs a new informer for InternalReleaseImage type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredInternalReleaseImageInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + cache.ToListWatcherWithWatchListSemantics(&cache.ListWatch{ + ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.MachineconfigurationV1().InternalReleaseImages().List(context.Background(), options) + }, + WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.MachineconfigurationV1().InternalReleaseImages().Watch(context.Background(), options) + }, + ListWithContextFunc: func(ctx context.Context, options metav1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.MachineconfigurationV1().InternalReleaseImages().List(ctx, options) + }, + WatchFuncWithContext: func(ctx context.Context, options metav1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.MachineconfigurationV1().InternalReleaseImages().Watch(ctx, options) + }, + }, client), + &apimachineconfigurationv1.InternalReleaseImage{}, + resyncPeriod, + indexers, + ) +} + +func (f *internalReleaseImageInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredInternalReleaseImageInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *internalReleaseImageInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&apimachineconfigurationv1.InternalReleaseImage{}, f.defaultInformer) +} + +func (f *internalReleaseImageInformer) Lister() machineconfigurationv1.InternalReleaseImageLister { + return machineconfigurationv1.NewInternalReleaseImageLister(f.Informer().GetIndexer()) +} diff --git a/machineconfiguration/listers/machineconfiguration/v1/expansion_generated.go b/machineconfiguration/listers/machineconfiguration/v1/expansion_generated.go index e3489b5515..39cd1db0e7 100644 --- a/machineconfiguration/listers/machineconfiguration/v1/expansion_generated.go +++ b/machineconfiguration/listers/machineconfiguration/v1/expansion_generated.go @@ -10,6 +10,10 @@ type ContainerRuntimeConfigListerExpansion interface{} // ControllerConfigLister. type ControllerConfigListerExpansion interface{} +// InternalReleaseImageListerExpansion allows custom methods to be added to +// InternalReleaseImageLister. +type InternalReleaseImageListerExpansion interface{} + // KubeletConfigListerExpansion allows custom methods to be added to // KubeletConfigLister. type KubeletConfigListerExpansion interface{} diff --git a/machineconfiguration/listers/machineconfiguration/v1/internalreleaseimage.go b/machineconfiguration/listers/machineconfiguration/v1/internalreleaseimage.go new file mode 100644 index 0000000000..69e48052e3 --- /dev/null +++ b/machineconfiguration/listers/machineconfiguration/v1/internalreleaseimage.go @@ -0,0 +1,32 @@ +// Code generated by lister-gen. DO NOT EDIT. + +package v1 + +import ( + machineconfigurationv1 "github.com/openshift/api/machineconfiguration/v1" + labels "k8s.io/apimachinery/pkg/labels" + listers "k8s.io/client-go/listers" + cache "k8s.io/client-go/tools/cache" +) + +// InternalReleaseImageLister helps list InternalReleaseImages. +// All objects returned here must be treated as read-only. +type InternalReleaseImageLister interface { + // List lists all InternalReleaseImages in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*machineconfigurationv1.InternalReleaseImage, err error) + // Get retrieves the InternalReleaseImage from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*machineconfigurationv1.InternalReleaseImage, error) + InternalReleaseImageListerExpansion +} + +// internalReleaseImageLister implements the InternalReleaseImageLister interface. +type internalReleaseImageLister struct { + listers.ResourceIndexer[*machineconfigurationv1.InternalReleaseImage] +} + +// NewInternalReleaseImageLister returns a new InternalReleaseImageLister. +func NewInternalReleaseImageLister(indexer cache.Indexer) InternalReleaseImageLister { + return &internalReleaseImageLister{listers.New[*machineconfigurationv1.InternalReleaseImage](indexer, machineconfigurationv1.Resource("internalreleaseimage"))} +} diff --git a/operator/applyconfigurations/operator/v1/awsnetworkloadbalancerparameters.go b/operator/applyconfigurations/operator/v1/awsnetworkloadbalancerparameters.go index 3785c6995e..40cd5a65b0 100644 --- a/operator/applyconfigurations/operator/v1/awsnetworkloadbalancerparameters.go +++ b/operator/applyconfigurations/operator/v1/awsnetworkloadbalancerparameters.go @@ -38,6 +38,33 @@ type AWSNetworkLoadBalancerParametersApplyConfiguration struct { // See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general // information about configuration, characteristics, and limitations of Elastic IP addresses. EIPAllocations []operatorv1.EIPAllocation `json:"eipAllocations,omitempty"` + // protocol specifies whether the Network Load Balancer uses PROXY + // protocol to forward connections to the IngressController. + // + // When set to "TCP", the NLB uses AWS's native client IP preservation. + // This may cause hairpin connection failures for internal load + // balancers when connections are made from pods to router pods on + // the same node. + // + // When set to "PROXY", the NLB disables native client IP preservation + // and uses PROXY protocol v2. The IngressController enables PROXY + // protocol on HAProxy so that it can parse PROXY protocol headers to + // obtain the original client IP. This avoids hairpin connection + // failures. + // + // The following values are valid for this field: + // + // * "TCP". + // * "PROXY". + // + // When omitted, this means the user has no opinion and the value is + // left to the platform to choose a reasonable default, which is subject to + // change over time. The current default is "PROXY". + // + // Note that changing this field may cause brief connection failures + // during the transition as the NLB attribute change and router rollout + // occur independently. + Protocol *operatorv1.NLBProtocol `json:"protocol,omitempty"` } // AWSNetworkLoadBalancerParametersApplyConfiguration constructs a declarative configuration of the AWSNetworkLoadBalancerParameters type for use with @@ -63,3 +90,11 @@ func (b *AWSNetworkLoadBalancerParametersApplyConfiguration) WithEIPAllocations( } return b } + +// WithProtocol sets the Protocol field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Protocol field is set to the value of the last call. +func (b *AWSNetworkLoadBalancerParametersApplyConfiguration) WithProtocol(value operatorv1.NLBProtocol) *AWSNetworkLoadBalancerParametersApplyConfiguration { + b.Protocol = &value + return b +} diff --git a/operator/applyconfigurations/operator/v1/csidriverconfigspec.go b/operator/applyconfigurations/operator/v1/csidriverconfigspec.go index 215a65371c..4ff829f8a7 100644 --- a/operator/applyconfigurations/operator/v1/csidriverconfigspec.go +++ b/operator/applyconfigurations/operator/v1/csidriverconfigspec.go @@ -14,7 +14,7 @@ import ( type CSIDriverConfigSpecApplyConfiguration struct { // driverType indicates type of CSI driver for which the // driverConfig is being applied to. - // Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. + // Valid values are: AWS, Azure, GCP, IBMCloud, vSphere, SecretsStore and omitted. // Consumers should treat unknown values as a NO-OP. DriverType *operatorv1.CSIDriverType `json:"driverType,omitempty"` // aws is used to configure the AWS CSI driver. @@ -27,6 +27,8 @@ type CSIDriverConfigSpecApplyConfiguration struct { IBMCloud *IBMCloudCSIDriverConfigSpecApplyConfiguration `json:"ibmcloud,omitempty"` // vSphere is used to configure the vsphere CSI driver. VSphere *VSphereCSIDriverConfigSpecApplyConfiguration `json:"vSphere,omitempty"` + // secretsStore is used to configure the Secrets Store CSI driver. + SecretsStore *SecretsStoreCSIDriverConfigSpecApplyConfiguration `json:"secretsStore,omitempty"` } // CSIDriverConfigSpecApplyConfiguration constructs a declarative configuration of the CSIDriverConfigSpec type for use with @@ -82,3 +84,11 @@ func (b *CSIDriverConfigSpecApplyConfiguration) WithVSphere(value *VSphereCSIDri b.VSphere = value return b } + +// WithSecretsStore sets the SecretsStore field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SecretsStore field is set to the value of the last call. +func (b *CSIDriverConfigSpecApplyConfiguration) WithSecretsStore(value *SecretsStoreCSIDriverConfigSpecApplyConfiguration) *CSIDriverConfigSpecApplyConfiguration { + b.SecretsStore = value + return b +} diff --git a/operator/applyconfigurations/operator/v1/customsecretrotation.go b/operator/applyconfigurations/operator/v1/customsecretrotation.go new file mode 100644 index 0000000000..1dd976a86a --- /dev/null +++ b/operator/applyconfigurations/operator/v1/customsecretrotation.go @@ -0,0 +1,31 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// CustomSecretRotationApplyConfiguration represents a declarative configuration of the CustomSecretRotation type for use +// with apply. +// +// CustomSecretRotation holds configuration for custom secret rotation behavior. +type CustomSecretRotationApplyConfiguration struct { + // rotationPollIntervalSeconds is the minimum time in seconds between secret + // rotation attempts. The driver skips provider calls if less than this interval + // has elapsed since the last successful rotation. + // Must be at least 1 second and no more than 31560000 seconds (~1 year). + // When omitted, this means no opinion and the platform is left to choose a + // reasonable default, which is subject to change over time. + RotationPollIntervalSeconds *int32 `json:"rotationPollIntervalSeconds,omitempty"` +} + +// CustomSecretRotationApplyConfiguration constructs a declarative configuration of the CustomSecretRotation type for use with +// apply. +func CustomSecretRotation() *CustomSecretRotationApplyConfiguration { + return &CustomSecretRotationApplyConfiguration{} +} + +// WithRotationPollIntervalSeconds sets the RotationPollIntervalSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RotationPollIntervalSeconds field is set to the value of the last call. +func (b *CustomSecretRotationApplyConfiguration) WithRotationPollIntervalSeconds(value int32) *CustomSecretRotationApplyConfiguration { + b.RotationPollIntervalSeconds = &value + return b +} diff --git a/operator/applyconfigurations/operator/v1/managedtokenrequests.go b/operator/applyconfigurations/operator/v1/managedtokenrequests.go new file mode 100644 index 0000000000..5b65a6628d --- /dev/null +++ b/operator/applyconfigurations/operator/v1/managedtokenrequests.go @@ -0,0 +1,43 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// ManagedTokenRequestsApplyConfiguration represents a declarative configuration of the ManagedTokenRequests type for use +// with apply. +// +// ManagedTokenRequests holds the configuration for operator-managed +// service account token requests. +type ManagedTokenRequestsApplyConfiguration struct { + // audiences specifies service account token audiences that kubelet will + // provide to the CSI driver during NodePublishVolume calls. These tokens + // enable workload identity federation (WIF) with cloud providers such as + // AWS, Azure, and GCP. + // When empty, the operator clears all tokenRequests from the CSIDriver object. + Audiences *[]SecretsStoreTokenRequestApplyConfiguration `json:"audiences,omitempty"` +} + +// ManagedTokenRequestsApplyConfiguration constructs a declarative configuration of the ManagedTokenRequests type for use with +// apply. +func ManagedTokenRequests() *ManagedTokenRequestsApplyConfiguration { + return &ManagedTokenRequestsApplyConfiguration{} +} + +func (b *ManagedTokenRequestsApplyConfiguration) ensureSecretsStoreTokenRequestApplyConfigurationExists() { + if b.Audiences == nil { + b.Audiences = &[]SecretsStoreTokenRequestApplyConfiguration{} + } +} + +// WithAudiences adds the given value to the Audiences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Audiences field. +func (b *ManagedTokenRequestsApplyConfiguration) WithAudiences(values ...