diff --git a/go.mod b/go.mod index 0fb34a0b5..9ab641c74 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/onsi/ginkgo/v2 v2.22.1 github.com/onsi/gomega v1.36.1 github.com/openshift-eng/openshift-tests-extension v0.0.0-20250804142706-7b3ab438a292 - github.com/openshift/api v0.0.0-20251015095338-264e80a2b6e7 + github.com/openshift/api v0.0.0-20251111013132-5c461e21bdb7 github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee github.com/openshift/client-go v0.0.0-20251015124057-db0dee36e235 github.com/openshift/library-go v0.0.0-20251104164011-e9c2485b059c @@ -131,3 +131,5 @@ require ( // This replace is required for we use the OCP fork of Ginkgo. replace github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20241205171354-8006f302fd12 + +replace github.com/openshift/library-go => github.com/tchap/library-go v0.0.0-20251118235217-c9f261aeea2a diff --git a/go.sum b/go.sum index c0db6f92d..b28cb59b1 100644 --- a/go.sum +++ b/go.sum @@ -156,14 +156,12 @@ github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw= github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= github.com/openshift-eng/openshift-tests-extension v0.0.0-20250804142706-7b3ab438a292 h1:3athg6KQ+TaNfW4BWZDlGFt1ImSZEJWgzXtPC1VPITI= github.com/openshift-eng/openshift-tests-extension v0.0.0-20250804142706-7b3ab438a292/go.mod h1:6gkP5f2HL0meusT0Aim8icAspcD1cG055xxBZ9yC68M= -github.com/openshift/api v0.0.0-20251015095338-264e80a2b6e7 h1:Ot2fbEEPmF3WlPQkyEW/bUCV38GMugH/UmZvxpWceNc= -github.com/openshift/api v0.0.0-20251015095338-264e80a2b6e7/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY= +github.com/openshift/api v0.0.0-20251111013132-5c461e21bdb7 h1:fdvcDJySvjVJctbPbdLPoMiMk+bls34+eq6tWOqdFZg= +github.com/openshift/api v0.0.0-20251111013132-5c461e21bdb7/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY= github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee h1:+Sp5GGnjHDhT/a/nQ1xdp43UscBMr7G5wxsYotyhzJ4= github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee/go.mod h1:8jcm8UPtg2mCAsxfqKil1xrmRMI3a+XU2TZ9fF8A7TE= github.com/openshift/client-go v0.0.0-20251015124057-db0dee36e235 h1:9JBeIXmnHlpXTQPi7LPmu1jdxznBhAE7bb1K+3D8gxY= github.com/openshift/client-go v0.0.0-20251015124057-db0dee36e235/go.mod h1:L49W6pfrZkfOE5iC1PqEkuLkXG4W0BX4w8b+L2Bv7fM= -github.com/openshift/library-go v0.0.0-20251104164011-e9c2485b059c h1:fCvbOJjMSbJaDK53vBo2nCL0xpvqO2zuvFyJxI0HTgM= -github.com/openshift/library-go v0.0.0-20251104164011-e9c2485b059c/go.mod h1:OlFFws1AO51uzfc48MsStGE4SFMWlMZD0+f5a/zCtKI= github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20241205171354-8006f302fd12 h1:AKx/w1qpS8We43bsRgf8Nll3CGlDHpr/WAXvuedTNZI= github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20241205171354-8006f302fd12/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0= @@ -211,6 +209,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/tchap/library-go v0.0.0-20251118235217-c9f261aeea2a h1:2ClsSM5xucHIkW7F77yFtNiJwZl+8Q04DeJNB9lT07Y= +github.com/tchap/library-go v0.0.0-20251118235217-c9f261aeea2a/go.mod h1:ErDfiIrPHH+menTP/B4LKd0nxFDdvCbTamAc6SWMIh8= github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7otjonDflCTK0BCfls4SPy3NcCVb5dqqmbRknE= github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= diff --git a/vendor/github.com/openshift/api/.golangci.yaml b/vendor/github.com/openshift/api/.golangci.yaml index 649f9bed3..8da22c5e5 100644 --- a/vendor/github.com/openshift/api/.golangci.yaml +++ b/vendor/github.com/openshift/api/.golangci.yaml @@ -11,7 +11,9 @@ linters: settings: linters: enable: + - forbiddenmarkers - maxlength + - namingconventions - nobools - nomaps - statussubresource @@ -20,6 +22,13 @@ linters: isFirstField: Warn usePatchStrategy: Ignore useProtobuf: Ignore + forbiddenmarkers: + markers: + - identifier: "openshift:enable:FeatureSets" + - identifier: "openshift:validation:FeatureSetAwareEnum" + - identifier: "openshift:validation:FeatureSetAwareXValidation" + - identifier: "kubebuilder:validation:UniqueItems" + - identifier: "kubebuilder:validation:Pattern" # Use CEL expressions instead optionalfields: pointers: preference: WhenRequired @@ -33,7 +42,7 @@ linters: # This will force omitzero on optional struct fields. # This means they can be omitted correctly and prevents the need for pointers to structs. policy: SuggestFix - requiredFields: + requiredfields: pointers: # This will force pointers when the field is required, but only when the zero # value is a valid user choice, and has a semantic difference to being omitted (e.g. replicas allows 0). @@ -47,7 +56,18 @@ linters: # This will force omitzero on required struct fields. # This means they can be omitted correctly and prevents the need for pointers to structs. policy: SuggestFix - uniqueMarkers: + namingconventions: + conventions: + - name: norefs + violationMatcher: "(?i)ref(erence)?s?$" + operation: Drop + message: "reference fields should not need to be named ref(s)/reference(s)" + - name: nokind + violationMatcher: "^Kind$" + operation: Replacement + replacement: "Resource" + message: "API Kinds can be ambiguous and should be replaced with Resource" + uniquemarkers: customMarkers: - identifier: "openshift:validation:FeatureGateAwareEnum" attributes: diff --git a/vendor/github.com/openshift/api/AGENTS.md b/vendor/github.com/openshift/api/AGENTS.md index a009bbb2d..0e3903243 100644 --- a/vendor/github.com/openshift/api/AGENTS.md +++ b/vendor/github.com/openshift/api/AGENTS.md @@ -32,6 +32,21 @@ make clean # Clean build artifacts make update # Alias for update-codegen-crds ``` +#### Targeted Code Generation +When working on a specific API group/version, you can regenerate only the affected CRDs instead of all CRDs: + +```bash +# Regenerate CRDs for a specific API group/version +make update-codegen-crds API_GROUP_VERSIONS=operator.openshift.io/v1alpha1 +make update-codegen-crds API_GROUP_VERSIONS=config.openshift.io/v1 +make update-codegen-crds API_GROUP_VERSIONS=route.openshift.io/v1 + +# Multiple API groups can be specified with comma separation +make update-codegen-crds API_GROUP_VERSIONS=operator.openshift.io/v1alpha1,config.openshift.io/v1 +``` + +This is more efficient than running `make update` (which regenerates all CRDs) when you're only working on specific API groups. + ### Testing ```bash make test-unit # Run unit tests diff --git a/vendor/github.com/openshift/api/Makefile b/vendor/github.com/openshift/api/Makefile index fd4268a78..c069d8040 100644 --- a/vendor/github.com/openshift/api/Makefile +++ b/vendor/github.com/openshift/api/Makefile @@ -1,7 +1,7 @@ all: build .PHONY: all -update: update-codegen-crds +update: update-non-codegen update-codegen RUNTIME ?= podman RUNTIME_IMAGE_NAME ?= registry.ci.openshift.org/openshift/release:rhel-9-release-golang-1.24-openshift-4.20 @@ -17,10 +17,8 @@ test-unit: # # BEGIN: Update codegen-crds. Defaults to generating updates for all API packages. # To run a subset of packages: -# - Filter by group with make update-codegen-crds- -# E.g. make update-codegen-crds-machine -# - Set API_GROUP_VERSIONS to a space separated list of /. -# E.g. API_GROUP_VERSIONS="apps/v1 build/v1" make update-codegen-crds. +# - Set API_GROUP_VERSIONS to a space separated list of fully qualified /. +# E.g. API_GROUP_VERSIONS="apps.openshift.io/v1 build.openshift.io/v1" make update-codegen-crds. # FeatureSet generation is controlled at the group level by the # .codegen.yaml file. # @@ -57,23 +55,28 @@ verify-lint-fix: make lint-fix 2>/dev/null || true git diff --exit-code -.PHONY: verify-scripts -verify-scripts: - bash -x hack/verify-deepcopy.sh - bash -x hack/verify-openapi.sh +# Verify codegen runs all verifiers in the order they are defined in the root.go file. +# This includes all generators defined in update-codegen, but also the crd-schema-checker and crdify verifiers. +.PHONY: verify-codegen +verify-codegen: + EXTRA_ARGS=--verify hack/update-codegen.sh + +.PHONY: verify-non-codegen +verify-non-codegen: bash -x hack/verify-protobuf.sh - bash -x hack/verify-swagger-docs.sh hack/verify-crds.sh bash -x hack/verify-types.sh - bash -x hack/verify-compatibility.sh bash -x hack/verify-integration-tests.sh bash -x hack/verify-group-versions.sh bash -x hack/verify-prerelease-lifecycle-gen.sh hack/verify-payload-crds.sh hack/verify-payload-featuregates.sh +.PHONY: verify-scripts +verify-scripts: verify-non-codegen verify-codegen + .PHONY: verify -verify: verify-scripts lint verify-crd-schema verify-crdify verify-codegen-crds +verify: verify-scripts lint .PHONY: verify-codegen-crds verify-codegen-crds: @@ -99,8 +102,8 @@ verify-%: ################################################################################################ # # BEGIN: Update scripts. Defaults to generating updates for all API packages. -# Set API_GROUP_VERSIONS to a space separated list of / to limit -# the scope of the updates. Eg API_GROUP_VERSIONS="apps/v1 build/v1" make update-scripts. +# Set API_GROUP_VERSIONS to a space separated list of fully qualified / to limit +# the scope of the updates. Eg API_GROUP_VERSIONS="apps.openshift.io/v1 build.openshift.io/v1" make update-scripts. # Note: Protobuf generation is handled separately, see hack/lib/init.sh. # ################################################################################################ @@ -108,6 +111,19 @@ verify-%: .PHONY: update-scripts update-scripts: update-compatibility update-openapi update-deepcopy update-protobuf update-swagger-docs tests-vendor update-prerelease-lifecycle-gen update-payload-featuregates +# Update codegen runs all generators in the order they are defined in the root.go file. +# The per group generators are:[compatibility, deepcopy, swagger-docs, empty-partial-schema, schema-patch, crd-manifest-merge] +# The multi group generators are:[openapi] +.PHONY: update-codegen +update-codegen: + hack/update-codegen.sh + +# Update non-codegen runs all generators that are not part of the codegen utility, or +# are part of it, but are not run by default when invoking codegen without a specific generator. +# E.g. the payload feature gates which is not part of the generator style, but is still a subcommand. +.PHONY: update-non-codegen +update-non-codegen: update-protobuf tests-vendor update-prerelease-lifecycle-gen update-payload-crds update-payload-featuregates + .PHONY: update-compatibility update-compatibility: hack/update-compatibility.sh diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go index cfac9689e..e5aad151e 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -72,8 +72,10 @@ type ClusterVersionSpec struct { // // If an upgrade fails the operator will halt and report status // about the failing component. Setting the desired update value back to - // the previous version will cause a rollback to be attempted. Not all - // rollbacks will succeed. + // the previous version will cause a rollback to be attempted if the + // previous version is within the current minor version. Not all + // rollbacks will succeed, and some may unrecoverably break the + // cluster. // // +optional DesiredUpdate *Update `json:"desiredUpdate,omitempty"` @@ -718,10 +720,14 @@ type Update struct { Image string `json:"image"` // force allows an administrator to update to an image that has failed - // verification or upgradeable checks. This option should only - // be used when the authenticity of the provided image has been verified out - // of band because the provided image will run with full administrative access - // to the cluster. Do not use this flag with images that comes from unknown + // verification or upgradeable checks that are designed to keep your + // cluster safe. Only use this if: + // * you are testing unsigned release images in short-lived test clusters or + // * you are working around a known bug in the cluster-version + // operator and you have verified the authenticity of the provided + // image yourself. + // The provided image will run with full administrative access + // to the cluster. Do not use this flag with images that come from unknown // or potentially malicious sources. // // +optional diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index effafde64..005702e99 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -491,6 +491,21 @@ type AWSServiceEndpoint struct { URL string `json:"url"` } +// IPFamilyType represents the IP protocol family that cloud platform resources should use. +// +kubebuilder:validation:Enum=IPv4;DualStackIPv6Primary;DualStackIPv4Primary +type IPFamilyType string + +const ( + // IPv4 indicates that cloud platform resources should use IPv4 addressing only. + IPv4 IPFamilyType = "IPv4" + + // DualStackIPv6Primary indicates that cloud platform resources should use dual-stack networking with IPv6 as primary. + DualStackIPv6Primary IPFamilyType = "DualStackIPv6Primary" + + // DualStackIPv4Primary indicates that cloud platform resources should use dual-stack networking with IPv4 as primary. + DualStackIPv4Primary IPFamilyType = "DualStackIPv4Primary" +) + // AWSPlatformSpec holds the desired state of the Amazon Web Services infrastructure provider. // This only includes fields that can be modified in the cluster. type AWSPlatformSpec struct { @@ -536,6 +551,18 @@ type AWSPlatformStatus struct { // +optional // +nullable CloudLoadBalancerConfig *CloudLoadBalancerConfig `json:"cloudLoadBalancerConfig,omitempty"` + + // ipFamily specifies the IP protocol family that should be used for AWS + // network resources. This controls whether AWS resources are created with + // IPv4-only, or dual-stack networking with IPv4 or IPv6 as the primary + // protocol family. + // + // +default="IPv4" + // +kubebuilder:default="IPv4" + // +kubebuilder:validation:XValidation:rule="oldSelf == '' || self == oldSelf",message="ipFamily is immutable once set" + // +openshift:enable:FeatureGate=AWSDualStackInstall + // +optional + IPFamily IPFamilyType `json:"ipFamily,omitempty"` } // AWSResourceTag is a tag to apply to AWS resources created for the cluster. @@ -607,6 +634,18 @@ type AzurePlatformStatus struct { // +openshift:enable:FeatureGate=AzureClusterHostedDNSInstall // +optional CloudLoadBalancerConfig *CloudLoadBalancerConfig `json:"cloudLoadBalancerConfig,omitempty"` + + // ipFamily specifies the IP protocol family that should be used for Azure + // network resources. This controls whether Azure resources are created with + // IPv4-only, or dual-stack networking with IPv4 or IPv6 as the primary + // protocol family. + // + // +default="IPv4" + // +kubebuilder:default="IPv4" + // +kubebuilder:validation:XValidation:rule="oldSelf == '' || self == oldSelf",message="ipFamily is immutable once set" + // +openshift:enable:FeatureGate=AzureDualStackInstall + // +optional + IPFamily IPFamilyType `json:"ipFamily,omitempty"` } // AzureResourceTag is a tag to apply to Azure resources created for the cluster. diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml index d8d6b502e..03b091ead 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml @@ -362,7 +362,9 @@ infrastructures.config.openshift.io: Category: "" FeatureGates: - AWSClusterHostedDNSInstall + - AWSDualStackInstall - AzureClusterHostedDNSInstall + - AzureDualStackInstall - DualReplica - DyanmicServiceEndpointIBMCloud - GCPClusterHostedDNSInstall diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index 31aab4dfe..be7d462a5 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -777,7 +777,7 @@ func (ClusterVersionList) SwaggerDoc() map[string]string { var map_ClusterVersionSpec = map[string]string{ "": "ClusterVersionSpec is the desired version state of the cluster. It includes the version the cluster should be at, how the cluster is identified, and where the cluster should look for version updates.", "clusterID": "clusterID uniquely identifies this cluster. This is expected to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in hexadecimal values). This is a required field.", - "desiredUpdate": "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail.\n\nSome of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. The version extracted from the referenced image must match the specified version. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error.\n\nIf an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed.", + "desiredUpdate": "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail.\n\nSome of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. The version extracted from the referenced image must match the specified version. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error.\n\nIf an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted if the previous version is within the current minor version. Not all rollbacks will succeed, and some may unrecoverably break the cluster.", "upstream": "upstream may be used to specify the preferred update server. By default it will use the appropriate update server for the cluster and region.", "channel": "channel is an identifier for explicitly requesting a non-default set of updates to be applied to this cluster. The default channel will contain stable updates that are appropriate for production clusters.", "capabilities": "capabilities configures the installation of optional, core cluster components. A null value here is identical to an empty object; see the child properties for default semantics.", @@ -878,7 +878,7 @@ var map_Update = map[string]string{ "architecture": "architecture is an optional field that indicates the desired value of the cluster architecture. In this context cluster architecture means either a single architecture or a multi architecture. architecture can only be set to Multi thereby only allowing updates from single to multi architecture. If architecture is set, image cannot be set and version must be set. Valid values are 'Multi' and empty.", "version": "version is a semantic version identifying the update version. version is required if architecture is specified. If both version and image are set, the version extracted from the referenced image must match the specified version.", "image": "image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. When image is set, architecture cannot be specified. If both version and image are set, the version extracted from the referenced image must match the specified version.", - "force": "force allows an administrator to update to an image that has failed verification or upgradeable checks. This option should only be used when the authenticity of the provided image has been verified out of band because the provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources.", + "force": "force allows an administrator to update to an image that has failed verification or upgradeable checks that are designed to keep your cluster safe. Only use this if: * you are testing unsigned release images in short-lived test clusters or * you are working around a known bug in the cluster-version\n operator and you have verified the authenticity of the provided\n image yourself.