From 9f4c1b2855793b32ab2b1d51ecb13eaeafc03db4 Mon Sep 17 00:00:00 2001 From: Ilias Rinis Date: Tue, 10 Dec 2024 12:06:26 +0100 Subject: [PATCH 1/2] vendor: pull in https://github.com/openshift/library-go/pull/1902 --- go.mod | 4 +- go.sum | 8 +- .../api/config/v1/types_infrastructure.go | 26 +- .../openshift/api/config/v1/types_node.go | 19 ++ .../api/config/v1/zz_generated.deepcopy.go | 5 + ..._generated.featuregated-crd-manifests.yaml | 4 +- .../v1/zz_generated.swagger_doc_generated.go | 16 +- .../v1alpha1/types_cluster_image_policy.go | 1 + .../api/config/v1alpha1/types_image_policy.go | 1 + .../zz_generated.swagger_doc_generated.go | 4 +- .../openshift/api/envtest-releases.yaml | 13 + vendor/github.com/openshift/api/features.md | 5 +- .../openshift/api/features/features.go | 111 +++++++- .../github.com/openshift/api/features/util.go | 28 ++ .../api/kubecontrolplane/v1/types.go | 19 ++ .../v1/zz_generated.swagger_doc_generated.go | 1 + .../openshift/api/operator/v1/types.go | 42 ++- .../api/operator/v1/types_ingress.go | 22 +- ...000_10_config-operator_01_configs.crd.yaml | 13 + ..._12_etcd_01_etcds-CustomNoUpgrade.crd.yaml | 13 + .../0000_12_etcd_01_etcds-Default.crd.yaml | 13 + ...etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml | 13 + ...tcd_01_etcds-TechPreviewNoUpgrade.crd.yaml | 13 + ..._kube-apiserver_01_kubeapiservers.crd.yaml | 13 + ...manager_01_kubecontrollermanagers.crd.yaml | 13 + ..._kube-scheduler_01_kubeschedulers.crd.yaml | 13 + ...-apiserver_01_openshiftapiservers.crd.yaml | 13 + ...ud-credential_00_cloudcredentials.crd.yaml | 13 + ...or_00_kubestorageversionmigrators.crd.yaml | 13 + ...authentication_01_authentications.crd.yaml | 13 + .../0000_50_console_01_consoles.crd.yaml | 13 + ..._50_ingress_00_ingresscontrollers.crd.yaml | 47 +++- ..._50_insights_00_insightsoperators.crd.yaml | 13 + ...er_02_openshiftcontrollermanagers.crd.yaml | 13 + .../0000_50_service-ca_02_servicecas.crd.yaml | 13 + .../0000_50_storage_01_storages.crd.yaml | 13 + .../0000_70_dns_00_dnses.crd.yaml | 13 + ...twork_01_networks-CustomNoUpgrade.crd.yaml | 13 + ...00_70_network_01_networks-Default.crd.yaml | 13 + ...k_01_networks-DevPreviewNoUpgrade.crd.yaml | 13 + ..._01_networks-TechPreviewNoUpgrade.crd.yaml | 13 + ...troller_01_csisnapshotcontrollers.crd.yaml | 13 + ...0_csi-driver_01_clustercsidrivers.crd.yaml | 13 + .../v1/zz_generated.swagger_doc_generated.go | 9 +- .../pkg/manifestclient/discovery_reader.go | 150 +++++++++++ .../group_resource_discovery.go | 250 ------------------ .../library-go/pkg/manifestclient/list.go | 7 +- .../pkg/manifestclient/read_roundtripper.go | 101 +------ .../manifestclient/readwrite_roundtripper.go | 9 +- .../pkg/manifestclient/write_roundtripper.go | 13 +- .../apiservice/apiservice_controller.go | 2 +- .../auditpolicy/auditpolicy_controller.go | 5 +- .../apiserver/controller/workload/workload.go | 42 +-- .../controllerset/apiservercontrollerset.go | 3 - .../remove_stale_conditions.go | 22 +- .../pkg/operator/v1helpers/helpers.go | 28 ++ vendor/modules.txt | 5 +- 57 files changed, 883 insertions(+), 451 deletions(-) create mode 100644 vendor/github.com/openshift/library-go/pkg/manifestclient/discovery_reader.go delete mode 100644 vendor/github.com/openshift/library-go/pkg/manifestclient/group_resource_discovery.go diff --git a/go.mod b/go.mod index c2e694c3a..8e23459bc 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc github.com/ghodss/yaml v1.0.0 github.com/google/go-cmp v0.6.0 - github.com/openshift/api v0.0.0-20241001152557-e415140e5d5f + github.com/openshift/api v0.0.0-20241101202457-04eb3fd119d2 github.com/openshift/build-machinery-go v0.0.0-20241031155326-6ae126a9cb72 github.com/openshift/client-go v0.0.0-20241001162912-da6d55e4611f github.com/openshift/library-go v0.0.0-20241120135057-fc703a7407c9 @@ -121,3 +121,5 @@ require ( sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) + +replace github.com/openshift/library-go => github.com/liouk/library-go v0.0.0-20241210104019-f07c37b790cf diff --git a/go.sum b/go.sum index 344bf46c1..7470b1e9d 100644 --- a/go.sum +++ b/go.sum @@ -135,6 +135,8 @@ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs= +github.com/liouk/library-go v0.0.0-20241210104019-f07c37b790cf h1:44q9/wsLnrUDAMCTysjU8C0m1hgVmXAe/7Xc07s1dxw= +github.com/liouk/library-go v0.0.0-20241210104019-f07c37b790cf/go.mod h1:l/3SegTa9x+ry2J213bh7+DBofXOOvdrqU4JC9ktJa0= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -148,14 +150,12 @@ github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= -github.com/openshift/api v0.0.0-20241001152557-e415140e5d5f h1:ya1OmyZm3LIIxI3U9VE9Nyx3ehCHgBwxyFUPflYPWls= -github.com/openshift/api v0.0.0-20241001152557-e415140e5d5f/go.mod h1:Shkl4HanLwDiiBzakv+con/aMGnVE2MAGvoKp5oyYUo= +github.com/openshift/api