*SecretsStoreTokenRequestApplyConfiguration) *ManagedTokenRequestsApplyConfiguration { + b.ensureSecretsStoreTokenRequestApplyConfigurationExists() + for i := range values { + if values[i] == nil { + panic("nil value passed to WithAudiences") + } + *b.Audiences = append(*b.Audiences, *values[i]) + } + return b +} diff --git a/operator/applyconfigurations/operator/v1/secretsstorecsidriverconfigspec.go b/operator/applyconfigurations/operator/v1/secretsstorecsidriverconfigspec.go new file mode 100644 index 0000000000..145aa90709 --- /dev/null +++ b/operator/applyconfigurations/operator/v1/secretsstorecsidriverconfigspec.go @@ -0,0 +1,40 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// SecretsStoreCSIDriverConfigSpecApplyConfiguration represents a declarative configuration of the SecretsStoreCSIDriverConfigSpec type for use +// with apply. +// +// SecretsStoreCSIDriverConfigSpec defines properties that can be configured for the Secrets Store CSI driver. +type SecretsStoreCSIDriverConfigSpecApplyConfiguration struct { + // secretRotation controls automatic secret rotation behavior. + // When omitted, secret rotation is enabled with a default poll interval of 2 minutes. + SecretRotation *SecretsStoreSecretRotationApplyConfiguration `json:"secretRotation,omitempty"` + // tokenRequests controls service account token configuration for + // workload identity federation (WIF) with cloud providers. + // When omitted, the operator preserves any existing tokenRequests + // already configured on the CSIDriver object without modification. + TokenRequests *SecretsStoreTokenRequestsApplyConfiguration `json:"tokenRequests,omitempty"` +} + +// SecretsStoreCSIDriverConfigSpecApplyConfiguration constructs a declarative configuration of the SecretsStoreCSIDriverConfigSpec type for use with +// apply. +func SecretsStoreCSIDriverConfigSpec() *SecretsStoreCSIDriverConfigSpecApplyConfiguration { + return &SecretsStoreCSIDriverConfigSpecApplyConfiguration{} +} + +// WithSecretRotation sets the SecretRotation field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the SecretRotation field is set to the value of the last call. +func (b *SecretsStoreCSIDriverConfigSpecApplyConfiguration) WithSecretRotation(value *SecretsStoreSecretRotationApplyConfiguration) *SecretsStoreCSIDriverConfigSpecApplyConfiguration { + b.SecretRotation = value + return b +} + +// WithTokenRequests sets the TokenRequests field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the TokenRequests field is set to the value of the last call. +func (b *SecretsStoreCSIDriverConfigSpecApplyConfiguration) WithTokenRequests(value *SecretsStoreTokenRequestsApplyConfiguration) *SecretsStoreCSIDriverConfigSpecApplyConfiguration { + b.TokenRequests = value + return b +} diff --git a/operator/applyconfigurations/operator/v1/secretsstoresecretrotation.go b/operator/applyconfigurations/operator/v1/secretsstoresecretrotation.go new file mode 100644 index 0000000000..0624fe9c67 --- /dev/null +++ b/operator/applyconfigurations/operator/v1/secretsstoresecretrotation.go @@ -0,0 +1,46 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + operatorv1 "github.com/openshift/api/operator/v1" +) + +// SecretsStoreSecretRotationApplyConfiguration represents a declarative configuration of the SecretsStoreSecretRotation type for use +// with apply. +// +// SecretsStoreSecretRotation configures the automatic secret rotation behavior +// for the Secrets Store CSI driver. +type SecretsStoreSecretRotationApplyConfiguration struct { + // type determines the secret rotation behavior. + // When "None", secret rotation is disabled and secrets are only fetched at + // initial pod mount time. + // When "Custom", secret rotation is enabled with the configuration specified + // in the custom field. + Type *operatorv1.SecretRotationType `json:"type,omitempty"` + // custom holds the custom rotation configuration. + // Only valid when type is "Custom". + Custom *CustomSecretRotationApplyConfiguration `json:"custom,omitempty"` +} + +// SecretsStoreSecretRotationApplyConfiguration constructs a declarative configuration of the SecretsStoreSecretRotation type for use with +// apply. +func SecretsStoreSecretRotation() *SecretsStoreSecretRotationApplyConfiguration { + return &SecretsStoreSecretRotationApplyConfiguration{} +} + +// WithType sets the Type field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Type field is set to the value of the last call. +func (b *SecretsStoreSecretRotationApplyConfiguration) WithType(value operatorv1.SecretRotationType) *SecretsStoreSecretRotationApplyConfiguration { + b.Type = &value + return b +} + +// WithCustom sets the Custom field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Custom field is set to the value of the last call. +func (b *SecretsStoreSecretRotationApplyConfiguration) WithCustom(value *CustomSecretRotationApplyConfiguration) *SecretsStoreSecretRotationApplyConfiguration { + b.Custom = value + return b +} diff --git a/operator/applyconfigurations/operator/v1/secretsstoretokenrequest.go b/operator/applyconfigurations/operator/v1/secretsstoretokenrequest.go new file mode 100644 index 0000000000..b8eb7597f7 --- /dev/null +++ b/operator/applyconfigurations/operator/v1/secretsstoretokenrequest.go @@ -0,0 +1,41 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// SecretsStoreTokenRequestApplyConfiguration represents a declarative configuration of the SecretsStoreTokenRequest type for use +// with apply. +// +// SecretsStoreTokenRequest specifies a service account token audience configuration +// for workload identity federation (WIF) with the Secrets Store CSI driver. +type SecretsStoreTokenRequestApplyConfiguration struct { + // audience is the intended audience of the service account token. + // An empty string means the issued token will use the kube-apiserver's default APIAudiences. + Audience *string `json:"audience,omitempty"` + // expirationSeconds is the requested duration of validity of the service account token. + // The token issuer may return a token with a different validity duration. + // When omitted, the token expiration is determined by the kube-apiserver. + // Must be at least 600 seconds (10 minutes) and no more than 315360000 seconds (~10 years). + ExpirationSeconds *int32 `json:"expirationSeconds,omitempty"` +} + +// SecretsStoreTokenRequestApplyConfiguration constructs a declarative configuration of the SecretsStoreTokenRequest type for use with +// apply. +func SecretsStoreTokenRequest() *SecretsStoreTokenRequestApplyConfiguration { + return &SecretsStoreTokenRequestApplyConfiguration{} +} + +// WithAudience sets the Audience field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Audience field is set to the value of the last call. +func (b *SecretsStoreTokenRequestApplyConfiguration) WithAudience(value string) *SecretsStoreTokenRequestApplyConfiguration { + b.Audience = &value + return b +} + +// WithExpirationSeconds sets the ExpirationSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ExpirationSeconds field is set to the value of the last call. +func (b *SecretsStoreTokenRequestApplyConfiguration) WithExpirationSeconds(value int32) *SecretsStoreTokenRequestApplyConfiguration { + b.ExpirationSeconds = &value + return b +} diff --git a/operator/applyconfigurations/operator/v1/secretsstoretokenrequests.go b/operator/applyconfigurations/operator/v1/secretsstoretokenrequests.go new file mode 100644 index 0000000000..ea9ac415de --- /dev/null +++ b/operator/applyconfigurations/operator/v1/secretsstoretokenrequests.go @@ -0,0 +1,47 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + operatorv1 "github.com/openshift/api/operator/v1" +) + +// SecretsStoreTokenRequestsApplyConfiguration represents a declarative configuration of the SecretsStoreTokenRequests type for use +// with apply. +// +// SecretsStoreTokenRequests configures how service account tokens are +// provided to the Secrets Store CSI driver for workload identity federation. +type SecretsStoreTokenRequestsApplyConfiguration struct { + // type determines how the operator manages tokenRequests on the CSIDriver object. + // When "Unmanaged", existing tokenRequests on the CSIDriver are preserved + // and the managed field is not used. + // When "Managed", the operator sets tokenRequests from the audiences + // specified in the managed field, replacing any previously configured values. + // Once set to "Managed", type cannot be reverted back to "Unmanaged". + Type *operatorv1.TokenRequestsType `json:"type,omitempty"` + // managed holds configuration for operator-managed tokenRequests. + // Only valid when type is "Managed". + Managed *ManagedTokenRequestsApplyConfiguration `json:"managed,omitempty"` +} + +// SecretsStoreTokenRequestsApplyConfiguration constructs a declarative configuration of the SecretsStoreTokenRequests type for use with +// apply. +func SecretsStoreTokenRequests() *SecretsStoreTokenRequestsApplyConfiguration { + return &SecretsStoreTokenRequestsApplyConfiguration{} +} + +// WithType sets the Type field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Type field is set to the value of the last call. +func (b *SecretsStoreTokenRequestsApplyConfiguration) WithType(value operatorv1.TokenRequestsType) *SecretsStoreTokenRequestsApplyConfiguration { + b.Type = &value + return b +} + +// WithManaged sets the Managed field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Managed field is set to the value of the last call. +func (b *SecretsStoreTokenRequestsApplyConfiguration) WithManaged(value *ManagedTokenRequestsApplyConfiguration) *SecretsStoreTokenRequestsApplyConfiguration { + b.Managed = value + return b +} diff --git a/operator/applyconfigurations/utils.go b/operator/applyconfigurations/utils.go index b2c32f4cd6..cd03dd84d0 100644 --- a/operator/applyconfigurations/utils.go +++ b/operator/applyconfigurations/utils.go @@ -110,6 +110,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &operatorv1.CSISnapshotControllerSpecApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("CSISnapshotControllerStatus"): return &operatorv1.CSISnapshotControllerStatusApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("CustomSecretRotation"): + return &operatorv1.CustomSecretRotationApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("DefaultNetworkDefinition"): return &operatorv1.DefaultNetworkDefinitionApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("DeveloperConsoleCatalogCategory"): @@ -282,6 +284,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &operatorv1.MachineManagerSelectorApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("ManagedBootImages"): return &operatorv1.ManagedBootImagesApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("ManagedTokenRequests"): + return &operatorv1.ManagedTokenRequestsApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("MTUMigration"): return &operatorv1.MTUMigrationApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("MTUMigrationValues"): @@ -386,6 +390,14 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &operatorv1.RestartServiceApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("RouteAdmissionPolicy"): return &operatorv1.RouteAdmissionPolicyApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("SecretsStoreCSIDriverConfigSpec"): + return &operatorv1.SecretsStoreCSIDriverConfigSpecApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("SecretsStoreSecretRotation"): + return &operatorv1.SecretsStoreSecretRotationApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("SecretsStoreTokenRequest"): + return &operatorv1.SecretsStoreTokenRequestApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("SecretsStoreTokenRequests"): + return &operatorv1.SecretsStoreTokenRequestsApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("Server"): return &operatorv1.ServerApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("ServiceAccountIssuerStatus"): diff --git a/vendor/github.com/openshift/api/config/v1/register.go b/vendor/github.com/openshift/api/config/v1/register.go index 222c7f0cc7..1f27d821ab 100644 --- a/vendor/github.com/openshift/api/config/v1/register.go +++ b/vendor/github.com/openshift/api/config/v1/register.go @@ -78,6 +78,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { &ClusterImagePolicyList{}, &InsightsDataGather{}, &InsightsDataGatherList{}, + &CRIOCredentialProviderConfig{}, + &CRIOCredentialProviderConfigList{}, ) metav1.AddToGroupVersion(scheme, GroupVersion) return nil diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go index f8d45114a8..9cb85f4c00 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -18,7 +18,8 @@ import ( // +kubebuilder:object:root=true // +kubebuilder:subresource:status // +kubebuilder:resource:path=clusterversions,scope=Cluster -// +kubebuilder:validation:XValidation:rule="has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == 'None' && 'marketplace' in self.spec.capabilities.additionalEnabledCapabilities ? 'OperatorLifecycleManager' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && 'OperatorLifecycleManager' in self.status.capabilities.enabledCapabilities) : true",message="the `marketplace` capability requires the `OperatorLifecycleManager` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `OperatorLifecycleManager` capability" +// +openshift:validation:FeatureGateAwareXValidation:featureGate="";CRDCompatibilityRequirementOperator;ClusterAPIMachineManagement,rule="has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == 'None' && 'marketplace' in self.spec.capabilities.additionalEnabledCapabilities ? 'OperatorLifecycleManager' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && 'OperatorLifecycleManager' in self.status.capabilities.enabledCapabilities) : true",message="the `marketplace` capability requires the `OperatorLifecycleManager` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `OperatorLifecycleManager` capability" +// +openshift:validation:FeatureGateAwareXValidation:requiredFeatureGate=CRDCompatibilityRequirementOperator;ClusterAPIMachineManagement,rule="has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && 'ClusterAPI' in self.spec.capabilities.additionalEnabledCapabilities ? 