\nThe provided image will run with full administrative access to the cluster. Do not use this flag with images that come from unknown or potentially malicious sources.", } func (Update) SwaggerDoc() map[string]string { @@ -1410,6 +1410,7 @@ var map_AWSPlatformStatus = map[string]string{ "serviceEndpoints": "serviceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.", "resourceTags": "resourceTags is a list of additional tags to apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags available for the user.", "cloudLoadBalancerConfig": "cloudLoadBalancerConfig holds configuration related to DNS and cloud load balancers. It allows configuration of in-cluster DNS as an alternative to the platform default DNS implementation. When using the ClusterHosted DNS type, Load Balancer IP addresses must be provided for the API and internal API load balancers as well as the ingress load balancer.", + "ipFamily": "ipFamily specifies the IP protocol family that should be used for AWS network resources. This controls whether AWS resources are created with IPv4-only, or dual-stack networking with IPv4 or IPv6 as the primary protocol family.", } func (AWSPlatformStatus) SwaggerDoc() map[string]string { @@ -1481,6 +1482,7 @@ var map_AzurePlatformStatus = map[string]string{ "armEndpoint": "armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack.", "resourceTags": "resourceTags is a list of additional tags to apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration.", "cloudLoadBalancerConfig": "cloudLoadBalancerConfig holds configuration related to DNS and cloud load balancers. It allows configuration of in-cluster DNS as an alternative to the platform default DNS implementation. When using the ClusterHosted DNS type, Load Balancer IP addresses must be provided for the API and internal API load balancers as well as the ingress load balancer.", + "ipFamily": "ipFamily specifies the IP protocol family that should be used for Azure network resources. This controls whether Azure resources are created with IPv4-only, or dual-stack networking with IPv4 or IPv6 as the primary protocol family.", } func (AzurePlatformStatus) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/envtest-releases.yaml b/vendor/github.com/openshift/api/envtest-releases.yaml index e8688e2b0..e495e0279 100644 --- a/vendor/github.com/openshift/api/envtest-releases.yaml +++ b/vendor/github.com/openshift/api/envtest-releases.yaml @@ -64,3 +64,16 @@ releases: envtest-v1.33.2-linux-arm64.tar.gz: hash: 9936eba66fd0170808268da4c0609b7e7d4d1b0de8607b0d3a9091539b4ec881041a9e08e7b4839708b11139bcc850acd34dfc0305ed955cc61fc3fae9da58f5 selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.33.2-linux-arm64.tar.gz + v1.34.1: + envtest-v1.34.1-darwin-amd64.tar.gz: + hash: 3bf575e77d35803b81685969915d70ae23f2267bafd1fe17087126d6fcdfe67590d2f51ce59ff8f0d06e5d94b0f4d0ac3c16de1544008e9c617499cfc51844c5 + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.34.1-darwin-amd64.tar.gz + envtest-v1.34.1-darwin-arm64.tar.gz: + hash: 3c9c1d457d3fbb5c5cfb6e6c4ac31b41172cf413b9a81f8f53ac717a643f730d135d4d09549f9d78685c23704a7e3f12c891896dc23c4b1a211a10e1fd9bc043 + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.34.1-darwin-arm64.tar.gz + envtest-v1.34.1-linux-amd64.tar.gz: + hash: e5aeda6d9f9456e27c5c001bc4476a0bccc06f1431c2a9752a2ac040f69671927204dcc254bba8ebb2fb91d0e32620abfaba6daad6a80dbe376d93e57fcd2431 + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.34.1-linux-amd64.tar.gz + envtest-v1.34.1-linux-arm64.tar.gz: + hash: e2ee7e47ceeba56624fd869922ab9851200482ef835c09fe3dd57c9806a992a7e1f56641906510ebb095514953aa8a3af68d45a82be45b94981a50e894ac6e42 + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.34.1-linux-arm64.tar.gz diff --git a/vendor/github.com/openshift/api/features.md b/vendor/github.com/openshift/api/features.md index 54c9fd3de..df45c853f 100644 --- a/vendor/github.com/openshift/api/features.md +++ b/vendor/github.com/openshift/api/features.md @@ -5,17 +5,17 @@ | MachineAPIOperatorDisableMachineHealthCheckController| | | | | | | | MultiArchInstallAzure| | | | | | | | ShortCertRotation| | | | | | | -| BootImageSkewEnforcement| | | Enabled | Enabled | | | | ClusterAPIMachineManagementVSphere| | | Enabled | Enabled | | | | Example2| | | Enabled | Enabled | | | | ExternalSnapshotMetadata| | | Enabled | Enabled | | | +| IngressControllerDynamicConfigurationManager| | | Enabled | Enabled | | | | NewOLMCatalogdAPIV1Metas| | | | Enabled | | Enabled | | NewOLMOwnSingleNamespace| | | | Enabled | | Enabled | | NewOLMPreflightPermissionChecks| | | | Enabled | | Enabled | -| NewOLMWebhookProviderOpenshiftServiceCA| | | | Enabled | | Enabled | | NoRegistryClusterOperations| | | | Enabled | | Enabled | | VSphereMixedNodeEnv| | | Enabled | Enabled | | | | NewOLM| | Enabled | | Enabled | | Enabled | +| NewOLMWebhookProviderOpenshiftServiceCA| | Enabled | | Enabled | | Enabled | | AWSClusterHostedDNS| | | Enabled | Enabled | Enabled | Enabled | | AWSClusterHostedDNSInstall| | | Enabled | Enabled | Enabled | Enabled | | AWSDedicatedHosts| | | Enabled | Enabled | Enabled | Enabled | @@ -26,11 +26,14 @@ | AzureDedicatedHosts| | | Enabled | Enabled | Enabled | Enabled | | AzureDualStackInstall| | | Enabled | Enabled | Enabled | Enabled | | AzureMultiDisk| | | Enabled | Enabled | Enabled | Enabled | +| BootImageSkewEnforcement| | | Enabled | Enabled | Enabled | Enabled | | BootcNodeManagement| | | Enabled | Enabled | Enabled | Enabled | | CBORServingAndStorage| | | Enabled | Enabled | Enabled | Enabled | +| CRDCompatibilityRequirementOperator| | | Enabled | Enabled | Enabled | Enabled | | ClientsAllowCBOR| | | Enabled | Enabled | Enabled | Enabled | | ClientsPreferCBOR| | | Enabled | Enabled | Enabled | Enabled | | ClusterAPIInstallIBMCloud| | | Enabled | Enabled | Enabled | Enabled | +| ClusterAPIMachineManagement| | | Enabled | Enabled | Enabled | Enabled | | ClusterMonitoringConfig| | | Enabled | Enabled | Enabled | Enabled | | ClusterVersionOperatorConfiguration| | | Enabled | Enabled | Enabled | Enabled | | DNSNameResolver| | | Enabled | Enabled | Enabled | Enabled | @@ -46,23 +49,21 @@ | GCPDualStackInstall| | | Enabled | Enabled | Enabled | Enabled | | ImageModeStatusReporting| | | Enabled | Enabled | Enabled | Enabled | | ImageStreamImportMode| | | Enabled | Enabled | Enabled | Enabled | -| IngressControllerDynamicConfigurationManager| | | Enabled | Enabled | Enabled | Enabled | | InsightsConfig| | | Enabled | Enabled | Enabled | Enabled | | InsightsOnDemandDataGather| | | Enabled | Enabled | Enabled | Enabled | | IrreconcilableMachineConfig| | | Enabled | Enabled | Enabled | Enabled | | KMSEncryptionProvider| | | Enabled | Enabled | Enabled | Enabled | | MachineAPIMigration| | | Enabled | Enabled | Enabled | Enabled | -| ManagedBootImagesAzure| | | Enabled | Enabled | Enabled | Enabled | | ManagedBootImagesCPMS| | | Enabled | Enabled | Enabled | Enabled | -| ManagedBootImagesvSphere| | | Enabled | Enabled | Enabled | Enabled | | MaxUnavailableStatefulSet| | | Enabled | Enabled | Enabled | Enabled | | MinimumKubeletVersion| | | Enabled | Enabled | Enabled | Enabled | | MixedCPUsAllocation| | | Enabled | Enabled | Enabled | Enabled | | MultiDiskSetup| | | Enabled | Enabled | Enabled | Enabled | +| MutableCSINodeAllocatableCount| | | Enabled | Enabled | Enabled | Enabled | | MutatingAdmissionPolicy| | | Enabled | Enabled | Enabled | Enabled | | NutanixMultiSubnets| | | Enabled | Enabled | Enabled | Enabled | +| OSStreams| | | Enabled | Enabled | Enabled | Enabled | | OVNObservability| | | Enabled | Enabled | Enabled | Enabled | -| PreconfiguredUDNAddresses| | | Enabled | Enabled | Enabled | Enabled | | SELinuxMount| | | Enabled | Enabled | Enabled | Enabled | | SignatureStores| | | Enabled | Enabled | Enabled | Enabled | | SigstoreImageVerificationPKI| | | Enabled | Enabled | Enabled | Enabled | @@ -88,12 +89,15 @@ | MachineConfigNodes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ManagedBootImages| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ManagedBootImagesAWS| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| ManagedBootImagesAzure| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| ManagedBootImagesvSphere| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | MetricsCollectionProfiles| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | NetworkDiagnosticsConfig| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | NetworkLiveMigration| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | NetworkSegmentation| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | OpenShiftPodSecurityAdmission| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | PinnedImages| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| PreconfiguredUDNAddresses| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ProcMountType| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | RouteAdvertisements| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | RouteExternalCertificate| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | diff --git a/vendor/github.com/openshift/api/features/features.go b/vendor/github.com/openshift/api/features/features.go index 5d3836a43..910cabc5f 100644 --- a/vendor/github.com/openshift/api/features/features.go +++ b/vendor/github.com/openshift/api/features/features.go @@ -342,7 +342,7 @@ var ( contactPerson("rsaini"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1496"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateManagedBootImagesAzure = newFeatureGate("ManagedBootImagesAzure"). @@ -350,7 +350,7 @@ var ( contactPerson("djoshy"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1761"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateManagedBootImagesCPMS = newFeatureGate("ManagedBootImagesCPMS"). @@ -366,7 +366,7 @@ var ( contactPerson("djoshy"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1761"). - enableIn(configv1.DevPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateBootcNodeManagement = newFeatureGate("BootcNodeManagement"). @@ -509,8 +509,8 @@ var ( reportProblemsToJiraComponent("olm"). contactPerson("pegoncal"). productScope(ocpSpecific). - enhancementPR("https://github.com/openshift/enhancements/pull/1799"). - enableForClusterProfile(SelfManaged, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enhancementPR("https://github.com/openshift/enhancements/pull/1844"). + enableForClusterProfile(SelfManaged, configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateInsightsOnDemandDataGather = newFeatureGate("InsightsOnDemandDataGather"). @@ -553,6 +553,14 @@ var ( enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() + FeatureGateClusterAPIMachineManagement = newFeatureGate("ClusterAPIMachineManagement"). + reportProblemsToJiraComponent("Cloud Compute / Cluster API Providers"). + contactPerson("ddonati"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1465"). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + FeatureGateClusterAPIMachineManagementVSphere = newFeatureGate("ClusterAPIMachineManagementVSphere"). reportProblemsToJiraComponent("SPLAT"). contactPerson("jcpowermac"). @@ -624,7 +632,7 @@ var ( contactPerson("miciah"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade). mustRegister() FeatureGateMinimumKubeletVersion = newFeatureGate("MinimumKubeletVersion"). @@ -772,7 +780,7 @@ var ( contactPerson("kyrtapz"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1793"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default). mustRegister() FeatureGateAWSServiceLBNetworkSecurityGroup = newFeatureGate("AWSServiceLBNetworkSecurityGroup"). @@ -885,4 +893,27 @@ var ( enhancementPR("https://github.com/openshift/enhancements/pull/1857"). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() + + FeatureGateMutableCSINodeAllocatableCount = newFeatureGate("MutableCSINodeAllocatableCount"). + reportProblemsToJiraComponent("Storage / Kubernetes External Components"). + contactPerson("jsafrane"). + productScope(kubernetes). + enhancementPR("https://github.com/kubernetes/enhancements/issues/4876"). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + FeatureGateOSStreams = newFeatureGate("OSStreams"). + reportProblemsToJiraComponent("MachineConfigOperator"). + contactPerson("pabrodri"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1874"). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + + FeatureGateCRDCompatibilityRequirementOperator = newFeatureGate("CRDCompatibilityRequirementOperator"). + reportProblemsToJiraComponent("Cloud Compute / Cluster API Providers"). + contactPerson("ddonati"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1845"). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() ) diff --git a/vendor/github.com/openshift/api/machine/v1beta1/types_gcpprovider.go b/vendor/github.com/openshift/api/machine/v1beta1/types_gcpprovider.go index 72a31b5bd..9713a4e4a 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/types_gcpprovider.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/types_gcpprovider.go @@ -25,6 +25,14 @@ const ( RestartPolicyNever GCPRestartPolicyType = "Never" ) +// GCPProvisioningModelType is a type representing acceptable values for ProvisioningModel field in GCPMachineProviderSpec +type GCPProvisioningModelType string + +const ( + // GCPSpotInstance enables the GCP instances as spot instances which provide significant cost savings but may be preempted by Google Cloud Platform when resources are needed elsewhere. + GCPSpotInstance GCPProvisioningModelType = "Spot" +) + // SecureBootPolicy represents the secure boot configuration for the GCP machine. type SecureBootPolicy string @@ -129,6 +137,14 @@ type GCPMachineProviderSpec struct { // preemptible indicates if created instance is preemptible. // +optional Preemptible bool `json:"preemptible,omitempty"` + // provisioningModel is an optional field that determines the provisioning model for the GCP machine instance. + // Valid values are "Spot" and omitted. + // When set to Spot, the instance runs as a Google Cloud Spot instance which provides significant cost savings but may be preempted by Google Cloud Platform when resources are needed elsewhere. + // When omitted, the machine will be provisioned as a standard on-demand instance. + // This field cannot be used together with the preemptible field. + // +optional + // +kubebuilder:validation:Enum=Spot + ProvisioningModel *GCPProvisioningModelType `json:"provisioningModel,omitempty"` // onHostMaintenance determines the behavior when a maintenance event occurs that might cause the instance to reboot. // This is required to be set to "Terminate" if you want to provision machine with attached GPUs. // Otherwise, allowed values are "Migrate" and "Terminate". diff --git a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go index 5aa4f90a4..554fc19b9 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go @@ -762,6 +762,11 @@ func (in *GCPMachineProviderSpec) DeepCopyInto(out *GCPMachineProviderSpec) { *out = make([]GCPGPUConfig, len(*in)) copy(*out, *in) } + if in.ProvisioningModel != nil { + in, out := &in.ProvisioningModel, &out.ProvisioningModel + *out = new(GCPProvisioningModelType) + **out = **in + } out.ShieldedInstanceConfig = in.ShieldedInstanceConfig if in.ResourceManagerTags != nil { in, out := &in.ResourceManagerTags, &out.ResourceManagerTags diff --git a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go index 4a1b969a8..7b74d37d0 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go @@ -452,6 +452,7 @@ var map_GCPMachineProviderSpec = map[string]string{ "projectID": "projectID is the project in which the GCP machine provider will create the VM.", "gpus": "gpus is a list of GPUs to be attached to the VM.", "preemptible": "preemptible indicates if created instance is preemptible.", + "provisioningModel": "provisioningModel is an optional field that determines the provisioning model for the GCP machine instance. Valid values are \"Spot\" and omitted. When set to Spot, the instance runs as a Google Cloud Spot instance which provides significant cost savings but may be preempted by Google Cloud Platform when resources are needed elsewhere. When omitted, the machine will be provisioned as a standard on-demand instance. This field cannot be used together with the preemptible field.", "onHostMaintenance": "onHostMaintenance determines the behavior when a maintenance event occurs that might cause the instance to reboot. This is required to be set to \"Terminate\" if you want to provision machine with attached GPUs. Otherwise, allowed values are \"Migrate\" and \"Terminate\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is \"Migrate\".", "restartPolicy": "restartPolicy determines the behavior when an instance crashes or the underlying infrastructure provider stops the instance as part of a maintenance event (default \"Always\"). Cannot be \"Always\" with preemptible instances. Otherwise, allowed values are \"Always\" and \"Never\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is \"Always\". RestartPolicy represents AutomaticRestart in GCP compute api", "shieldedInstanceConfig": "shieldedInstanceConfig is the Shielded VM configuration for the VM", diff --git a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go index 279990448..53c71aabb 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go @@ -81,7 +81,6 @@ const ( CinderCSIDriver CSIDriverName = "cinder.csi.openstack.org" VSphereCSIDriver CSIDriverName = "csi.vsphere.vmware.com" ManilaCSIDriver CSIDriverName = "manila.csi.openstack.org" - OvirtCSIDriver CSIDriverName = "csi.ovirt.org" KubevirtCSIDriver CSIDriverName = "csi.kubevirt.io" SharedResourcesCSIDriver CSIDriverName = "csi.sharedresource.openshift.io" AlibabaDiskCSIDriver CSIDriverName = "diskplugin.csi.alibabacloud.com" diff --git a/vendor/github.com/openshift/api/operator/v1/types_ingress.go b/vendor/github.com/openshift/api/operator/v1/types_ingress.go index 2dac08f09..46b906518 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/operator/v1/types_ingress.go @@ -35,6 +35,7 @@ import ( // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +kubebuilder:validation:XValidation:rule="!has(self.spec.domain) || size('router-' + self.metadata.name + '.' + self.spec.domain) <= 253",message="The combined 'router-' + metadata.name + '.' + .spec.domain cannot exceed 253 characters" type IngressController struct { metav1.TypeMeta `json:",inline"` @@ -68,6 +69,22 @@ type IngressControllerSpec struct { // // If empty, defaults to ingress.config.openshift.io/cluster .spec.domain. // + // The domain value must be a valid DNS name. It must consist of lowercase + // alphanumeric characters, '-' or '.', and each label must start and end + // with an alphanumeric character and not exceed 63 characters. Maximum + // length of a valid DNS domain is 253 characters. + // + // The implementation may add a prefix such as "router-default." to the domain + // when constructing the router canonical hostname. To ensure the resulting + // hostname does not exceed the DNS maximum length of 253 characters, + // the domain length is additionally validated at the IngressController object + // level. For the maximum length of the domain value itself, the shortest + // possible variant of the prefix and the ingress controller name was considered + // for example "router-a." + // + // +kubebuilder:validation:MaxLength=244 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="domain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character" + // +kubebuilder:validation:XValidation:rule="self.split('.').all(label, size(label) <= 63)",message="each DNS label must not exceed 63 characters" // +optional Domain string `json:"domain,omitempty"` diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-CustomNoUpgrade.crd.yaml index 8e2ab77f1..45486c270 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-CustomNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-CustomNoUpgrade.crd.yaml @@ -55,7 +55,6 @@ spec: - cinder.csi.openstack.org - csi.vsphere.vmware.com - manila.csi.openstack.org - - csi.ovirt.org - csi.kubevirt.io - csi.sharedresource.openshift.io - diskplugin.csi.alibabacloud.com diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-Default.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-Default.crd.yaml index daf1f8abd..1b64e9e9a 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-Default.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-Default.crd.yaml @@ -55,7 +55,6 @@ spec: - cinder.csi.openstack.org - csi.vsphere.vmware.com - manila.csi.openstack.org - - csi.ovirt.org - csi.kubevirt.io - csi.sharedresource.openshift.io - diskplugin.csi.alibabacloud.com diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml index e8766002d..7029b1bde 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml @@ -55,7 +55,6 @@ spec: - cinder.csi.openstack.org - csi.vsphere.vmware.com - manila.csi.openstack.org - - csi.ovirt.org - csi.kubevirt.io - csi.sharedresource.openshift.io - diskplugin.csi.alibabacloud.com diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml index 98f87a356..04052c180 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml @@ -55,7 +55,6 @@ spec: - cinder.csi.openstack.org - csi.vsphere.vmware.com - manila.csi.openstack.org - - csi.ovirt.org - csi.kubevirt.io - csi.sharedresource.openshift.io - diskplugin.csi.alibabacloud.com diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml index 10ca42895..25c51d795 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml @@ -164,7 +164,27 @@ spec: updated. If empty, defaults to ingress.config.openshift.io/cluster .spec.domain. + + The domain value must be a valid DNS name. It must consist of lowercase + alphanumeric characters, '-' or '.', and each label must start and end + with an alphanumeric character and not exceed 63 characters. Maximum + length of a valid DNS domain is 253 characters. + + The implementation may add a prefix such as "router-default." to the domain + when constructing the router canonical hostname. To ensure the resulting + hostname does not exceed the DNS maximum length of 253 characters, + the domain length is additionally validated at the IngressController object + level. For the maximum length of the domain value itself, the shortest + possible variant of the prefix and the ingress controller name was considered + for example "router-a." + maxLength: 244 type: string + x-kubernetes-validations: + - message: domain must consist of lower case alphanumeric characters, + '-' or '.', and must start and end with an alphanumeric character + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + - message: each DNS label must not exceed 63 characters + rule: self.split('.').all(label, size(label) <= 63) endpointPublishingStrategy: description: |- endpointPublishingStrategy is used to publish the ingress controller @@ -3234,6 +3254,11 @@ spec: type: object type: object type: object + x-kubernetes-validations: + - message: The combined 'router-' + metadata.name + '.' + .spec.domain cannot + exceed 253 characters + rule: '!has(self.spec.domain) || size(''router-'' + self.metadata.name + + ''.'' + self.spec.domain) <= 253' served: true storage: true subresources: diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-TechPreviewNoUpgrade.crd.yaml index 14a864201..0cc415a58 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-TechPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-TechPreviewNoUpgrade.crd.yaml @@ -46,6 +46,98 @@ spec: description: spec is the specification of the desired behavior of the Machine Config Operator properties: + bootImageSkewEnforcement: + description: |- + bootImageSkewEnforcement allows an admin to configure how boot image version skew is + enforced on the cluster. + When omitted, this will default to Automatic for clusters that support automatic boot image updates. + For clusters that do not support automatic boot image updates, cluster upgrades will be disabled until + a skew enforcement mode has been specified. + When version skew is being enforced, cluster upgrades will be disabled until the version skew is deemed + acceptable for the current release payload. + properties: + manual: + description: |- + manual describes the current boot image of the cluster. + This should be set to the oldest boot image used amongst all machine resources in the cluster. + This must include either the RHCOS version of the boot image or the OCP release version which shipped with that + RHCOS boot image. + Required when mode is set to "Manual" and forbidden otherwise. + properties: + mode: + description: |- + mode is used to configure which boot image field is defined in Manual mode. + Valid values are OCPVersion and RHCOSVersion. + OCPVersion means that the cluster admin is expected to set the OCP version associated with the last boot image update + in the OCPVersion field. + RHCOSVersion means that the cluster admin is expected to set the RHCOS version associated with the last boot image update + in the RHCOSVersion field. + This field is required. + enum: + - OCPVersion + - RHCOSVersion + type: string + ocpVersion: + description: |- + ocpVersion provides a string which represents the OCP version of the boot image. + This field must match the OCP semver compatible format of x.y.z. This field must be between + 5 and 10 characters long. + Required when mode is set to "OCPVersion" and forbidden otherwise. + maxLength: 10 + minLength: 5 + type: string + x-kubernetes-validations: + - message: ocpVersion must match the OCP semver compatible + format of x.y.z + rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') + rhcosVersion: + description: |- + rhcosVersion provides a string which represents the RHCOS version of the boot image + This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy + format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between + 14 and 21 characters long. + Required when mode is set to "RHCOSVersion" and forbidden otherwise. + maxLength: 21 + minLength: 14 + type: string + x-kubernetes-validations: + - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] + or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] + rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') + required: + - mode + type: object + x-kubernetes-validations: + - message: ocpVersion is required when mode is OCPVersion, and + forbidden otherwise + rule: 'has(self.mode) && (self.mode ==''OCPVersion'') ? has(self.ocpVersion) + : !has(self.ocpVersion)' + - message: rhcosVersion is required when mode is RHCOSVersion, + and forbidden otherwise + rule: 'has(self.mode) && (self.mode ==''RHCOSVersion'') ? has(self.rhcosVersion) + : !has(self.rhcosVersion)' + mode: + description: |- + mode determines the underlying behavior of skew enforcement mechanism. + Valid values are Manual and None. + Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP + & RHCOS version associated with the last boot image update in the manual field. + In Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the + skew limit described by the release image. + None means that the MCO will no longer monitor the boot image skew. This may affect + the cluster's ability to scale. + This field is required. + enum: + - Manual + - None + type: string + required: + - mode + type: object + x-kubernetes-validations: + - message: manual is required when mode is Manual, and forbidden otherwise + rule: 'has(self.mode) && (self.mode ==''Manual'') ? has(self.manual) + : !has(self.manual)' failedRevisionLimit: description: |- failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api @@ -690,6 +782,140 @@ spec: description: status is the most recently observed status of the Machine Config Operator properties: + bootImageSkewEnforcementStatus: + description: |- + bootImageSkewEnforcementStatus reflects what the latest cluster-validated boot image skew enforcement + configuration is and will be used by Machine Config Controller while performing boot image skew enforcement. + When omitted, the MCO has no knowledge of how to enforce boot image skew. When the MCO does not know how + boot image skew should be enforced, cluster upgrades will be blocked until it can either automatically + determine skew enforcement or there is an explicit skew enforcement configuration provided in the + spec.bootImageSkewEnforcement field. + properties: + automatic: + description: |- + automatic describes the current boot image of the cluster. + This will be populated by the MCO when performing boot image updates. This value will be compared against + the cluster's skew limit to determine skew compliance. + Required when mode is set to "Automatic" and forbidden otherwise. + minProperties: 1 + properties: + ocpVersion: + description: |- + ocpVersion provides a string which represents the OCP version of the boot image. + This field must match the OCP semver compatible format of x.y.z. This field must be between + 5 and 10 characters long. + maxLength: 10 + minLength: 5 + type: string + x-kubernetes-validations: + - message: ocpVersion must match the OCP semver compatible + format of x.y.z + rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') + rhcosVersion: + description: |- + rhcosVersion provides a string which represents the RHCOS version of the boot image + This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy + format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between + 14 and 21 characters long. + maxLength: 21 + minLength: 14 + type: string + x-kubernetes-validations: + - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] + or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] + rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') + type: object + x-kubernetes-validations: + - message: at least one of ocpVersion or rhcosVersion is required + rule: has(self.ocpVersion) || has(self.rhcosVersion) + manual: + description: |- + manual describes the current boot image of the cluster. + This will be populated by the MCO using the values provided in the spec.bootImageSkewEnforcement.manual field. + This value will be compared against the cluster's skew limit to determine skew compliance. + Required when mode is set to "Manual" and forbidden otherwise. + properties: + mode: + description: |- + mode is used to configure which boot image field is defined in Manual mode. + Valid values are OCPVersion and RHCOSVersion. + OCPVersion means that the cluster admin is expected to set the OCP version associated with the last boot image update + in the OCPVersion field. + RHCOSVersion means that the cluster admin is expected to set the RHCOS version associated with the last boot image update + in the RHCOSVersion field. + This field is required. + enum: + - OCPVersion + - RHCOSVersion + type: string + ocpVersion: + description: |- + ocpVersion provides a string which represents the OCP version of the boot image. + This field must match the OCP semver compatible format of x.y.z. This field must be between + 5 and 10 characters long. + Required when mode is set to "OCPVersion" and forbidden otherwise. + maxLength: 10 + minLength: 5 + type: string + x-kubernetes-validations: + - message: ocpVersion must match the OCP semver compatible + format of x.y.z + rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') + rhcosVersion: + description: |- + rhcosVersion provides a string which represents the RHCOS version of the boot image + This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy + format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between + 14 and 21 characters long. + Required when mode is set to "RHCOSVersion" and forbidden otherwise. + maxLength: 21 + minLength: 14 + type: string + x-kubernetes-validations: + - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] + or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] + rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') + required: + - mode + type: object + x-kubernetes-validations: + - message: ocpVersion is required when mode is OCPVersion, and + forbidden otherwise + rule: 'has(self.mode) && (self.mode ==''OCPVersion'') ? has(self.ocpVersion) + : !has(self.ocpVersion)' + - message: rhcosVersion is required when mode is RHCOSVersion, + and forbidden otherwise + rule: 'has(self.mode) && (self.mode ==''RHCOSVersion'') ? has(self.rhcosVersion) + : !has(self.rhcosVersion)' + mode: + description: |- + mode determines the underlying behavior of skew enforcement mechanism. + Valid values are Automatic, Manual and None. + Automatic means that the MCO will perform boot image updates and store the + OCP & RHCOS version associated with the last boot image update in the automatic field. + Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP + & RHCOS version associated with the last boot image update in the manual field. + In Automatic and Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the + skew limit described by the release image. + None means that the MCO will no longer monitor the boot image skew. This may affect + the cluster's ability to scale. + This field is required. + enum: + - Automatic + - Manual + - None + type: string + required: + - mode + type: object + x-kubernetes-validations: + - message: automatic is required when mode is Automatic, and forbidden + otherwise + rule: 'has(self.mode) && (self.mode == ''Automatic'') ? has(self.automatic) + : !has(self.automatic)' + - message: manual is required when mode is Manual, and forbidden otherwise + rule: 'has(self.mode) && (self.mode == ''Manual'') ? has(self.manual) + : !has(self.manual)' conditions: description: conditions is a list of conditions and their status items: @@ -1292,6 +1518,25 @@ spec: required: - spec type: object + x-kubernetes-validations: + - message: when skew enforcement is in Automatic mode, a boot image configuration + is required + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? self.?spec.managedBootImages.hasValue() || self.?status.managedBootImagesStatus.hasValue() + : true' + - message: when skew enforcement is in Automatic mode, managedBootImages must + contain a MachineManager opting in all MachineAPI MachineSets + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || self.spec.managedBootImages.machineManagers.exists(m, + m.selection.mode == ''All'' && m.resource == ''machinesets'' && m.apiGroup + == ''machine.openshift.io'') : true' + - message: when skew enforcement is in Automatic mode, managedBootImagesStatus + must contain a MachineManager opting in all MachineAPI MachineSets + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? !