v0.0.0-20241101202457-04eb3fd119d2 h1:CguNy+2KzhJ3a3i7e4Bgm/ByfQpSSSPYmF9NLZskoUs= +github.com/openshift/api v0.0.0-20241101202457-04eb3fd119d2/go.mod h1:Shkl4HanLwDiiBzakv+con/aMGnVE2MAGvoKp5oyYUo= github.com/openshift/build-machinery-go v0.0.0-20241031155326-6ae126a9cb72 h1:kMM+Ea3YFrcoYS76RhhBA7uELy97JM0gwqnyoy7fxco= github.com/openshift/build-machinery-go v0.0.0-20241031155326-6ae126a9cb72/go.mod h1:8jcm8UPtg2mCAsxfqKil1xrmRMI3a+XU2TZ9fF8A7TE= github.com/openshift/client-go v0.0.0-20241001162912-da6d55e4611f h1:FRc0bVNWprihWS0GqQWzb3dY4dkCwpOP3mDw5NwSoR4= github.com/openshift/client-go v0.0.0-20241001162912-da6d55e4611f/go.mod h1:KiZi2mJRH1TOJ3FtBDYS6YvUL30s/iIXaGSUrSa36mo= -github.com/openshift/library-go v0.0.0-20241120135057-fc703a7407c9 h1:bwIqO3LDkumwfDKTMRzixNHKUqU7yaKTTAKwENi6JOY= -github.com/openshift/library-go v0.0.0-20241120135057-fc703a7407c9/go.mod h1:9B1MYPoLtP9tqjWxcbUNVpwxy68zOH/3EIP6c31dAM0= github.com/openshift/multi-operator-manager v0.0.0-20241119235446-3c965870ef94 h1:9Z5HQo1KSQogIpQ2tDzrCk4+sDjL/xF+YXBrDP4R36k= github.com/openshift/multi-operator-manager v0.0.0-20241119235446-3c965870ef94/go.mod h1:Fn/rmcwj4bCuS11UT5TZvzONt7qTjzcd9BCSQkIwQOI= github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0= diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index 392d128c1..0daa62d30 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -507,6 +507,20 @@ type AWSPlatformStatus struct { // +listType=atomic // +optional ResourceTags []AWSResourceTag `json:"resourceTags,omitempty"` + + // cloudLoadBalancerConfig holds configuration related to DNS and cloud + // load balancers. It allows configuration of in-cluster DNS as an alternative + // to the platform default DNS implementation. + // When using the ClusterHosted DNS type, Load Balancer IP addresses + // must be provided for the API and internal API load balancers as well as the + // ingress load balancer. + // + // +default={"dnsType": "PlatformDefault"} + // +kubebuilder:default={"dnsType": "PlatformDefault"} + // +openshift:enable:FeatureGate=AWSClusterHostedDNS + // +optional + // +nullable + CloudLoadBalancerConfig *CloudLoadBalancerConfig `json:"cloudLoadBalancerConfig,omitempty"` } // AWSResourceTag is a tag to apply to AWS resources created for the cluster. @@ -647,12 +661,12 @@ type GCPPlatformStatus struct { // Tombstone the field as a reminder. // ClusterHostedDNS ClusterHostedDNS `json:"clusterHostedDNS,omitempty"` - // cloudLoadBalancerConfig is a union that contains the IP addresses of API, - // API-Int and Ingress Load Balancers created on the cloud platform. These - // values would not be populated on on-prem platforms. These Load Balancer - // IPs are used to configure the in-cluster DNS instances for API, API-Int - // and Ingress services. `dnsType` is expected to be set to `ClusterHosted` - // when these Load Balancer IP addresses are populated and used. + // cloudLoadBalancerConfig holds configuration related to DNS and cloud + // load balancers. It allows configuration of in-cluster DNS as an alternative + // to the platform default DNS implementation. + // When using the ClusterHosted DNS type, Load Balancer IP addresses + // must be provided for the API and internal API load balancers as well as the + // ingress load balancer. // // +default={"dnsType": "PlatformDefault"} // +kubebuilder:default={"dnsType": "PlatformDefault"} diff --git a/vendor/github.com/openshift/api/config/v1/types_node.go b/vendor/github.com/openshift/api/config/v1/types_node.go index b3b1b62c4..a50328c91 100644 --- a/vendor/github.com/openshift/api/config/v1/types_node.go +++ b/vendor/github.com/openshift/api/config/v1/types_node.go @@ -46,6 +46,25 @@ type NodeSpec struct { // the status and corresponding reaction of the cluster // +optional WorkerLatencyProfile WorkerLatencyProfileType `json:"workerLatencyProfile,omitempty"` + + // minimumKubeletVersion is the lowest version of a kubelet that can join the cluster. + // Specifically, the apiserver will deny most authorization requests of kubelets that are older + // than the specified version, only allowing the kubelet to get and update its node object, and perform + // subjectaccessreviews. + // This means any kubelet that attempts to join the cluster will not be able to run any assigned workloads, + // and will eventually be marked as not ready. + // Its max length is 8, so maximum version allowed is either "9.999.99" or "99.99.99". + // Since the kubelet reports the version of the kubernetes release, not Openshift, this field references + // the underlying kubernetes version this version of Openshift is based off of. + // In other words: if an admin wishes to ensure no nodes run an older version than Openshift 4.17, then + // they should set the minimumKubeletVersion to 1.30.0. + // When comparing versions, the kubelet's version is stripped of any contents outside of major.minor.patch version. + // Thus, a kubelet with version "1.0.0-ec.0" will be compatible with minimumKubeletVersion "1.0.0" or earlier. + // +kubebuilder:validation:XValidation:rule="self == \"\" || self.matches('^[0-9]*.