'CompatibilityRequirements' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && 'CompatibilityRequirements' in self.status.capabilities.enabledCapabilities) : true",message="the `ClusterAPI` capability requires the `CompatibilityRequirements` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `CompatibilityRequirements` capability" // +kubebuilder:printcolumn:name=Version,JSONPath=.status.history[?(@.state=="Completed")].version,type=string // +kubebuilder:printcolumn:name=Available,JSONPath=.status.conditions[?(@.type=="Available")].status,type=string // +kubebuilder:printcolumn:name=Progressing,JSONPath=.status.conditions[?(@.type=="Progressing")].status,type=string @@ -304,7 +305,10 @@ const ( ) // ClusterVersionCapability enumerates optional, core cluster components. -// +kubebuilder:validation:Enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry;OperatorLifecycleManager;CloudCredential;Ingress;CloudControllerManager;OperatorLifecycleManagerV1 +// +openshift:validation:FeatureGateAwareEnum:featureGate="",enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry;OperatorLifecycleManager;CloudCredential;Ingress;CloudControllerManager;OperatorLifecycleManagerV1 +// +openshift:validation:FeatureGateAwareEnum:featureGate=CRDCompatibilityRequirementOperator,enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry;OperatorLifecycleManager;CloudCredential;Ingress;CloudControllerManager;OperatorLifecycleManagerV1;CompatibilityRequirements +// +openshift:validation:FeatureGateAwareEnum:featureGate=ClusterAPIMachineManagement,enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry;OperatorLifecycleManager;CloudCredential;Ingress;CloudControllerManager;OperatorLifecycleManagerV1;CompatibilityRequirements;ClusterAPI +// +openshift:validation:FeatureGateAwareEnum:requiredFeatureGate=CRDCompatibilityRequirementOperator;ClusterAPIMachineManagement,enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry;OperatorLifecycleManager;CloudCredential;Ingress;CloudControllerManager;OperatorLifecycleManagerV1;CompatibilityRequirements;ClusterAPI type ClusterVersionCapability string const ( @@ -425,6 +429,19 @@ const ( // Managers deployed on top of OpenShift. They help you to work with cloud // provider API and embeds cloud-specific control logic. ClusterVersionCapabilityCloudControllerManager ClusterVersionCapability = "CloudControllerManager" + + // ClusterVersionCapabilityCompatibilityRequirements manages the Compatibility + // Requirements operator which enforces CRD compatibility constraints via + // validating webhooks. + ClusterVersionCapabilityCompatibilityRequirements ClusterVersionCapability = "CompatibilityRequirements" + + // ClusterVersionCapabilityClusterAPI manages the Cluster API operator and + // controllers which provide forward-compatible machine management for + // OpenShift clusters. + // + // Note that Cluster API has a hard requirement on CompatibilityRequirements. + // CompatibilityRequirements cannot be disabled while Cluster API is enabled. + ClusterVersionCapabilityClusterAPI ClusterVersionCapability = "ClusterAPI" ) // KnownClusterVersionCapabilities includes all known optional, core cluster components. @@ -446,6 +463,8 @@ var KnownClusterVersionCapabilities = []ClusterVersionCapability{ ClusterVersionCapabilityCloudCredential, ClusterVersionCapabilityIngress, ClusterVersionCapabilityCloudControllerManager, + ClusterVersionCapabilityCompatibilityRequirements, + ClusterVersionCapabilityClusterAPI, } // ClusterVersionCapabilitySet defines sets of cluster version capabilities. @@ -644,6 +663,8 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityCloudCredential, ClusterVersionCapabilityIngress, ClusterVersionCapabilityCloudControllerManager, + ClusterVersionCapabilityCompatibilityRequirements, + ClusterVersionCapabilityClusterAPI, }, } diff --git a/vendor/github.com/openshift/api/config/v1/types_crio_credential_provider_config.go b/vendor/github.com/openshift/api/config/v1/types_crio_credential_provider_config.go new file mode 100644 index 0000000000..3fe543aac8 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/types_crio_credential_provider_config.go @@ -0,0 +1,186 @@ +package v1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is "cluster". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. +// For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. +// CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. +// Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout. +// +// The resource is a singleton named "cluster". +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=criocredentialproviderconfigs,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/2725 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +openshift:enable:FeatureGate=CRIOCredentialProviderConfig +// +openshift:compatibility-gen:level=1 +// +kubebuilder:validation:XValidation:rule="self.metadata.name == 'cluster'",message="criocredentialproviderconfig is a singleton, .metadata.name must be 'cluster'" +type CRIOCredentialProviderConfig struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metav1.ObjectMeta `json:"metadata,omitzero"` + + // spec defines the desired configuration of the CRI-O Credential Provider. + // This field is required and must be provided when creating the resource. + // +required + Spec *CRIOCredentialProviderConfigSpec `json:"spec,omitempty,omitzero"` + + // status represents the current state of the CRIOCredentialProviderConfig. + // When omitted or nil, it indicates that the status has not yet been set by the controller. + // The controller will populate this field with validation conditions and operational state. + // +optional + Status CRIOCredentialProviderConfigStatus `json:"status,omitzero,omitempty"` +} + +// CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider. +// +kubebuilder:validation:MinProperties=0 +type CRIOCredentialProviderConfigSpec struct { + // matchImages is a list of string patterns used to determine whether + // the CRI-O credential provider should be invoked for a given image. This list is + // passed to the kubelet CredentialProviderConfig, and if any pattern matches + // the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling + // that image or its mirrors. + // Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider. + // Conflicts between the existing platform specific provider image match configuration and this list will be handled by + // the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those + // from the CRIOCredentialProviderConfig when both match the same image. + // To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with + // existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml). + // You can check the resource's Status conditions + // to see if any entries were ignored due to exact matches with known built-in provider patterns. + // + // This field is optional, the items of the list must contain between 1 and 50 entries. + // The list is treated as a set, so duplicate entries are not allowed. + // + // For more details, see: + // https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/ + // https://github.com/cri-o/crio-credential-provider#architecture + // + // Each entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters. + // Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io', + // and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net'). + // A global wildcard '*' (matching any domain) is not allowed. + // Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path. + // For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not. + // Each wildcard matches only a single domain label, + // so '*.io' does **not** match '*.k8s.io'. + // + // A match exists between an image and a matchImage when all of the below are true: + // Both contain the same number of domain parts and each part matches. + // The URL path of an matchImages must be a prefix of the target image URL path. + // If the matchImages contains a port, then the port must match in the image as well. + // + // Example values of matchImages: + // - 123456789.dkr.ecr.us-east-1.amazonaws.com + // - *.azurecr.io + // - gcr.io + // - *.*.registry.io + // - registry.io:8080/path + // + // +kubebuilder:validation:MaxItems=50 + // +kubebuilder:validation:MinItems=1 + // +listType=set + // +optional + MatchImages []MatchImage `json:"matchImages,omitempty"` +} + +// MatchImage is a string pattern used to match container image registry addresses. +// It must be a valid fully qualified domain name with optional wildcard, port, and path. +// The maximum length is 512 characters. +// +// Wildcards ('*') are supported for full subdomain labels and top-level domains. +// Each entry can optionally contain a port (e.g., :8080) and a path (e.g., /path). +// Wildcards are not allowed in the port or path portions. +// +// Examples: +// - "registry.io" - matches exactly registry.io +// - "*.azurecr.io" - matches any single subdomain of azurecr.io +// - "registry.io:8080/path" - matches with specific port and path prefix +// +// +kubebuilder:validation:MaxLength=512 +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:XValidation:rule="self != '*'",message="global wildcard '*' is not allowed" +// +kubebuilder:validation:XValidation:rule=`self.matches('^((\\*|[a-z0-9]([a-z0-9-]*[a-z0-9])?)(\\.(\\*|[a-z0-9]([a-z0-9-]*[a-z0-9])?))*)(:[0-9]+)?(/[-a-z0-9._/]*)?$')`,message="invalid matchImages value, must be a valid fully qualified domain name in lowercase with optional wildcard, port, and path" +type MatchImage string + +// +k8s:deepcopy-gen=true +// CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig +// +kubebuilder:validation:MinProperties=1 +type CRIOCredentialProviderConfigStatus struct { + // conditions represent the latest available observations of the configuration state. + // When omitted, it indicates that no conditions have been reported yet. + // The maximum number of conditions is 16. + // Conditions are stored as a map keyed by condition type, ensuring uniqueness. + // + // Expected condition types include: + // "Validated": indicates whether the matchImages configuration is valid + // +optional + // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// CRIOCredentialProviderConfigList contains a list of CRIOCredentialProviderConfig resources +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type CRIOCredentialProviderConfigList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []CRIOCredentialProviderConfig `json:"items"` +} + +const ( + // ConditionTypeValidated is a condition type that indicates whether the CRIOCredentialProviderConfig + // matchImages configuration has been validated successfully. + // When True, all matchImage patterns are valid and have been applied. + // When False, the configuration contains errors (see Reason for details). + // Possible reasons for False status: + // - ValidationFailed: matchImages contains invalid patterns + // - ConfigurationPartiallyApplied: some matchImage entries were ignored due to conflicts + ConditionTypeValidated = "Validated" + + // ReasonValidationFailed is a condition reason used with ConditionTypeValidated=False + // to indicate that the matchImages configuration contains one or more invalid registry patterns + // that do not conform to the required format (valid FQDN with optional wildcard, port, and path). + ReasonValidationFailed = "ValidationFailed" + + // ReasonConfigurationPartiallyApplied is a condition reason used with ConditionTypeValidated=False + // to indicate that some matchImage entries were ignored due to conflicts or overlapping patterns. + // The condition message will contain details about which entries were ignored and why. + ReasonConfigurationPartiallyApplied = "ConfigurationPartiallyApplied" + + // ConditionTypeMachineConfigRendered is a condition type that indicates whether + // the CRIOCredentialProviderConfig has been successfully rendered into a + // MachineConfig object. + // When True, the corresponding MachineConfig is present in the cluster. + // When False, rendering failed. + ConditionTypeMachineConfigRendered = "MachineConfigRendered" + + // ReasonMachineConfigRenderingSucceeded is a condition reason used with ConditionTypeMachineConfigRendered=True + // to indicate that the MachineConfig was successfully created/updated in the API server. + ReasonMachineConfigRenderingSucceeded = "MachineConfigRenderingSucceeded" + + // ReasonMachineConfigRenderingFailed is a condition reason used with ConditionTypeMachineConfigRendered=False + // to indicate that the MachineConfig creation/update failed. + // The condition message will contain details about the failure. + ReasonMachineConfigRenderingFailed = "MachineConfigRenderingFailed" +) diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index e7680899d4..e8aaa810f5 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -19,6 +19,7 @@ import ( // +kubebuilder:resource:path=infrastructures,scope=Cluster // +kubebuilder:subresource:status // +kubebuilder:metadata:annotations=release.openshift.io/bootstrap-required=true +// +openshift:validation:FeatureGateAwareXValidation:featureGate=MutableTopology,rule="!has(self.spec.controlPlaneTopology) || (has(oldSelf.spec.controlPlaneTopology) && self.spec.controlPlaneTopology == oldSelf.spec.controlPlaneTopology) || (has(self.status.controlPlaneTopology) && self.spec.controlPlaneTopology == self.status.controlPlaneTopology) || (has(self.status.controlPlaneTopology) && self.status.controlPlaneTopology == 'SingleReplica' && self.spec.controlPlaneTopology == 'HighlyAvailable')",message="spec.controlPlaneTopology must match status.controlPlaneTopology or be set to HighlyAvailable when status.controlPlaneTopology is SingleReplica" type Infrastructure struct { metav1.TypeMeta `json:",inline"` @@ -55,6 +56,21 @@ type InfrastructureSpec struct { // platformSpec holds desired information specific to the underlying // infrastructure provider. PlatformSpec PlatformSpec `json:"platformSpec,omitempty"` + + // controlPlaneTopology expresses the desired topology configuration for control nodes. + // + // When status.controlPlaneTopology is 'SingleReplica' and spec.controlPlaneTopology is set to 'HighlyAvailable', + // a transition will be triggered to reconfigure the cluster from SingleReplica to HighlyAvailable. + // + // When left blank or status.controlPlaneTopology and spec.controlPlaneTopology are the same value, + // no changes are required and no transitions will be triggered. + // + // This value may be set to match status.controlPlaneTopology regardless of the current value. + // + // +openshift:enable:FeatureGate=MutableTopology + // +kubebuilder:validation:Enum=HighlyAvailable;SingleReplica + // +optional + ControlPlaneTopology TopologyMode `json:"controlPlaneTopology,omitempty"` } // InfrastructureStatus describes the infrastructure the cluster is leveraging. diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index 13f1bc390d..3c75062bb7 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -904,6 +904,115 @@ func (in *BuildSpec) DeepCopy() *BuildSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CRIOCredentialProviderConfig) DeepCopyInto(out *CRIOCredentialProviderConfig) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.Spec != nil { + in, out := &in.Spec, &out.Spec + *out = new(CRIOCredentialProviderConfigSpec) + (*in).DeepCopyInto(*out) + } + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CRIOCredentialProviderConfig. +func (in *CRIOCredentialProviderConfig) DeepCopy() *CRIOCredentialProviderConfig { + if in == nil { + return nil + } + out := new(CRIOCredentialProviderConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CRIOCredentialProviderConfig) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CRIOCredentialProviderConfigList) DeepCopyInto(out *CRIOCredentialProviderConfigList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]CRIOCredentialProviderConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CRIOCredentialProviderConfigList. +func (in *CRIOCredentialProviderConfigList) DeepCopy() *CRIOCredentialProviderConfigList { + if in == nil { + return nil + } + out := new(CRIOCredentialProviderConfigList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CRIOCredentialProviderConfigList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CRIOCredentialProviderConfigSpec) DeepCopyInto(out *CRIOCredentialProviderConfigSpec) { + *out = *in + if in.MatchImages != nil { + in, out := &in.MatchImages, &out.MatchImages + *out = make([]MatchImage, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CRIOCredentialProviderConfigSpec. +func (in *CRIOCredentialProviderConfigSpec) DeepCopy() *CRIOCredentialProviderConfigSpec { + if in == nil { + return nil + } + out := new(CRIOCredentialProviderConfigSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CRIOCredentialProviderConfigStatus) DeepCopyInto(out *CRIOCredentialProviderConfigStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CRIOCredentialProviderConfigStatus. +func (in *CRIOCredentialProviderConfigStatus) DeepCopy() *CRIOCredentialProviderConfigStatus { + if in == nil { + return nil + } + out := new(CRIOCredentialProviderConfigStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CertInfo) DeepCopyInto(out *CertInfo) { *out = *in diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml index 13635bff49..5426057a88 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml @@ -70,6 +70,29 @@ builds.config.openshift.io: TopLevelFeatureGates: [] Version: v1 +criocredentialproviderconfigs.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/2725 + CRDName: criocredentialproviderconfigs.config.openshift.io + Capability: "" + Category: "" + FeatureGates: + - CRIOCredentialProviderConfig + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: CRIOCredentialProviderConfig + Labels: {} + PluralName: criocredentialproviderconfigs + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: + - CRIOCredentialProviderConfig + Version: v1 + clusterimagepolicies.config.openshift.io: Annotations: {} ApprovedPRNumber: https://github.com/openshift/api/pull/2310 @@ -145,6 +168,9 @@ clusterversions.config.openshift.io: Capability: "" Category: "" FeatureGates: + - CRDCompatibilityRequirementOperator + - CRDCompatibilityRequirementOperator+ClusterAPIMachineManagement + - ClusterAPIMachineManagement - ClusterUpdateAcceptRisks - ClusterUpdatePreflight - ImageStreamImportMode @@ -374,6 +400,7 @@ infrastructures.config.openshift.io: - AzureDualStackInstall - DualReplica - DyanmicServiceEndpointIBMCloud + - MutableTopology - NutanixMultiSubnets - OnPremDNSRecords - VSphereHostVMGroupZonal diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/config/v1/zz_generated.model_name.go index 95c0e67d6f..043c03ef5e 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.model_name.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.model_name.go @@ -195,6 +195,26 @@ func (in BuildSpec) OpenAPIModelName() string { return "com.github.openshift.api.config.v1.BuildSpec" } +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CRIOCredentialProviderConfig) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.CRIOCredentialProviderConfig" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CRIOCredentialProviderConfigList) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.CRIOCredentialProviderConfigList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CRIOCredentialProviderConfigSpec) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.CRIOCredentialProviderConfigSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CRIOCredentialProviderConfigStatus) OpenAPIModelName() string { + return "com.github.openshift.api.config.v1.CRIOCredentialProviderConfigStatus" +} + // OpenAPIModelName returns the OpenAPI model name for this type. func (in CertInfo) OpenAPIModelName() string { return "com.github.openshift.api.config.v1.CertInfo" diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index 1e9c65bf86..b321d3d7e1 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -1079,6 +1079,44 @@ func (ConsoleStatus) SwaggerDoc() map[string]string { return map_ConsoleStatus } +var map_CRIOCredentialProviderConfig = map[string]string{ + "": "CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is \"cluster\". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec defines the desired configuration of the CRI-O Credential Provider. This field is required and must be provided when creating the resource.", + "status": "status represents the current state of the CRIOCredentialProviderConfig. When omitted or nil, it indicates that the status has not yet been set by the controller. The controller will populate this field with validation conditions and operational state.", +} + +func (CRIOCredentialProviderConfig) SwaggerDoc() map[string]string { + return map_CRIOCredentialProviderConfig +} + +var map_CRIOCredentialProviderConfigList = map[string]string{ + "": "CRIOCredentialProviderConfigList contains a list of CRIOCredentialProviderConfig resources\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (CRIOCredentialProviderConfigList) SwaggerDoc() map[string]string { + return map_CRIOCredentialProviderConfigList +} + +var map_CRIOCredentialProviderConfigSpec = map[string]string{ + "": "CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider.", + "matchImages": "matchImages is a list of string patterns used to determine whether the CRI-O credential provider should be invoked for a given image. This list is passed to the kubelet CredentialProviderConfig, and if any pattern matches the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling that image or its mirrors. Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider. Conflicts between the existing platform specific provider image match configuration and this list will be handled by the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those from the CRIOCredentialProviderConfig when both match the same image. To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml). You can check the resource's Status conditions to see if any entries were ignored due to exact matches with known built-in provider patterns.\n\nThis field is optional, the items of the list must contain between 1 and 50 entries. The list is treated as a set, so duplicate entries are not allowed.\n\nFor more details, see: https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/ https://github.com/cri-o/crio-credential-provider#architecture\n\nEach entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters. Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io', and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net'). A global wildcard '*' (matching any domain) is not allowed. Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path. For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not. Each wildcard matches only a single domain label, so '*.io' does **not** match '*.k8s.io'.\n\nA match exists between an image and a matchImage when all of the below are true: Both contain the same number of domain parts and each part matches. The URL path of an matchImages must be a prefix of the target image URL path. If the matchImages contains a port, then the port must match in the image as well.\n\nExample values of matchImages: - 123456789.dkr.ecr.us-east-1.amazonaws.com - *.azurecr.io - gcr.io - *.*.registry.io - registry.io:8080/path", +} + +func (CRIOCredentialProviderConfigSpec) SwaggerDoc() map[string]string { + return map_CRIOCredentialProviderConfigSpec +} + +var map_CRIOCredentialProviderConfigStatus = map[string]string{ + "": "CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig", + "conditions": "conditions represent the latest available observations of the configuration state. When omitted, it indicates that no conditions have been reported yet. The maximum number of conditions is 16. Conditions are stored as a map keyed by condition type, ensuring uniqueness.\n\nExpected condition types include: \"Validated\": indicates whether the matchImages configuration is valid", +} + +func (CRIOCredentialProviderConfigStatus) SwaggerDoc() map[string]string { + return map_CRIOCredentialProviderConfigStatus +} + var map_AWSDNSSpec = map[string]string{ "": "AWSDNSSpec contains DNS configuration specific to the Amazon Web Services cloud provider.", "privateZoneIAMRole": "privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed.\n\nThe ARN must follow the format: arn::iam:::role/, where: is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc), is a 12-digit numeric identifier for the AWS account, is the IAM role name.", @@ -1830,9 +1868,10 @@ func (InfrastructureList) SwaggerDoc() map[string]string { } var map_InfrastructureSpec = map[string]string{ - "": "InfrastructureSpec contains settings that apply to the cluster infrastructure.", - "cloudConfig": "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config.\n\ncloudConfig should only be consumed by the kube_cloud_config controller. The controller is responsible for using the user configuration in the spec for various platforms and combining that with the user provided ConfigMap in this field to create a stitched kube cloud config. The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace with the kube cloud config is stored in `cloud.conf` key. All the clients are expected to use the generated ConfigMap only.", - "platformSpec": "platformSpec holds desired information specific to the underlying infrastructure provider.", + "": "InfrastructureSpec contains settings that apply to the cluster infrastructure.", + "cloudConfig": "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config.