(self.?status.managedBootImagesStatus.machineManagers.hasValue()) || + self.status.managedBootImagesStatus.machineManagers.exists(m, m.selection.mode + == ''All'' && m.resource == ''machinesets'' && m.apiGroup == ''machine.openshift.io''): + true' served: true storage: true subresources: diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index 483d9720d..d3475d902 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -1063,7 +1063,7 @@ func (IngressControllerSetHTTPHeader) SwaggerDoc() map[string]string { var map_IngressControllerSpec = map[string]string{ "": "IngressControllerSpec is the specification of the desired behavior of the IngressController.", - "domain": "domain is a DNS name serviced by the ingress controller and is used to configure multiple features:\n\n* For the LoadBalancerService endpoint publishing strategy, domain is\n used to configure DNS records. See endpointPublishingStrategy.\n\n* When using a generated default certificate, the certificate will be valid\n for domain and its subdomains. See defaultCertificate.\n\n* The value is published to individual Route statuses so that end-users\n know where to target external DNS records.\n\ndomain must be unique among all IngressControllers, and cannot be updated.\n\nIf empty, defaults to ingress.config.openshift.io/cluster .spec.domain.", + "domain": "domain is a DNS name serviced by the ingress controller and is used to configure multiple features:\n\n* For the LoadBalancerService endpoint publishing strategy, domain is\n used to configure DNS records. See endpointPublishingStrategy.\n\n* When using a generated default certificate, the certificate will be valid\n for domain and its subdomains. See defaultCertificate.\n\n* The value is published to individual Route statuses so that end-users\n know where to target external DNS records.\n\ndomain must be unique among all IngressControllers, and cannot be updated.\n\nIf empty, defaults to ingress.config.openshift.io/cluster .spec.domain.\n\nThe domain value must be a valid DNS name. It must consist of lowercase alphanumeric characters, '-' or '.', and each label must start and end with an alphanumeric character and not exceed 63 characters. Maximum length of a valid DNS domain is 253 characters.\n\nThe implementation may add a prefix such as \"router-default.\" to the domain when constructing the router canonical hostname. To ensure the resulting hostname does not exceed the DNS maximum length of 253 characters, the domain length is additionally validated at the IngressController object level. For the maximum length of the domain value itself, the shortest possible variant of the prefix and the ingress controller name was considered for example \"router-a.\"", "httpErrorCodePages": "httpErrorCodePages specifies a configmap with custom error pages. The administrator must create this configmap in the openshift-config namespace. This configmap should have keys in the format \"error-page-.http\", where is an HTTP error code. For example, \"error-page-503.http\" defines an error page for HTTP 503 responses. Currently only error pages for 503 and 404 responses can be customized. Each value in the configmap should be the full response, including HTTP headers. Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http If this field is empty, the ingress controller uses the default error pages.", "replicas": "replicas is the desired number of ingress controller replicas. If unset, the default depends on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses status.\n\nThe value of replicas is set based on the value of a chosen field in the Infrastructure CR. If defaultPlacement is set to ControlPlane, the chosen field will be controlPlaneTopology. If it is set to Workers the chosen field will be infrastructureTopology. Replicas will then be set to 1 or 2 based whether the chosen field's value is SingleReplica or HighlyAvailable, respectively.\n\nThese defaults are subject to change.", "endpointPublishingStrategy": "endpointPublishingStrategy is used to publish the ingress controller endpoints to other networks, enable load balancer integrations, etc.\n\nIf unset, the default is based on infrastructure.config.openshift.io/cluster .status.platform:\n\n AWS: LoadBalancerService (with External scope)\n Azure: LoadBalancerService (with External scope)\n GCP: LoadBalancerService (with External scope)\n IBMCloud: LoadBalancerService (with External scope)\n AlibabaCloud: LoadBalancerService (with External scope)\n Libvirt: HostNetwork\n\nAny other platform types (including None) default to HostNetwork.\n\nendpointPublishingStrategy cannot be updated.", diff --git a/vendor/github.com/openshift/api/route/v1/generated.proto b/vendor/github.com/openshift/api/route/v1/generated.proto index e055eb0d2..85018b16b 100644 --- a/vendor/github.com/openshift/api/route/v1/generated.proto +++ b/vendor/github.com/openshift/api/route/v1/generated.proto @@ -413,10 +413,12 @@ message RouterShard { // +kubebuilder:validation:XValidation:rule="has(self.termination) && has(self.insecureEdgeTerminationPolicy) ? !((self.termination=='passthrough') && (self.insecureEdgeTerminationPolicy=='Allow')) : true", message="cannot have both spec.tls.termination: passthrough and spec.tls.insecureEdgeTerminationPolicy: Allow" // +openshift:validation:FeatureGateAwareXValidation:featureGate=RouteExternalCertificate,rule="!(has(self.certificate) && has(self.externalCertificate))", message="cannot have both spec.tls.certificate and spec.tls.externalCertificate" message TLSConfig { - // termination indicates termination type. + // termination indicates the TLS termination type. // // * edge - TLS termination is done by the router and http is used to communicate with the backend (default) + // // * passthrough - Traffic is sent straight to the destination without the router providing TLS termination + // // * reencrypt - TLS termination is done by the router and https is used to communicate with the backend // // Note: passthrough termination is incompatible with httpHeader actions diff --git a/vendor/github.com/openshift/api/route/v1/types.go b/vendor/github.com/openshift/api/route/v1/types.go index 5a61f477e..35c406482 100644 --- a/vendor/github.com/openshift/api/route/v1/types.go +++ b/vendor/github.com/openshift/api/route/v1/types.go @@ -424,10 +424,12 @@ type RouterShard struct { // +kubebuilder:validation:XValidation:rule="has(self.termination) && has(self.insecureEdgeTerminationPolicy) ? !((self.termination=='passthrough') && (self.insecureEdgeTerminationPolicy=='Allow')) : true", message="cannot have both spec.tls.termination: passthrough and spec.tls.insecureEdgeTerminationPolicy: Allow" // +openshift:validation:FeatureGateAwareXValidation:featureGate=RouteExternalCertificate,rule="!(has(self.certificate) && has(self.externalCertificate))", message="cannot have both spec.tls.certificate and spec.tls.externalCertificate" type TLSConfig struct { - // termination indicates termination type. + // termination indicates the TLS termination type. // // * edge - TLS termination is done by the router and http is used to communicate with the backend (default) + // // * passthrough - Traffic is sent straight to the destination without the router providing TLS termination + // // * reencrypt - TLS termination is done by the router and https is used to communicate with the backend // // Note: passthrough termination is incompatible with httpHeader actions diff --git a/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go index e6c44a6b0..4c8f9eedd 100644 --- a/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go @@ -173,7 +173,7 @@ func (RouterShard) SwaggerDoc() map[string]string { var map_TLSConfig = map[string]string{ "": "TLSConfig defines config used to secure a route and provide termination", - "termination": "termination indicates termination type.\n\n* edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend\n\nNote: passthrough termination is incompatible with httpHeader actions", + "termination": "termination indicates the TLS termination type.\n\n* edge - TLS termination is done by the router and http is used to communicate with the backend (default)\n\n* passthrough - Traffic is sent straight to the destination without the router providing TLS termination\n\n* reencrypt - TLS termination is done by the router and https is used to communicate with the backend\n\nNote: passthrough termination is incompatible with httpHeader actions", "certificate": "certificate provides certificate contents. This should be a single serving certificate, not a certificate chain. Do not include a CA certificate.", "key": "key provides key file contents", "caCertificate": "caCertificate provides the cert authority certificate contents", diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/storage.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/storage.go index d44a5d571..afbdc53ee 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/storage.