[0-9]*.[0-9]*$')",message="minmumKubeletVersion must be in a semver compatible format of x.y.z, or empty" + // +kubebuilder:validation:MaxLength:=8 + // +openshift:enable:FeatureGate=MinimumKubeletVersion + // +optional + MinimumKubeletVersion string `json:"minimumKubeletVersion"` } type NodeStatus struct { diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index 069346998..1b7fa44aa 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -245,6 +245,11 @@ func (in *AWSPlatformStatus) DeepCopyInto(out *AWSPlatformStatus) { *out = make([]AWSResourceTag, len(*in)) copy(*out, *in) } + if in.CloudLoadBalancerConfig != nil { + in, out := &in.CloudLoadBalancerConfig, &out.CloudLoadBalancerConfig + *out = new(CloudLoadBalancerConfig) + (*in).DeepCopyInto(*out) + } return } diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml index fa5dd4e31..abfea5eaf 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml @@ -310,6 +310,7 @@ infrastructures.config.openshift.io: Capability: "" Category: "" FeatureGates: + - AWSClusterHostedDNS - BareMetalLoadBalancer - GCPClusterHostedDNS - GCPLabelsTags @@ -382,7 +383,8 @@ nodes.config.openshift.io: CRDName: nodes.config.openshift.io Capability: "" Category: "" - FeatureGates: [] + FeatureGates: + - MinimumKubeletVersion FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index c580bd834..145a7e4c0 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -1184,10 +1184,11 @@ func (AWSPlatformSpec) SwaggerDoc() map[string]string { } var map_AWSPlatformStatus = map[string]string{ - "": "AWSPlatformStatus holds the current status of the Amazon Web Services infrastructure provider.", - "region": "region holds the default AWS region for new AWS resources created by the cluster.", - "serviceEndpoints": "ServiceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.", - "resourceTags": "resourceTags is a list of additional tags to apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags available for the user.", + "": "AWSPlatformStatus holds the current status of the Amazon Web Services infrastructure provider.", + "region": "region holds the default AWS region for new AWS resources created by the cluster.", + "serviceEndpoints": "ServiceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.", + "resourceTags": "resourceTags is a list of additional tags to apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags available for the user.", + "cloudLoadBalancerConfig": "cloudLoadBalancerConfig holds configuration related to DNS and cloud load balancers. It allows configuration of in-cluster DNS as an alternative to the platform default DNS implementation. When using the ClusterHosted DNS type, Load Balancer IP addresses must be provided for the API and internal API load balancers as well as the ingress load balancer.", } func (AWSPlatformStatus) SwaggerDoc() map[string]string { @@ -1389,7 +1390,7 @@ var map_GCPPlatformStatus = map[string]string{ "region": "region holds the region for new GCP resources created for the cluster.", "resourceLabels": "resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration.", "resourceTags": "resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", - "cloudLoadBalancerConfig": "cloudLoadBalancerConfig is a union that contains the IP addresses of API, API-Int and Ingress Load Balancers created on the cloud platform. These values would not be populated on on-prem platforms. These Load Balancer IPs are used to configure the in-cluster DNS instances for API, API-Int and Ingress services. `dnsType` is expected to be set to `ClusterHosted` when these Load Balancer IP addresses are populated and used.", + "cloudLoadBalancerConfig": "cloudLoadBalancerConfig holds configuration related to DNS and cloud load balancers. It allows configuration of in-cluster DNS as an alternative to the platform default DNS implementation. When using the ClusterHosted DNS type, Load Balancer IP addresses must be provided for the API and internal API load balancers as well as the ingress load balancer.", } func (GCPPlatformStatus) SwaggerDoc() map[string]string { @@ -2087,8 +2088,9 @@ func (NodeList) SwaggerDoc() map[string]string { } var map_NodeSpec = map[string]string{ - "cgroupMode": "CgroupMode determines the cgroups version on the node", - "workerLatencyProfile": "WorkerLatencyProfile determins the how fast the kubelet is updating the status and