\n\ncloudConfig should only be consumed by the kube_cloud_config controller. The controller is responsible for using the user configuration in the spec for various platforms and combining that with the user provided ConfigMap in this field to create a stitched kube cloud config. The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace with the kube cloud config is stored in `cloud.conf` key. All the clients are expected to use the generated ConfigMap only.", + "platformSpec": "platformSpec holds desired information specific to the underlying infrastructure provider.", + "controlPlaneTopology": "controlPlaneTopology expresses the desired topology configuration for control nodes.\n\nWhen status.controlPlaneTopology is 'SingleReplica' and spec.controlPlaneTopology is set to 'HighlyAvailable', a transition will be triggered to reconfigure the cluster from SingleReplica to HighlyAvailable.\n\nWhen left blank or status.controlPlaneTopology and spec.controlPlaneTopology are the same value, no changes are required and no transitions will be triggered.\n\nThis value may be set to match status.controlPlaneTopology regardless of the current value.", } func (InfrastructureSpec) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/features.md b/vendor/github.com/openshift/api/features.md index 0b16169cfe..2959484d4e 100644 --- a/vendor/github.com/openshift/api/features.md +++ b/vendor/github.com/openshift/api/features.md @@ -17,7 +17,6 @@ | ConfidentialCluster| | | Enabled | Enabled | | | | | | Example2| | | Enabled | Enabled | | | | | | ExternalOIDCExternalClaimsSourcing| | | Enabled | Enabled | | | | | -| ExternalSnapshotMetadata| | | Enabled | Enabled | | | | | | MachineAPIMigrationVSphere| | | Enabled | Enabled | | | | | | NetworkConnect| | | Enabled | Enabled | | | | | | NewOLMBoxCutterRuntime| | | | Enabled | | | | Enabled | @@ -60,6 +59,7 @@ | EtcdBackendQuota| | | Enabled | Enabled | | | Enabled | Enabled | | Example| | | Enabled | Enabled | | | Enabled | Enabled | | ExternalOIDCWithUpstreamParity| | | Enabled | Enabled | | | Enabled | Enabled | +| ExternalSnapshotMetadata| | | Enabled | Enabled | | | Enabled | Enabled | | GCPCustomAPIEndpoints| | | Enabled | Enabled | | | Enabled | Enabled | | GCPCustomAPIEndpointsInstall| | | Enabled | Enabled | | | Enabled | Enabled | | GCPDualStackInstall| | | Enabled | Enabled | | | Enabled | Enabled | @@ -83,6 +83,7 @@ | OVNObservability| | | Enabled | Enabled | | | Enabled | Enabled | | OnPremDNSRecords| | | Enabled | Enabled | | | Enabled | Enabled | | SELinuxMount| | | Enabled | Enabled | | | Enabled | Enabled | +| SELinuxMountGAReadiness| | | Enabled | Enabled | | | Enabled | Enabled | | SignatureStores| | | Enabled | Enabled | | | Enabled | Enabled | | TLSAdherence| | | Enabled | Enabled | | | Enabled | Enabled | | TLSGroupPreferences| | | Enabled | Enabled | | | Enabled | Enabled | diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/register.go b/vendor/github.com/openshift/api/machineconfiguration/v1/register.go index d52f6480e8..1a7252834b 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/register.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/register.go @@ -28,6 +28,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { &ContainerRuntimeConfigList{}, &ControllerConfig{}, &ControllerConfigList{}, + &InternalReleaseImage{}, + &InternalReleaseImageList{}, &KubeletConfig{}, &KubeletConfigList{}, &MachineConfig{}, diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/types_internalreleaseimage.go b/vendor/github.com/openshift/api/machineconfiguration/v1/types_internalreleaseimage.go new file mode 100644 index 0000000000..261d313337 --- /dev/null +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/types_internalreleaseimage.go @@ -0,0 +1,159 @@ +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=internalreleaseimages,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/2510 +// +openshift:file-pattern=cvoRunLevel=0000_80,operatorName=machine-config,operatorOrdering=01 +// +openshift:enable:FeatureGate=NoRegistryClusterInstall +// +kubebuilder:metadata:labels=openshift.io/operator-managed= +// +kubebuilder:validation:XValidation:rule="self.metadata.name == 'cluster'",message="internalreleaseimage is a singleton, .metadata.name must be 'cluster'" + +// InternalReleaseImage is used to keep track and manage a set +// of release bundles (OCP and OLM operators images) that are stored +// into the control planes nodes. +// This is a singleton resource with 'cluster' as the only valid name. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type InternalReleaseImage struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +required + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec describes the configuration of this internal release image. + // +required + Spec InternalReleaseImageSpec `json:"spec,omitzero"` + + // status describes the last observed state of this internal release image. + // +optional + Status InternalReleaseImageStatus `json:"status,omitzero"` +} + +// InternalReleaseImageSpec defines the desired state of a InternalReleaseImage. +type InternalReleaseImageSpec struct { + // releases is a list of release bundle identifiers that the user wants to + // add/remove to/from the control plane nodes. + // Entries must be unique, keyed on the name field. + // releases must contain at least one entry and must not exceed 16 entries. + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=16 + // +listType=map + // +listMapKey=name + // +required + Releases []InternalReleaseImageRef `json:"releases,omitempty"` +} + +// InternalReleaseImageRef is used to provide a simple reference for a release +// bundle. Currently it contains only the name field. +type InternalReleaseImageRef struct { + // name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. + // The expected name format is ocp-release-bundle--. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=64 + // +kubebuilder:validation:XValidation:rule=`self.matches('^ocp-release-bundle-[0-9]+\\.[0-9]+\\.[0-9]+-[A-Za-z0-9._-]+$')`,message="must be ocp-release-bundle-- and <= 64 chars" + Name string `json:"name,omitempty"` +} + +// InternalReleaseImageStatus describes the current state of a InternalReleaseImage. +type InternalReleaseImageStatus struct { + // conditions represent the observations of the InternalReleaseImage controller current state. + // Valid types are: Degraded. + // If Degraded is true, that means something has gone wrong in the controller. + // The conditions list must contain at most 5 entries. + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=5 + // +optional + Conditions []metav1.Condition `json:"conditions,omitempty"` + // releases is a list of the release bundles currently owned and managed by the + // cluster. + // A release bundle content could be safely pulled only when its Conditions field + // contains at least an Available entry set to "True" and Degraded to "False". + // Entries must be unique, keyed on the name field. + // releases must contain at least one entry and must not exceed 32 entries. + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=32 + // +required + Releases []InternalReleaseImageBundleStatus `json:"releases,omitempty"` +} + +// InternalReleaseImageStatusConditionType describes the possible states for InternalReleaseImageStatus. +// +enum +type InternalReleaseImageStatusConditionType string + +const ( + // InternalReleaseImageStatusConditionTypeDegraded describes a failure in the controller. + InternalReleaseImageStatusConditionTypeDegraded InternalReleaseImageStatusConditionType = "Degraded" +) + +// InternalReleaseImageBundleStatus describes the observed state of a single release bundle managed by the cluster. +type InternalReleaseImageBundleStatus struct { + // conditions represent the observations of an internal release image current state. Valid types are: + // Mounted, Installing, Available, Removing and Degraded. + // + // If Mounted is true, that means that a valid ISO has been discovered and mounted on one of the cluster nodes. + // If Installing is true, that means that a new release bundle is currently being copied on one (or more) cluster nodes, and not yet completed. + // If Available is true, it means that the release has been previously installed on all the cluster nodes, and it can be used. + // If Removing is true, it means that a release deletion is in progress on one (or more) cluster nodes, and not yet completed. + // If Degraded is true, that means something has gone wrong (possibly on one or more cluster nodes). + // + // In general, after installing a new release bundle, it is required to wait for the Conditions "Available" to become "True" (and all + // the other conditions to be equal to "False") before being able to pull its content. + // When present, conditions must contain at least 1 entry and must not exceed 5 entries. + // + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=5 + // +optional + Conditions []metav1.Condition `json:"conditions,omitempty"` + // name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. + // The expected name format is ocp-release-bundle--. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=64 + // +kubebuilder:validation:XValidation:rule=`self.matches('^ocp-release-bundle-[0-9]+\\.[0-9]+\\.[0-9]+-[A-Za-z0-9._-]+$')`,message="must be ocp-release-bundle-- and <= 64 chars" + // +required + Name string `json:"name,omitempty"` + // image is an OCP release image referenced by digest. + // The format of the image pull spec is: host[:port][/namespace]/name@sha256:, + // where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. + // The length of the whole spec must be between 1 to 447 characters. + // The field is optional, and it will be provided after a release has been successfully installed. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=447 + // +kubebuilder:validation:XValidation:rule=`(self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$'))`,message="the OCI Image reference must end with a valid '@sha256:' suffix, where '' is 64 characters long" + // +kubebuilder:validation:XValidation:rule=`(self.split('@')[0].matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$'))`,message="the OCI Image name should follow the host[:port][/namespace]/name format, resembling a valid URL without the scheme" + // +optional + Image string `json:"image,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// InternalReleaseImageList is a list of InternalReleaseImage resources +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type InternalReleaseImageList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []InternalReleaseImage `json:"items"` +} diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.deepcopy.go index 9b738f8622..4a69ea1e9d 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.deepcopy.go @@ -510,6 +510,157 @@ func (in *ImageSecretObjectReference) DeepCopy() *ImageSecretObjectReference { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InternalReleaseImage) DeepCopyInto(out *InternalReleaseImage) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InternalReleaseImage. +func (in *InternalReleaseImage) DeepCopy() *InternalReleaseImage { + if in == nil { + return nil + } + out := new(InternalReleaseImage) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *InternalReleaseImage) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InternalReleaseImageBundleStatus) DeepCopyInto(out *InternalReleaseImageBundleStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InternalReleaseImageBundleStatus. +func (in *InternalReleaseImageBundleStatus) DeepCopy() *InternalReleaseImageBundleStatus { + if in == nil { + return nil + } + out := new(InternalReleaseImageBundleStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InternalReleaseImageList) DeepCopyInto(out *InternalReleaseImageList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]InternalReleaseImage, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InternalReleaseImageList. +func (in *InternalReleaseImageList) DeepCopy() *InternalReleaseImageList { + if in == nil { + return nil + } + out := new(InternalReleaseImageList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *InternalReleaseImageList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InternalReleaseImageRef) DeepCopyInto(out *InternalReleaseImageRef) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InternalReleaseImageRef. +func (in *InternalReleaseImageRef) DeepCopy() *InternalReleaseImageRef { + if in == nil { + return nil + } + out := new(InternalReleaseImageRef) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InternalReleaseImageSpec) DeepCopyInto(out *InternalReleaseImageSpec) { + *out = *in + if in.Releases != nil { + in, out := &in.Releases, &out.Releases + *out = make([]InternalReleaseImageRef, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InternalReleaseImageSpec. +func (in *InternalReleaseImageSpec) DeepCopy() *InternalReleaseImageSpec { + if in == nil { + return nil + } + out := new(InternalReleaseImageSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InternalReleaseImageStatus) DeepCopyInto(out *InternalReleaseImageStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Releases != nil { + in, out := &in.Releases, &out.Releases + *out = make([]InternalReleaseImageBundleStatus, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InternalReleaseImageStatus. +func (in *InternalReleaseImageStatus) DeepCopy() *InternalReleaseImageStatus { + if in == nil { + return nil + } + out := new(InternalReleaseImageStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IrreconcilableChangeDiff) DeepCopyInto(out *IrreconcilableChangeDiff) { *out = *in diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml index 68186d1d31..4baab07508 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml @@ -36,6 +36,7 @@ controllerconfigs.machineconfiguration.openshift.io: - AzureDualStackInstall - DualReplica - DyanmicServiceEndpointIBMCloud + - MutableTopology - NutanixMultiSubnets - OnPremDNSRecords - VSphereHostVMGroupZonal @@ -56,6 +57,30 @@ controllerconfigs.machineconfiguration.openshift.io: TopLevelFeatureGates: [] Version: v1 +internalreleaseimages.machineconfiguration.