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/storage.go @@ -135,9 +135,10 @@ func storageClassNeedsRecreate(oldSC, newSC *storagev1.StorageClass) bool { return false } -// ApplyCSIDriver merges objectmeta, does not worry about anything else +// ApplyCSIDriver merges objectmeta and tries to update spec if any of the required fields were cleared by the API server. +// It assumes they were cleared due to a feature gate not enabled in the API server and it will be enabled soon. +// When used by StaticResourceController, it will retry periodically and eventually save the spec with the field. func ApplyCSIDriver(ctx context.Context, client storageclientv1.CSIDriversGetter, recorder events.Recorder, requiredOriginal *storagev1.CSIDriver) (*storagev1.CSIDriver, bool, error) { - required := requiredOriginal.DeepCopy() if required.Annotations == nil { required.Annotations = map[string]string{} @@ -173,14 +174,40 @@ func ApplyCSIDriver(ctx context.Context, client storageclientv1.CSIDriversGetter } } - metadataModified := false + needsUpdate := false + // Most CSIDriver fields are immutable. Any change to them should trigger Delete() + Create() calls. + needsRecreate := false + existingCopy := existing.DeepCopy() - resourcemerge.EnsureObjectMeta(&metadataModified, &existingCopy.ObjectMeta, required.ObjectMeta) + // Metadata change should need just Update() call. + resourcemerge.EnsureObjectMeta(&needsUpdate, &existingCopy.ObjectMeta, required.ObjectMeta) requiredSpecHash := required.Annotations[specHashAnnotation] existingSpecHash := existing.Annotations[specHashAnnotation] - sameSpec := requiredSpecHash == existingSpecHash - if sameSpec && !metadataModified { + // Assume whole re-create is needed on any spec change. + // We don't keep a track of which field is mutable. + needsRecreate = requiredSpecHash != existingSpecHash + + // TODO: remove when CSIDriver spec.nodeAllocatableUpdatePeriodSeconds is enabled by default + // (https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/4876-mutable-csinode-allocatable) + if !needsRecreate && !alphaFieldsSaved(existingCopy, required) { + // The required spec is the same as in previous succesful call, however, + // the API server must have cleared some alpha/beta fields in it. + // Try to save the object again. In case the fields are cleared again, + // the caller (typically StaticResourceController) must retry periodically. + klog.V(4).Infof("Detected CSIDriver %q field cleared by the API server, updating", required.Name) + + // Assumption: the alpha fields are **mutable**, so only Update() is needed. + // Update() with the same spec as before + the field cleared by the API server + // won't generate any informer events. StaticResourceController will retry with + // periodic retry (1 minute.) + // We cannot use needsRecreate=true, as it will generate informer events and + // StaticResourceController will retry immediately, leading to a busy loop. + needsUpdate = true + existingCopy.Spec = required.Spec + } + + if !needsUpdate && !needsRecreate { return existing, false, nil } @@ -188,16 +215,16 @@ func ApplyCSIDriver(ctx context.Context, client storageclientv1.CSIDriversGetter klog.Infof("CSIDriver %q changes: %v", required.Name, JSONPatchNoError(existing, existingCopy)) } - if sameSpec { - // Update metadata by a simple Update call + if !needsRecreate { + // only needsUpdate is true, update the object by a simple Update call actual, err := client.CSIDrivers().Update(ctx, existingCopy, metav1.UpdateOptions{}) resourcehelper.ReportUpdateEvent(recorder, required, err) return actual, true, err } + // needsRecreate is true, needsUpdate does not matter. Delete and re-create the object. existingCopy.Spec = required.Spec existingCopy.ObjectMeta.ResourceVersion = "" - // Spec is read-only after creation. Delete and re-create the object err = client.CSIDrivers().Delete(ctx, existingCopy.Name, metav1.DeleteOptions{}) resourcehelper.ReportDeleteEvent(recorder, existingCopy, err, "Deleting CSIDriver to re-create it with updated parameters") if err != nil && !apierrors.IsNotFound(err) { @@ -214,10 +241,17 @@ func ApplyCSIDriver(ctx context.Context, client storageclientv1.CSIDriversGetter } else if err != nil { err = fmt.Errorf("failed to re-create CSIDriver %s: %s", existingCopy.Name, err) } - resourcehelper.ReportCreateEvent(recorder, existingCopy, err) + resourcehelper.ReportCreateEvent(recorder, actual, err) return actual, true, err } +// alphaFieldsSaved checks that all required fields in the CSIDriver required spec are present and equal in the actual spec. +func alphaFieldsSaved(actual, required *storagev1.CSIDriver) bool { + // DeepDerivative checks that all fields in "required" are present and equal in "actual" + // Fields not present in "required" are ignored. + return equality.Semantic.DeepDerivative(required.Spec, actual.Spec) +} + func validateRequiredCSIDriverLabels(required *storagev1.CSIDriver) error { supportsEphemeralVolumes := false for _, mode := range required.Spec.VolumeLifecycleModes { diff --git a/vendor/github.com/openshift/library-go/pkg/operator/staticpod/prune/cmd.go b/vendor/github.com/openshift/library-go/pkg/operator/staticpod/prune/cmd.go index b029b7461..4b14a3ee4 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/staticpod/prune/cmd.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/staticpod/prune/cmd.go @@ -4,11 +4,9 @@ import ( "fmt" "os" "path" - "path/filepath" "slices" "strconv" "strings" - "time" "github.com/davecgh/go-spew/spew" "github.com/spf13/cobra" @@ -21,7 +19,6 @@ type PruneOptions struct { ProtectedRevisions []int ResourceDir string - CertDir string StaticPodName string } @@ -58,7 +55,8 @@ func (o *PruneOptions) AddFlags(fs *pflag.FlagSet) { fs.IntSliceVar(&o.ProtectedRevisions, "protected-revisions", o.ProtectedRevisions, "list of revision IDs to preserve (not delete)") fs.StringVar(&o.ResourceDir, "resource-dir", o.ResourceDir, "directory for all files supporting the static pod manifest") fs.StringVar(&o.StaticPodName, "static-pod-name", o.StaticPodName, "name of the static pod") - fs.StringVar(&o.CertDir, "cert-dir", o.CertDir, "directory for all certs") + fs.String("cert-dir", "", "directory for all certs") + fs.MarkDeprecated("cert-dir", "certificate directory is now being pruned in relevant sync loops") //nolint:errcheck } func (o *PruneOptions) Validate() error { @@ -112,44 +110,5 @@ func (o *PruneOptions) Run() error { return err } } - - // prune any temporary certificate files - // we do create temporary files to atomically "write" various certificates to disk - // usually, these files are short-lived because they are immediately renamed, the following loop removes old/unused/dangling files - // - // the temporary files have the following form: - // /etc/kubernetes/static-pod-resources/kube-apiserver-certs/configmaps/control-plane-node-kubeconfig/kubeconfig.tmp753375784 - // /etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/service-network-serving-certkey/tls.key.tmp643092404 - if len(o.CertDir) == 0 { - return nil - } - - // If the cert dir does not exist, do nothing. - // The dir will get eventually created by an installer pod. - if _, err := os.Stat(path.Join(o.ResourceDir, o.CertDir)); os.IsNotExist(err) { - klog.Infof("Skipping %s as it does not exist", path.Join(o.ResourceDir, o.CertDir)) - return nil - } - - return filepath.Walk(path.Join(o.ResourceDir, o.CertDir), - func(filePath string, info os.FileInfo, err error) error { - if err != nil { - return err - } - if info.IsDir() { - return nil - } - // info.Name() gives just a filename like tls.key or tls.key.tmp643092404 - if !strings.Contains(info.Name(), ".tmp") { - return nil - } - if time.Now().Sub(info.ModTime()) > 30*time.Minute { - klog.Infof("Removing %s, the last time it was modified was %v", filePath, info.ModTime()) - if err := os.RemoveAll(filePath); err != nil { - return err - } - } - return nil - }, - ) + return nil } diff --git a/vendor/modules.txt b/vendor/modules.txt index 6b24a87a1..a5a030d5f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -250,7 +250,7 @@ github.com/openshift-eng/openshift-tests-extension/pkg/ginkgo github.com/openshift-eng/openshift-tests-extension/pkg/junit github.com/openshift-eng/openshift-tests-extension/pkg/util/sets github.com/openshift-eng/openshift-tests-extension/pkg/version -# github.com/openshift/api v0.0.0-20251015095338-264e80a2b6e7 +# github.com/openshift/api v0.0.0-20251111013132-5c461e21bdb7 ## explicit; go 1.24.0 github.com/openshift/api github.com/openshift/api/annotations @@ -363,7 +363,7 @@ github.com/openshift/client-go/route/applyconfigurations/route/v1 github.com/openshift/client-go/route/clientset/versioned github.com/openshift/client-go/route/clientset/versioned/scheme github.com/openshift/client-go/route/clientset/versioned/typed/route/v1 -# github.com/openshift/library-go v0.0.0-20251104164011-e9c2485b059c +# github.com/openshift/library-go v0.0.0-20251104164011-e9c2485b059c => github.com/tchap/library-go v0.0.0-20251118235217-c9f261aeea2a ## explicit; go 1.24.0 github.com/openshift/library-go/pkg/apiserver/jsonpatch github.com/openshift/library-go/pkg/assets @@ -1586,3 +1586,4 @@ sigs.k8s.io/structured-merge-diff/v6/value ## explicit; go 1.22 sigs.k8s.io/yaml # github.com/onsi/ginkgo/v2 => github.com/openshift/onsi-ginkgo/v2 v2.6.1-0.20241205171354-8006f302fd12 +# github.com/openshift/library-go => github.com/tchap/library-go v0.0.0-20251118235217-c9f261aeea2a