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/2510 + CRDName: internalreleaseimages.machineconfiguration.openshift.io + Capability: "" + Category: "" + FeatureGates: + - NoRegistryClusterInstall + FilenameOperatorName: machine-config + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_80" + GroupName: machineconfiguration.openshift.io + HasStatus: true + KindName: InternalReleaseImage + Labels: + openshift.io/operator-managed: "" + PluralName: internalreleaseimages + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: + - NoRegistryClusterInstall + Version: v1 + kubeletconfigs.machineconfiguration.openshift.io: Annotations: {} ApprovedPRNumber: https://github.com/openshift/api/pull/1453 diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.model_name.go index 1315ccb99e..8ee36a9e96 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.model_name.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.model_name.go @@ -95,6 +95,36 @@ func (in ImageSecretObjectReference) OpenAPIModelName() string { return "com.github.openshift.api.machineconfiguration.v1.ImageSecretObjectReference" } +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InternalReleaseImage) OpenAPIModelName() string { + return "com.github.openshift.api.machineconfiguration.v1.InternalReleaseImage" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InternalReleaseImageBundleStatus) OpenAPIModelName() string { + return "com.github.openshift.api.machineconfiguration.v1.InternalReleaseImageBundleStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InternalReleaseImageList) OpenAPIModelName() string { + return "com.github.openshift.api.machineconfiguration.v1.InternalReleaseImageList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InternalReleaseImageRef) OpenAPIModelName() string { + return "com.github.openshift.api.machineconfiguration.v1.InternalReleaseImageRef" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InternalReleaseImageSpec) OpenAPIModelName() string { + return "com.github.openshift.api.machineconfiguration.v1.InternalReleaseImageSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in InternalReleaseImageStatus) OpenAPIModelName() string { + return "com.github.openshift.api.machineconfiguration.v1.InternalReleaseImageStatus" +} + // OpenAPIModelName returns the OpenAPI model name for this type. func (in IrreconcilableChangeDiff) OpenAPIModelName() string { return "com.github.openshift.api.machineconfiguration.v1.IrreconcilableChangeDiff" diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.go index 7369c02db0..aac65c9acb 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.go @@ -410,6 +410,65 @@ func (PoolSynchronizerStatus) SwaggerDoc() map[string]string { return map_PoolSynchronizerStatus } +var map_InternalReleaseImage = map[string]string{ + "": "InternalReleaseImage is used to keep track and manage a set of release bundles (OCP and OLM operators images) that are stored into the control planes nodes. This is a singleton resource with 'cluster' as the only valid name.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec describes the configuration of this internal release image.", + "status": "status describes the last observed state of this internal release image.", +} + +func (InternalReleaseImage) SwaggerDoc() map[string]string { + return map_InternalReleaseImage +} + +var map_InternalReleaseImageBundleStatus = map[string]string{ + "": "InternalReleaseImageBundleStatus describes the observed state of a single release bundle managed by the cluster.", + "conditions": "conditions represent the observations of an internal release image current state. Valid types are: Mounted, Installing, Available, Removing and Degraded.\n\nIf Mounted is true, that means that a valid ISO has been discovered and mounted on one of the cluster nodes. If Installing is true, that means that a new release bundle is currently being copied on one (or more) cluster nodes, and not yet completed. If Available is true, it means that the release has been previously installed on all the cluster nodes, and it can be used. If Removing is true, it means that a release deletion is in progress on one (or more) cluster nodes, and not yet completed. If Degraded is true, that means something has gone wrong (possibly on one or more cluster nodes).\n\nIn general, after installing a new release bundle, it is required to wait for the Conditions \"Available\" to become \"True\" (and all the other conditions to be equal to \"False\") before being able to pull its content. When present, conditions must contain at least 1 entry and must not exceed 5 entries.", + "name": "name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. The expected name format is ocp-release-bundle--.", + "image": "image is an OCP release image referenced by digest. The format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters. The field is optional, and it will be provided after a release has been successfully installed.", +} + +func (InternalReleaseImageBundleStatus) SwaggerDoc() map[string]string { + return map_InternalReleaseImageBundleStatus +} + +var map_InternalReleaseImageList = map[string]string{ + "": "InternalReleaseImageList is a list of InternalReleaseImage resources\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (InternalReleaseImageList) SwaggerDoc() map[string]string { + return map_InternalReleaseImageList +} + +var map_InternalReleaseImageRef = map[string]string{ + "": "InternalReleaseImageRef is used to provide a simple reference for a release bundle. Currently it contains only the name field.", + "name": "name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. The expected name format is ocp-release-bundle--.", +} + +func (InternalReleaseImageRef) SwaggerDoc() map[string]string { + return map_InternalReleaseImageRef +} + +var map_InternalReleaseImageSpec = map[string]string{ + "": "InternalReleaseImageSpec defines the desired state of a InternalReleaseImage.", + "releases": "releases is a list of release bundle identifiers that the user wants to add/remove to/from the control plane nodes. Entries must be unique, keyed on the name field. releases must contain at least one entry and must not exceed 16 entries.", +} + +func (InternalReleaseImageSpec) SwaggerDoc() map[string]string { + return map_InternalReleaseImageSpec +} + +var map_InternalReleaseImageStatus = map[string]string{ + "": "InternalReleaseImageStatus describes the current state of a InternalReleaseImage.", + "conditions": "conditions represent the observations of the InternalReleaseImage controller current state. Valid types are: Degraded. If Degraded is true, that means something has gone wrong in the controller. The conditions list must contain at most 5 entries.", + "releases": "releases is a list of the release bundles currently owned and managed by the cluster. A release bundle content could be safely pulled only when its Conditions field contains at least an Available entry set to \"True\" and Degraded to \"False\". Entries must be unique, keyed on the name field. releases must contain at least one entry and must not exceed 32 entries.", +} + +func (InternalReleaseImageStatus) SwaggerDoc() map[string]string { + return map_InternalReleaseImageStatus +} + var map_IrreconcilableChangeDiff = map[string]string{ "": "IrreconcilableChangeDiff holds an individual diff between the initial install-time MachineConfig and the latest applied one caused by the presence of irreconcilable changes.", "fieldPath": "fieldPath is a required reference to the path in the latest rendered MachineConfig that differs from this nodes configuration. Must not be empty and must not exceed 70 characters in length. Must begin with the prefix 'spec.' and only contain alphanumeric characters, square brackets ('[]'), or dots ('.').", diff --git a/vendor/github.com/openshift/api/openapi/openapi.json b/vendor/github.com/openshift/api/openapi/openapi.json index cb93e4c721..b3a2453c2d 100644 --- a/vendor/github.com/openshift/api/openapi/openapi.json +++ b/vendor/github.com/openshift/api/openapi/openapi.json @@ -8417,6 +8417,10 @@ "default": {}, "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapFileReference" }, + "controlPlaneTopology": { + "description": "controlPlaneTopology expresses the desired topology configuration for control nodes. The 'HighlyAvailable' mode represents a \"normal\", 3 control node cluster. The 'SingleReplica' mode represents configuration where there is a single control node. If left blank, no change is required and no transitions will be triggered.", + "type": "string" + }, "platformSpec": { "description": "platformSpec holds desired information specific to the underlying infrastructure provider.", "default": {}, diff --git a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go index 52f5db78d5..51ecab70c8 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go @@ -21,6 +21,9 @@ import ( // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/701 // +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=csi-driver,operatorOrdering=01 +// +kubebuilder:validation:XValidation:rule="self.spec.?driverConfig.driverType.orValue('') == 'SecretsStore' ? self.metadata.name == 'secrets-store.csi.k8s.io' : true",message="driverType 'SecretsStore' requires metadata.name 'secrets-store.csi.k8s.io'" +// +kubebuilder:validation:XValidation:rule="self.metadata.name == 'secrets-store.csi.k8s.io' ? (!has(self.spec.driverConfig) || self.spec.driverConfig.driverType == 'SecretsStore') : true",message="metadata.name 'secrets-store.csi.k8s.io' requires driverType 'SecretsStore'" +// +kubebuilder:validation:XValidation:rule="oldSelf.spec.?driverConfig.?secretsStore.?tokenRequests.?type.orValue('') != 'Managed' || self.spec.?driverConfig.?secretsStore.?tokenRequests.?type.orValue('') == 'Managed'",message="tokenRequests type cannot be changed from Managed" // ClusterCSIDriver object allows management and configuration of a CSI driver operator // installed by default in OpenShift. Name of the object must be name of the CSI driver @@ -113,25 +116,27 @@ type ClusterCSIDriverSpec struct { } // CSIDriverType indicates type of CSI driver being configured. -// +kubebuilder:validation:Enum="";AWS;Azure;GCP;IBMCloud;vSphere +// +kubebuilder:validation:Enum="";AWS;Azure;GCP;IBMCloud;vSphere;SecretsStore type CSIDriverType string const ( - AWSDriverType CSIDriverType = "AWS" - AzureDriverType CSIDriverType = "Azure" - GCPDriverType CSIDriverType = "GCP" - IBMCloudDriverType CSIDriverType = "IBMCloud" - VSphereDriverType CSIDriverType = "vSphere" + AWSDriverType CSIDriverType = "AWS" + AzureDriverType CSIDriverType = "Azure" + GCPDriverType CSIDriverType = "GCP" + IBMCloudDriverType CSIDriverType = "IBMCloud" + VSphereDriverType CSIDriverType = "vSphere" + SecretsStoreDriverType CSIDriverType = "SecretsStore" ) // CSIDriverConfigSpec defines configuration spec that can be // used to optionally configure a specific CSI Driver. // +kubebuilder:validation:XValidation:rule="has(self.driverType) && self.driverType == 'IBMCloud' ? has(self.ibmcloud) : !has(self.ibmcloud)",message="ibmcloud must be set if driverType is 'IBMCloud', but remain unset otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.driverType) && self.driverType == 'SecretsStore' ? has(self.secretsStore) : !has(self.secretsStore)",message="secretsStore must be set if driverType is 'SecretsStore', but remain unset otherwise" // +union type CSIDriverConfigSpec struct { // driverType indicates type of CSI driver for which the // driverConfig is being applied to. - // Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. + // Valid values are: AWS, Azure, GCP, IBMCloud, vSphere, SecretsStore and omitted. // Consumers should treat unknown values as a NO-OP. // +required // +unionDiscriminator @@ -156,6 +161,10 @@ type CSIDriverConfigSpec struct { // vSphere is used to configure the vsphere CSI driver. // +optional VSphere *VSphereCSIDriverConfigSpec `json:"vSphere,omitempty"` + + // secretsStore is used to configure the Secrets Store CSI driver. + // +optional + SecretsStore SecretsStoreCSIDriverConfigSpec `json:"secretsStore,omitzero"` } // AWSCSIDriverConfigSpec defines properties that can be configured for the AWS CSI driver. @@ -389,6 +398,146 @@ type VSphereCSIDriverConfigSpec struct { MaxAllowedBlockVolumesPerNode int32 `json:"maxAllowedBlockVolumesPerNode,omitempty"` } +// SecretsStoreCSIDriverConfigSpec defines properties that can be configured for the Secrets Store CSI driver. +// +kubebuilder:validation:MinProperties=1 +type SecretsStoreCSIDriverConfigSpec struct { + // secretRotation controls automatic secret rotation behavior. + // When omitted, secret rotation is enabled with a default poll interval of 2 minutes. + // +optional + SecretRotation SecretsStoreSecretRotation `json:"secretRotation,omitzero"` + + // tokenRequests controls service account token configuration for + // workload identity federation (WIF) with cloud providers. + // When omitted, the operator preserves any existing tokenRequests + // already configured on the CSIDriver object without modification. + // +optional + TokenRequests SecretsStoreTokenRequests `json:"tokenRequests,omitzero"` +} + +// TokenRequestsType determines how the operator manages the tokenRequests +// field on the storage.k8s.io CSIDriver object. +// +kubebuilder:validation:Enum=Managed;Unmanaged +type TokenRequestsType string + +const ( + // TokenRequestsManaged means the operator uses the audiences list + // as the sole source of truth for the CSIDriver.spec.tokenRequests field. + TokenRequestsManaged TokenRequestsType = "Managed" + + // TokenRequestsUnmanaged means the operator preserves any existing + // tokenRequests already configured on the CSIDriver object and does not + // overwrite them. + TokenRequestsUnmanaged TokenRequestsType = "Unmanaged" +) + +// SecretsStoreTokenRequests configures how service account tokens are +// provided to the Secrets Store CSI driver for workload identity federation. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Managed' ? has(self.managed) : !has(self.managed)",message="managed must be set when type is 'Managed', and must not be set otherwise" +// +union +type SecretsStoreTokenRequests struct { + // type determines how the operator manages tokenRequests on the CSIDriver object. + // When "Unmanaged", existing tokenRequests on the CSIDriver are preserved + // and the managed field is not used. + // When "Managed", the operator sets tokenRequests from the audiences + // specified in the managed field, replacing any previously configured values. + // Once set to "Managed", type cannot be reverted back to "Unmanaged". + // +unionDiscriminator + // +required + Type TokenRequestsType `json:"type,omitempty"` + + // managed holds configuration for operator-managed tokenRequests. + // Only valid when type is "Managed". + // +optional + Managed ManagedTokenRequests `json:"managed,omitzero"` +} + +// ManagedTokenRequests holds the configuration for operator-managed +// service account token requests. +// +kubebuilder:validation:MinProperties=1 +type ManagedTokenRequests struct { + // audiences specifies service account token audiences that kubelet will + // provide to the CSI driver during NodePublishVolume calls. These tokens + // enable workload identity federation (WIF) with cloud providers such as + // AWS, Azure, and GCP. + // When empty, the operator clears all tokenRequests from the CSIDriver object. + // +optional + // +listType=map + // +listMapKey=audience + // +kubebuilder:validation:MinItems=0 + // +kubebuilder:validation:MaxItems=10 + Audiences *[]SecretsStoreTokenRequest `json:"audiences,omitempty"` +} + +// SecretRotationType determines the secret rotation behavior for the +// Secrets Store CSI driver. +// +kubebuilder:validation:Enum=None;Custom +type SecretRotationType string + +const ( + // SecretRotationNone disables automatic secret rotation. Secrets are only + // fetched at initial pod mount time. + SecretRotationNone SecretRotationType = "None" + + // SecretRotationCustom enables automatic secret rotation with the + // configuration specified in the custom field. + SecretRotationCustom SecretRotationType = "Custom" +) + +// SecretsStoreSecretRotation configures the automatic secret rotation behavior +// for the Secrets Store CSI driver. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Custom' ? has(self.custom) : !has(self.custom)",message="custom must be set when type is 'Custom', and must not be set otherwise" +// +union +type SecretsStoreSecretRotation struct { + // type determines the secret rotation behavior. + // When "None", secret rotation is disabled and secrets are only fetched at + // initial pod mount time. + // When "Custom", secret rotation is enabled with the configuration specified + // in the custom field. + // +unionDiscriminator + // +required + Type SecretRotationType `json:"type,omitempty"` + + // custom holds the custom rotation configuration. + // Only valid when type is "Custom". + // +optional + Custom CustomSecretRotation `json:"custom,omitzero"` +} + +// CustomSecretRotation holds configuration for custom secret rotation behavior. +// +kubebuilder:validation:MinProperties=1 +type CustomSecretRotation struct { + // rotationPollIntervalSeconds is the minimum time in seconds between secret + // rotation attempts. The driver skips provider calls if less than this interval + // has elapsed since the last successful rotation. + // Must be at least 1 second and no more than 31560000 seconds (~1 year). + // When omitted, this means no opinion and the platform is left to choose a + // reasonable default, which is subject to change over time. + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=31560000 + // +optional + RotationPollIntervalSeconds int32 `json:"rotationPollIntervalSeconds,omitempty"` +} + +// SecretsStoreTokenRequest specifies a service account token audience configuration +// for workload identity federation (WIF) with the Secrets Store CSI driver. +type SecretsStoreTokenRequest struct { + // audience is the intended audience of the service account token. + // An empty string means the issued token will use the kube-apiserver's default APIAudiences. + // +kubebuilder:validation:MinLength=0 + // +kubebuilder:validation:MaxLength=253 + // +required + Audience *string `json:"audience,omitempty"` + + // expirationSeconds is the requested duration of validity of the service account token. + // The token issuer may return a token with a different validity duration. + // When omitted, the token expiration is determined by the kube-apiserver. + // Must be at least 600 seconds (10 minutes) and no more than 315360000 seconds (~10 years). + // +kubebuilder:validation:Minimum=600 + // +kubebuilder:validation:Maximum=315360000 + // +optional + ExpirationSeconds int32 `json:"expirationSeconds,omitempty"` +} + // ClusterCSIDriverStatus is the observed status of CSI driver operator type ClusterCSIDriverStatus struct { OperatorStatus `json:",inline"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_ingresscontroller.go b/vendor/github.com/openshift/api/operator/v1/types_ingresscontroller.go index 376bfacde4..52bfdede3e 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_ingresscontroller.go +++ b/vendor/github.com/openshift/api/operator/v1/types_ingresscontroller.go @@ -898,8 +898,53 @@ type AWSNetworkLoadBalancerParameters struct { // +kubebuilder:validation:XValidation:rule=`self.all(x, self.exists_one(y, x == y))`,message="eipAllocations cannot contain duplicates" // +kubebuilder:validation:MaxItems=10 EIPAllocations []EIPAllocation `json:"eipAllocations"` + + // protocol specifies whether the Network Load Balancer uses PROXY + // protocol to forward connections to the IngressController. + // + // When set to "TCP", the NLB uses AWS's native client IP preservation. + // This may cause hairpin connection failures for internal load + // balancers when connections are made from pods to router pods on + // the same node. + // + // When set to "PROXY", the NLB disables native client IP preservation + // and uses PROXY protocol v2. The IngressController enables PROXY + // protocol on HAProxy so that it can parse PROXY protocol headers to + // obtain the original client IP. This avoids hairpin connection + // failures. + // + // The following values are valid for this field: + // + // * "TCP". + // * "PROXY". + // + // When omitted, this means the user has no opinion and the value is + // left to the platform to choose a reasonable default, which is subject to + // change over time. The current default is "PROXY". + // + // Note that changing this field may cause brief connection failures + // during the transition as the NLB attribute change and router rollout + // occur independently. + // + // +optional + Protocol NLBProtocol `json:"protocol,omitempty"` } +// NLBProtocol specifies whether the AWS Network Load Balancer uses +// PROXY protocol to forward connections to the IngressController. +// +kubebuilder:validation:Enum=TCP;PROXY +// +enum +type NLBProtocol string + +const ( + // NLBProtocolTCP instructs the NLB to forward connections using TCP + // without PROXY protocol. + NLBProtocolTCP NLBProtocol = "TCP" + // NLBProtocolProxy instructs the NLB to forward connections using + // PROXY protocol v2. + NLBProtocolProxy NLBProtocol = "PROXY" +) + // EIPAllocation is an ID for an Elastic IP (EIP) address that can be allocated to an ELB in the AWS environment. // Values must begin with `eipalloc-` followed by exactly 17 hexadecimal (`[0-9a-fA-F]`) characters. // + Explanation of the regex `^eipalloc-[0-9a-fA-F]{17}$` for validating value of the EIPAllocation: diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go index b39071949a..0a6726b199 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go @@ -469,6 +469,7 @@ func (in *CSIDriverConfigSpec) DeepCopyInto(out *CSIDriverConfigSpec) { *out = new(VSphereCSIDriverConfigSpec) (*in).DeepCopyInto(*out) } + in.SecretsStore.DeepCopyInto(&out.SecretsStore) return } @@ -1180,6 +1181,22 @@ func (in *ContainerLoggingDestinationParameters) DeepCopy() *ContainerLoggingDes return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomSecretRotation) DeepCopyInto(out *CustomSecretRotation) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomSecretRotation. +func (in *CustomSecretRotation) DeepCopy() *CustomSecretRotation { + if in == nil { + return nil + } + out := new(CustomSecretRotation) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DNS) DeepCopyInto(out *DNS) { *out = *in @@ -3473,6 +3490,33 @@ func (in *ManagedBootImages) DeepCopy() *ManagedBootImages { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagedTokenRequests) DeepCopyInto(out *ManagedTokenRequests) { + *out = *in + if in.Audiences != nil { + in, out := &in.Audiences, &out.Audiences + *out = new([]SecretsStoreTokenRequest) + if **in != nil { + in, out := *in, *out + *out = make([]SecretsStoreTokenRequest, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedTokenRequests. +func (in *ManagedTokenRequests) DeepCopy() *ManagedTokenRequests { + if in == nil { + return nil + } + out := new(ManagedTokenRequests) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MyOperatorResource) DeepCopyInto(out *MyOperatorResource) { *out = *in @@ -4912,6 +4956,79 @@ func (in *SFlowConfig) DeepCopy() *SFlowConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretsStoreCSIDriverConfigSpec) DeepCopyInto(out *SecretsStoreCSIDriverConfigSpec) { + *out = *in + out.SecretRotation = in.SecretRotation + in.TokenRequests.DeepCopyInto(&out.TokenRequests) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretsStoreCSIDriverConfigSpec. +func (in *SecretsStoreCSIDriverConfigSpec) DeepCopy() *SecretsStoreCSIDriverConfigSpec { + if in == nil { + return nil + } + out := new(SecretsStoreCSIDriverConfigSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretsStoreSecretRotation) DeepCopyInto(out *SecretsStoreSecretRotation) { + *out = *in + out.Custom = in.Custom + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretsStoreSecretRotation. +func (in *SecretsStoreSecretRotation) DeepCopy() *SecretsStoreSecretRotation { + if in == nil { + return nil + } + out := new(SecretsStoreSecretRotation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretsStoreTokenRequest) DeepCopyInto(out *SecretsStoreTokenRequest) { + *out = *in + if in.Audience != nil { + in, out := &in.Audience, &out.Audience + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretsStoreTokenRequest. +func (in *SecretsStoreTokenRequest) DeepCopy() *SecretsStoreTokenRequest { + if in == nil { + return nil + } + out := new(SecretsStoreTokenRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretsStoreTokenRequests) DeepCopyInto(out *SecretsStoreTokenRequests) { + *out = *in + in.Managed.DeepCopyInto(&out.Managed) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretsStoreTokenRequests. +func (in *SecretsStoreTokenRequests) DeepCopy() *SecretsStoreTokenRequests { + if in == nil { + return nil + } + out := new(SecretsStoreTokenRequests) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Server) DeepCopyInto(out *Server) { *out = *in diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.model_name.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.model_name.go index 8c48ad4bc3..c6a047d2ce 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.model_name.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.model_name.go @@ -265,6 +265,11 @@ func (in ContainerLoggingDestinationParameters) OpenAPIModelName() string { return "com.github.openshift.api.operator.v1.ContainerLoggingDestinationParameters" } +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CustomSecretRotation) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.CustomSecretRotation" +} + // OpenAPIModelName returns the OpenAPI model name for this type. func (in DNS) OpenAPIModelName() string { return "com.github.openshift.api.operator.v1.DNS" @@ -750,6 +755,11 @@ func (in ManagedBootImages) OpenAPIModelName() string { return "com.github.openshift.api.operator.v1.ManagedBootImages" } +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ManagedTokenRequests) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.ManagedTokenRequests" +} + // OpenAPIModelName returns the OpenAPI model name for this type. func (in MyOperatorResource) OpenAPIModelName() string { return "com.github.openshift.api.operator.v1.MyOperatorResource" @@ -1040,6 +1050,26 @@ func (in SFlowConfig) OpenAPIModelName() string { return "com.github.openshift.api.operator.v1.SFlowConfig" } +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SecretsStoreCSIDriverConfigSpec) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.SecretsStoreCSIDriverConfigSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SecretsStoreSecretRotation) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.SecretsStoreSecretRotation" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SecretsStoreTokenRequest) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.SecretsStoreTokenRequest" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in SecretsStoreTokenRequests) OpenAPIModelName() string { + return "com.github.openshift.api.operator.v1.SecretsStoreTokenRequests" +} + // OpenAPIModelName returns the OpenAPI model name for this type. func (in Server) OpenAPIModelName() string { return "com.github.openshift.api.operator.v1.Server" diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index 038638551e..a79189ffc2 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -516,13 +516,14 @@ func (AzureDiskEncryptionSet) SwaggerDoc() map[string]string { } var map_CSIDriverConfigSpec = map[string]string{ - "": "CSIDriverConfigSpec defines configuration spec that can be used to optionally configure a specific CSI Driver.", - "driverType": "driverType indicates type of CSI driver for which the driverConfig is being applied to. Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. Consumers should treat unknown values as a NO-OP.", - "aws": "aws is used to configure the AWS CSI driver.", - "azure": "azure is used to configure the Azure CSI driver.", - "gcp": "gcp is used to configure the GCP CSI driver.", - "ibmcloud": "ibmcloud is used to configure the IBM Cloud CSI driver.", - "vSphere": "vSphere is used to configure the vsphere CSI driver.", + "": "CSIDriverConfigSpec defines configuration spec that can be used to optionally configure a specific CSI Driver.", + "driverType": "driverType indicates type of CSI driver for which the driverConfig is being applied to. Valid values are: AWS, Azure, GCP, IBMCloud, vSphere, SecretsStore and omitted. Consumers should treat unknown values as a NO-OP.", + "aws": "aws is used to configure the AWS CSI driver.", + "azure": "azure is used to configure the Azure CSI driver.", + "gcp": "gcp is used to configure the GCP CSI driver.", + "ibmcloud": "ibmcloud is used to configure the IBM Cloud CSI driver.", + "vSphere": "vSphere is used to configure the vsphere CSI driver.", + "secretsStore": "secretsStore is used to configure the Secrets Store CSI driver.", } func (CSIDriverConfigSpec) SwaggerDoc() map[string]string { @@ -567,6 +568,15 @@ func (ClusterCSIDriverStatus) SwaggerDoc() map[string]string { return map_ClusterCSIDriverStatus } +var map_CustomSecretRotation = map[string]string{ + "": "CustomSecretRotation holds configuration for custom secret rotation behavior.", + "rotationPollIntervalSeconds": "rotationPollIntervalSeconds is the minimum time in seconds between secret rotation attempts. The driver skips provider calls if less than this interval has elapsed since the last successful rotation. Must be at least 1 second and no more than 31560000 seconds (~1 year). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", +} + +func (CustomSecretRotation) SwaggerDoc() map[string]string { + return map_CustomSecretRotation +} + var map_GCPCSIDriverConfigSpec = map[string]string{ "": "GCPCSIDriverConfigSpec defines properties that can be configured for the GCP CSI driver.", "kmsKey": "kmsKey sets the cluster default storage class to encrypt volumes with customer-supplied encryption keys, rather than the default keys managed by GCP.", @@ -597,6 +607,55 @@ func (IBMCloudCSIDriverConfigSpec) SwaggerDoc() map[string]string { return map_IBMCloudCSIDriverConfigSpec } +var map_ManagedTokenRequests = map[string]string{ + "": "ManagedTokenRequests holds the configuration for operator-managed service account token requests.", + "audiences": "audiences specifies service account token audiences that kubelet will provide to the CSI driver during NodePublishVolume calls. These tokens enable workload identity federation (WIF) with cloud providers such as AWS, Azure, and GCP. When empty, the operator clears all tokenRequests from the CSIDriver object.", +} + +func (ManagedTokenRequests) SwaggerDoc() map[string]string { + return map_ManagedTokenRequests +} + +var map_SecretsStoreCSIDriverConfigSpec = map[string]string{ + "": "SecretsStoreCSIDriverConfigSpec defines properties that can be configured for the Secrets Store CSI driver.", + "secretRotation": "secretRotation controls automatic secret rotation behavior. When omitted, secret rotation is enabled with a default poll interval of 2 minutes.", + "tokenRequests": "tokenRequests controls service account token configuration for workload identity federation (WIF) with cloud providers. When omitted, the operator preserves any existing tokenRequests already configured on the CSIDriver object without modification.", +} + +func (SecretsStoreCSIDriverConfigSpec) SwaggerDoc() map[string]string { + return map_SecretsStoreCSIDriverConfigSpec +} + +var map_SecretsStoreSecretRotation = map[string]string{ + "": "SecretsStoreSecretRotation configures the automatic secret rotation behavior for the Secrets Store CSI driver.", + "type": "type determines the secret rotation behavior. When \"None\", secret rotation is disabled and secrets are only fetched at initial pod mount time. When \"Custom\", secret rotation is enabled with the configuration specified in the custom field.", + "custom": "custom holds the custom rotation configuration. Only valid when type is \"Custom\".", +} + +func (SecretsStoreSecretRotation) SwaggerDoc() map[string]string { + return map_SecretsStoreSecretRotation +} + +var map_SecretsStoreTokenRequest = map[string]string{ + "": "SecretsStoreTokenRequest specifies a service account token audience configuration for workload identity federation (WIF) with the Secrets Store CSI driver.", + "audience": "audience is the intended audience of the service account token. An empty string means the issued token will use the kube-apiserver's default APIAudiences.", + "expirationSeconds": "expirationSeconds is the requested duration of validity of the service account token. The token issuer may return a token with a different validity duration. When omitted, the token expiration is determined by the kube-apiserver. Must be at least 600 seconds (10 minutes) and no more than 315360000 seconds (~10 years).", +} + +func (SecretsStoreTokenRequest) SwaggerDoc() map[string]string { + return map_SecretsStoreTokenRequest +} + +var map_SecretsStoreTokenRequests = map[string]string{ + "": "SecretsStoreTokenRequests configures how service account tokens are provided to the Secrets Store CSI driver for workload identity federation.", + "type": "type determines how the operator manages tokenRequests on the CSIDriver object. When \"Unmanaged\", existing tokenRequests on the CSIDriver are preserved and the managed field is not used. When \"Managed\", the operator sets tokenRequests from the audiences specified in the managed field, replacing any previously configured values. Once set to \"Managed\", type cannot be reverted back to \"Unmanaged\".", + "managed": "managed holds configuration for operator-managed tokenRequests. Only valid when type is \"Managed\".", +} + +func (SecretsStoreTokenRequests) SwaggerDoc() map[string]string { + return map_SecretsStoreTokenRequests +} + var map_VSphereCSIDriverConfigSpec = map[string]string{ "": "VSphereCSIDriverConfigSpec defines properties that can be configured for vsphere CSI driver.", "topologyCategories": "topologyCategories indicates tag categories with which vcenter resources such as hostcluster or datacenter were tagged with. If cluster Infrastructure object has a topology, values specified in Infrastructure object will be used and modifications to topologyCategories will be rejected.", @@ -831,6 +890,7 @@ var map_AWSNetworkLoadBalancerParameters = map[string]string{ "": "AWSNetworkLoadBalancerParameters holds configuration parameters for an AWS Network load balancer. For Example: Setting AWS EIPs https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html", "subnets": "subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10.\n\nIn order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values.\n\nWhen omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.", "eipAllocations": "eipAllocations is a list of IDs for Elastic IP (EIP) addresses that are assigned to the Network Load Balancer. The following restrictions apply:\n\neipAllocations can only be used with external scope, not internal. An EIP can be allocated to only a single IngressController. The number of EIP allocations must match the number of subnets that are used for the load balancer. Each EIP allocation must be unique. A maximum of 10 EIP allocations are permitted.\n\nSee https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general information about configuration, characteristics, and limitations of Elastic IP addresses.", + "protocol": "protocol specifies whether the Network Load Balancer uses PROXY protocol to forward connections to the IngressController.\n\nWhen set to \"TCP\", the NLB uses AWS's native client IP preservation. This may cause hairpin connection failures for internal load balancers when connections are made from pods to router pods on the same node.\n\nWhen set to \"PROXY\", the NLB disables native client IP preservation and uses PROXY protocol v2. The IngressController enables PROXY protocol on HAProxy so that it can parse PROXY protocol headers to obtain the original client IP. This avoids hairpin connection failures.\n\nThe following values are valid for this field:\n\n* \"TCP\". * \"PROXY\".\n\nWhen omitted, this means the user has no opinion and the value is left to the platform to choose a reasonable default, which is subject to change over time. The current default is \"PROXY\".\n\nNote that changing this field may cause brief connection failures during the transition as the NLB attribute change and router rollout occur independently.", } func (AWSNetworkLoadBalancerParameters) SwaggerDoc() map[string]string { diff --git a/vendor/modules.txt b/vendor/modules.txt index 6ab58fd09b..5d963dff1f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -86,7 +86,7 @@ github.com/modern-go/reflect2 # github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 ## explicit github.com/munnerz/goautoneg -# github.com/openshift/api v0.0.0-20260619095050-5346161d1bf2 +# github.com/openshift/api v0.0.0-20260619095050-5346161d1bf2 => github.com/pawanpinjarkar/api v0.0.0-20260626172148-831b00a7d164 ## explicit; go 1.25.0 github.com/openshift/api github.com/openshift/api/apiextensions @@ -564,3 +564,4 @@ sigs.k8s.io/structured-merge-diff/v6/value # sigs.k8s.io/yaml v1.6.0 ## explicit; go 1.22 sigs.k8s.io/yaml +# github.com/openshift/api => github.com/pawanpinjarkar/api v0.0.0-20260626172148-831b00a7d164