corresponding reaction of the cluster", + "cgroupMode": "CgroupMode determines the cgroups version on the node", + "workerLatencyProfile": "WorkerLatencyProfile determins the how fast the kubelet is updating the status and corresponding reaction of the cluster", + "minimumKubeletVersion": "minimumKubeletVersion is the lowest version of a kubelet that can join the cluster. Specifically, the apiserver will deny most authorization requests of kubelets that are older than the specified version, only allowing the kubelet to get and update its node object, and perform subjectaccessreviews. This means any kubelet that attempts to join the cluster will not be able to run any assigned workloads, and will eventually be marked as not ready. Its max length is 8, so maximum version allowed is either \"9.999.99\" or \"99.99.99\". Since the kubelet reports the version of the kubernetes release, not Openshift, this field references the underlying kubernetes version this version of Openshift is based off of. In other words: if an admin wishes to ensure no nodes run an older version than Openshift 4.17, then they should set the minimumKubeletVersion to 1.30.0. When comparing versions, the kubelet's version is stripped of any contents outside of major.minor.patch version. Thus, a kubelet with version \"1.0.0-ec.0\" will be compatible with minimumKubeletVersion \"1.0.0\" or earlier.", } func (NodeSpec) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go index e3670f03e..14650fd48 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go @@ -41,6 +41,7 @@ type ClusterImagePolicySpec struct { // If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. // In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories // quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. + // If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. // For additional details about the format, please refer to the document explaining the docker transport field, // which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker // +kubebuilder:validation:Required diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go b/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go index 7031110ff..a177ddb0d 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go @@ -40,6 +40,7 @@ type ImagePolicySpec struct { // If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. // In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories // quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. + // If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. // For additional details about the format, please refer to the document explaining the docker transport field, // which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker // +kubebuilder:validation:Required diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go index 9da086efc..55468f38d 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -102,7 +102,7 @@ func (ClusterImagePolicyList) SwaggerDoc() map[string]string { var map_ClusterImagePolicySpec = map[string]string{ "": "CLusterImagePolicySpec is the specification of the ClusterImagePolicy custom resource.", - "scopes": "scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", + "scopes": "scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", "policy": "policy contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", } @@ -151,7 +151,7 @@ func (ImagePolicyList) SwaggerDoc() map[string]string { var map_ImagePolicySpec = map[string]string{ "": "ImagePolicySpec is the specification of the ImagePolicy CRD.", - "scopes": "scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", + "scopes": "scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", "policy": "policy contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", } diff --git a/vendor/github.com/openshift/api/envtest-releases.yaml b/vendor/github.com/openshift/api/envtest-releases.yaml index fa789b18c..5651bbcc9 100644 --- a/vendor/github.com/openshift/api/envtest-releases.yaml +++ b/vendor/github.com/openshift/api/envtest-releases.yaml @@ -12,3 +12,16 @@ releases: envtest-v1.30.3-linux-arm64.tar.gz: hash: deb395d5e9578a58786c42b4e7d878b4aef984ac2dce510031fbecf12092162a4aee1cde774f1527cfae90f6885382dc7b3d79ec379b7f4160c3a35fad7cbc3b selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.30.3-linux-arm64.tar.gz + v1.31.1: + envtest-v1.31.1-darwin-amd64.tar.gz: + hash: c884c6a9751f12f57ede0dc3d8dfffdb0f60f7111d6d01ca0693b66d663dfbd37c21ab6a9e571d1a6f649ed7db54b04b069ab0aff6366b2db2f5d3d8ba84a296 + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.31.1-darwin-amd64.tar.gz + envtest-v1.31.1-darwin-arm64.tar.gz: + hash: c760be21c579a516cad8fbafd0f202229f5e074da1869958b84ae8dca295ffb33eb6fd4fd0b66349c31c4adff1561e7dd188137885e3661e34c0a14e12ada20e + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.31.1-darwin-arm64.tar.gz + envtest-v1.31.1-linux-amd64.tar.gz: + hash: a683fad736249b681d50c40715068ecb64f3ef22a85f29387eb61435c36dfe0cebf0bc7e109e237071cd856bc0e37d79a732309fd8d0b16fba6e019cf5c6e8b6 + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.31.1-linux-amd64.tar.gz + envtest-v1.31.1-linux-arm64.tar.gz: + hash: 86fa42c6a3d92e438e35d6066587d0e4f36b910885e10520868959ece2fe740d99abc735f69d6ebe8920291f70d3819b169ad5ddd2db805f8f56a3b83eee3893 + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.31.1-linux-arm64.tar.gz diff --git a/vendor/github.com/openshift/api/features.md b/vendor/github.com/openshift/api/features.md index e668fc88b..660d3bff1 100644 --- a/vendor/github.com/openshift/api/features.md +++ b/vendor/github.com/openshift/api/features.md @@ -7,6 +7,7 @@ | MachineAPIOperatorDisableMachineHealthCheckController| | | | | | | | MultiArchInstallAzure| | | | | | | | GatewayAPI| | | Enabled | Enabled | | | +| AWSClusterHostedDNS| | | Enabled | Enabled | Enabled | Enabled | | AdditionalRoutingCapabilities| | | Enabled | Enabled | Enabled | Enabled | | AutomatedEtcdBackup| | | Enabled | Enabled | Enabled | Enabled | | BootcNodeManagement| | | Enabled | Enabled | Enabled | Enabled | @@ -18,6 +19,7 @@ | Example| | | Enabled | Enabled | Enabled | Enabled | | GCPClusterHostedDNS| | | Enabled | Enabled | Enabled | Enabled | | ImageStreamImportMode| | | Enabled | Enabled | Enabled | Enabled | +| IngressControllerDynamicConfigurationManager| | | Enabled | Enabled | Enabled | Enabled | | InsightsConfig| | | Enabled | Enabled | Enabled | Enabled | | InsightsConfigAPI| | | Enabled | Enabled | Enabled | Enabled | | InsightsOnDemandDataGather| | | Enabled | Enabled | Enabled | Enabled | @@ -27,6 +29,7 @@ | ManagedBootImagesAWS| | | Enabled | Enabled | Enabled | Enabled | | MaxUnavailableStatefulSet| | | Enabled | Enabled | Enabled | Enabled | | MetricsCollectionProfiles| | | Enabled | Enabled | Enabled | Enabled | +| MinimumKubeletVersion| | | Enabled | Enabled | Enabled | Enabled | | MixedCPUsAllocation| | | Enabled | Enabled | Enabled | Enabled | | NetworkSegmentation| | | Enabled | Enabled | Enabled | Enabled | | NewOLM| | | Enabled | Enabled | Enabled | Enabled | @@ -48,6 +51,7 @@ | UserNamespacesSupport| | | Enabled | Enabled | Enabled | Enabled | | VSphereMultiNetworks| | | Enabled | Enabled | Enabled | Enabled | | VSphereMultiVCenters| | | Enabled | Enabled | Enabled | Enabled | +| VolumeAttributesClass| | | Enabled | Enabled | Enabled | Enabled | | VolumeGroupSnapshot| | | Enabled | Enabled | Enabled | Enabled | | ExternalOIDC| Enabled | | Enabled | Enabled | Enabled | Enabled | | AWSEFSDriverVolumeMetrics| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | @@ -64,7 +68,6 @@ | IngressControllerLBSubnetsAWS| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | KMSv1| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ManagedBootImages| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| MetricsServer| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | MultiArchInstallAWS| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | MultiArchInstallGCP| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | NetworkDiagnosticsConfig| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | diff --git a/vendor/github.com/openshift/api/features/features.go b/vendor/github.com/openshift/api/features/features.go index 7f4962395..0d1f0788e 100644 --- a/vendor/github.com/openshift/api/features/features.go +++ b/vendor/github.com/openshift/api/features/features.go @@ -40,6 +40,7 @@ var ( reportProblemsToJiraComponent("apiserver-auth"). contactPerson("stlaz"). productScope(kubernetes). + enhancementPR("https://github.com/kubernetes/enhancements/issues/4193"). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -47,6 +48,7 @@ var ( reportProblemsToJiraComponent("kube-apiserver"). contactPerson("benluddy"). productScope(kubernetes). + enhancementPR("https://github.com/kubernetes/enhancements/issues/3488"). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -54,6 +56,7 @@ var ( reportProblemsToJiraComponent("Routing"). contactPerson("miciah"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade). mustRegister() @@ -61,6 +64,7 @@ var ( reportProblemsToJiraComponent("Networking / router"). contactPerson("miheer"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -68,6 +72,7 @@ var ( reportProblemsToJiraComponent("auth"). contactPerson("ibihim"). productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/899"). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -75,6 +80,7 @@ var ( reportProblemsToJiraComponent("builds"). contactPerson("adkaplan"). productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1056"). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -82,6 +88,7 @@ var ( reportProblemsToJiraComponent("builds"). contactPerson("adkaplan"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -89,6 +96,7 @@ var ( reportProblemsToJiraComponent("node"). contactPerson("ehashman"). productScope(kubernetes). + enhancementPR("https://github.com/kubernetes/enhancements/issues/2400"). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -96,6 +104,7 @@ var ( reportProblemsToJiraComponent("openstack"). contactPerson("egarcia"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -103,6 +112,7 @@ var ( reportProblemsToJiraComponent("insights"). contactPerson("tremes"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -110,6 +120,7 @@ var ( reportProblemsToJiraComponent("insights"). contactPerson("jmesnil"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -117,6 +128,7 @@ var ( reportProblemsToJiraComponent("scheduling"). contactPerson("jchaloup"). productScope(kubernetes). + enhancementPR("https://github.com/kubernetes/enhancements/issues/4381"). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -124,6 +136,7 @@ var ( reportProblemsToJiraComponent("cloud-credential-operator"). contactPerson("abutcher"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -131,6 +144,7 @@ var ( reportProblemsToJiraComponent("apps"). contactPerson("atiratree"). productScope(kubernetes). + enhancementPR("https://github.com/kubernetes/enhancements/issues/961"). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -138,12 +152,14 @@ var ( reportProblemsToJiraComponent("node"). contactPerson("sairameshv"). productScope(kubernetes). + enhancementPR("https://github.com/kubernetes/enhancements/issues/3386"). mustRegister() FeatureGatePrivateHostedZoneAWS = newFeatureGate("PrivateHostedZoneAWS"). reportProblemsToJiraComponent("Routing"). contactPerson("miciah"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -151,6 +167,7 @@ var ( reportProblemsToJiraComponent("node"). contactPerson("sgrunert"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -158,6 +175,7 @@ var ( reportProblemsToJiraComponent("Installer"). contactPerson("bhb"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -165,6 +183,7 @@ var ( reportProblemsToJiraComponent("cloud-provider"). contactPerson("jspeed"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -172,6 +191,7 @@ var ( reportProblemsToJiraComponent("machine-config-operator/platform-baremetal"). contactPerson("mkowalsk"). productScope(kubernetes). + enhancementPR("https://github.com/kubernetes/enhancements/issues/3705"). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -179,6 +199,7 @@ var ( reportProblemsToJiraComponent("splat"). contactPerson("vr4manta"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -186,6 +207,7 @@ var ( reportProblemsToJiraComponent("splat"). contactPerson("rvanderp3"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -193,6 +215,7 @@ var ( reportProblemsToJiraComponent("router"). contactPerson("thejasn"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -200,6 +223,7 @@ var ( reportProblemsToJiraComponent("Networking/ovn-kubernetes"). contactPerson("tssurya"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -207,6 +231,7 @@ var ( reportProblemsToJiraComponent("Networking/ovn-kubernetes"). contactPerson("tssurya"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -214,6 +239,7 @@ var ( reportProblemsToJiraComponent("Networking/cluster-network-operator"). contactPerson("jcaamano"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -221,6 +247,7 @@ var ( reportProblemsToJiraComponent("Networking/ovn-kubernetes"). contactPerson("jcaamano"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -228,6 +255,7 @@ var ( reportProblemsToJiraComponent("Networking/ovn-kubernetes"). contactPerson("pliu"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -235,6 +263,7 @@ var ( reportProblemsToJiraComponent("Networking/cluster-network-operator"). contactPerson("kyrtapz"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -242,6 +271,7 @@ var ( reportProblemsToJiraComponent("Networking"). contactPerson("npinaeva"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -249,6 +279,7 @@ var ( reportProblemsToJiraComponent("etcd"). contactPerson("hasbro17"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -256,6 +287,7 @@ var ( reportProblemsToJiraComponent("etcd"). contactPerson("hasbro17"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -263,6 +295,7 @@ var ( reportProblemsToJiraComponent("etcd"). contactPerson("hasbro17"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -270,12 +303,14 @@ var ( reportProblemsToJiraComponent("ecoproject"). contactPerson("msluiter"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). mustRegister() FeatureGateDNSNameResolver = newFeatureGate("DNSNameResolver"). reportProblemsToJiraComponent("dns"). contactPerson("miciah"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -283,6 +318,7 @@ var ( reportProblemsToJiraComponent("splat"). contactPerson("rvanderp3"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -290,6 +326,7 @@ var ( reportProblemsToJiraComponent("MachineConfigOperator"). contactPerson("cdoern"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -297,19 +334,22 @@ var ( reportProblemsToJiraComponent("Installer"). contactPerson("vincepri"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). mustRegister() - FeatureGateMetricsServer = newFeatureGate("MetricsServer"). - reportProblemsToJiraComponent("Monitoring"). - contactPerson("slashpai"). + FeatureGateGCPClusterHostedDNS = newFeatureGate("GCPClusterHostedDNS"). + reportProblemsToJiraComponent("Installer"). + contactPerson("barbacbd"). productScope(ocpSpecific). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enhancementPR(legacyFeatureGateWithoutEnhancement). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() - FeatureGateGCPClusterHostedDNS = newFeatureGate("GCPClusterHostedDNS"). + FeatureGateAWSClusterHostedDNS = newFeatureGate("AWSClusterHostedDNS"). reportProblemsToJiraComponent("Installer"). contactPerson("barbacbd"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -317,6 +357,7 @@ var ( reportProblemsToJiraComponent("NodeTuningOperator"). contactPerson("titzhak"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -324,6 +365,7 @@ var ( reportProblemsToJiraComponent("MachineConfigOperator"). contactPerson("djoshy"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -331,6 +373,7 @@ var ( reportProblemsToJiraComponent("MachineConfigOperator"). contactPerson("djoshy"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -338,6 +381,7 @@ var ( reportProblemsToJiraComponent("cloud-provider"). contactPerson("jspeed"). productScope(kubernetes). + enhancementPR("https://github.com/kubernetes/enhancements/issues/2395"). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -345,6 +389,7 @@ var ( reportProblemsToJiraComponent("MachineConfigOperator"). contactPerson("dkhater"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -352,6 +397,7 @@ var ( reportProblemsToJiraComponent("MachineConfigOperator"). contactPerson("inesqyx"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -359,6 +405,7 @@ var ( reportProblemsToJiraComponent("Cluster Version Operator"). contactPerson("lmohanty"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -366,6 +413,7 @@ var ( reportProblemsToJiraComponent("kube-apiserver"). contactPerson("dgrisonnet"). productScope(kubernetes). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -373,6 +421,7 @@ var ( reportProblemsToJiraComponent("MachineConfigOperator"). contactPerson("jhernand"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -380,6 +429,7 @@ var ( reportProblemsToJiraComponent("Cluster Version Operator"). contactPerson("pmuller"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -387,13 +437,23 @@ var ( reportProblemsToJiraComponent("kube-apiserver"). contactPerson("akashem"). productScope(kubernetes). + enhancementPR("https://github.com/kubernetes/enhancements/issues/4006"). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() + FeatureGateVolumeAttributesClass = newFeatureGate("VolumeAttributesClass"). + reportProblemsToJiraComponent("Storage / Kubernetes External Components"). + contactPerson("dfajmon"). + productScope(kubernetes). + enhancementPR("https://github.com/kubernetes/enhancements/issues/3751"). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + FeatureGateVolumeGroupSnapshot = newFeatureGate("VolumeGroupSnapshot"). reportProblemsToJiraComponent("Storage / Kubernetes External Components"). contactPerson("fbertina"). productScope(kubernetes). + enhancementPR("https://github.com/kubernetes/enhancements/issues/3476"). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -401,6 +461,7 @@ var ( reportProblemsToJiraComponent("authentication"). contactPerson("liouk"). productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1596"). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). enableForClusterProfile(Hypershift, configv1.Default, configv1.TechPreviewNoUpgrade). mustRegister() @@ -409,6 +470,7 @@ var ( reportProblemsToJiraComponent("cluster-config"). contactPerson("deads"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -416,6 +478,7 @@ var ( reportProblemsToJiraComponent("olm"). contactPerson("joe"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -423,6 +486,7 @@ var ( reportProblemsToJiraComponent("olm"). contactPerson("joe"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -430,6 +494,7 @@ var ( reportProblemsToJiraComponent("insights"). contactPerson("tremes"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -437,6 +502,7 @@ var ( reportProblemsToJiraComponent("metal"). contactPerson("EmilienM"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -444,6 +510,7 @@ var ( reportProblemsToJiraComponent("insights"). contactPerson("tremes"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -451,6 +518,7 @@ var ( reportProblemsToJiraComponent("MachineConfigOperator"). contactPerson("jerzhang"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -458,6 +526,7 @@ var ( reportProblemsToJiraComponent("Monitoring"). contactPerson("rexagod"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -465,6 +534,7 @@ var ( reportProblemsToJiraComponent("Storage / Kubernetes External Components"). contactPerson("rbednar"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -472,12 +542,14 @@ var ( reportProblemsToJiraComponent("Installer"). contactPerson("cjschaef"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). mustRegister() FeatureGateChunkSizeMiB = newFeatureGate("ChunkSizeMiB"). reportProblemsToJiraComponent("Image Registry"). contactPerson("flavianmissi"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -485,12 +557,14 @@ var ( reportProblemsToJiraComponent("OCPCLOUD"). contactPerson("jspeed"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). mustRegister() FeatureGatePersistentIPsForVirtualization = newFeatureGate("PersistentIPsForVirtualization"). reportProblemsToJiraComponent("CNV Network"). contactPerson("mduarted"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -498,6 +572,7 @@ var ( reportProblemsToJiraComponent("Monitoring"). contactPerson("marioferh"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -505,6 +580,7 @@ var ( reportProblemsToJiraComponent("Installer"). contactPerson("r4f4"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -512,12 +588,14 @@ var ( reportProblemsToJiraComponent("Installer"). contactPerson("r4f4"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). mustRegister() FeatureGateMultiArchInstallGCP = newFeatureGate("MultiArchInstallGCP"). reportProblemsToJiraComponent("Installer"). contactPerson("r4f4"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -525,6 +603,7 @@ var ( reportProblemsToJiraComponent("Routing"). contactPerson("miciah"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -532,6 +611,7 @@ var ( reportProblemsToJiraComponent("Storage / Kubernetes External Components"). contactPerson("fbertina"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -539,6 +619,7 @@ var ( reportProblemsToJiraComponent("Multi-Arch"). contactPerson("psundara"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -546,6 +627,7 @@ var ( reportProblemsToJiraComponent("Node"). contactPerson("haircommander"). productScope(kubernetes). + enhancementPR("https://github.com/kubernetes/enhancements/issues/127"). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -553,6 +635,7 @@ var ( reportProblemsToJiraComponent("Node"). contactPerson("haircommander"). productScope(kubernetes). + enhancementPR("https://github.com/kubernetes/enhancements/issues/127"). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -560,6 +643,7 @@ var ( reportProblemsToJiraComponent("Node"). contactPerson("haircommander"). productScope(kubernetes). + enhancementPR("https://github.com/kubernetes/enhancements/issues/4265"). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -567,6 +651,23 @@ var ( reportProblemsToJiraComponent("SPLAT"). contactPerson("rvanderp"). productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() + + FeatureGateIngressControllerDynamicConfigurationManager = newFeatureGate("IngressControllerDynamicConfigurationManager"). + reportProblemsToJiraComponent("Networking/router"). + contactPerson("miciah"). + productScope(ocpSpecific). + enhancementPR(legacyFeatureGateWithoutEnhancement). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + + FeatureGateMinimumKubeletVersion = newFeatureGate("MinimumKubeletVersion"). + reportProblemsToJiraComponent("Node"). + contactPerson("haircommander"). + productScope(ocpSpecific). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enhancementPR("https://github.com/openshift/enhancements/pull/1697"). + mustRegister() ) diff --git a/vendor/github.com/openshift/api/features/util.go b/vendor/github.com/openshift/api/features/util.go index d8d8e94a0..3fd55bcdf 100644 --- a/vendor/github.com/openshift/api/features/util.go +++ b/vendor/github.com/openshift/api/features/util.go @@ -3,6 +3,8 @@ package features import ( "fmt" configv1 "github.com/openshift/api/config/v1" + "net/url" + "strings" ) // FeatureGateDescription is a golang-only interface used to contains details for a feature gate. @@ -18,6 +20,8 @@ type FeatureGateDescription struct { ResponsiblePerson string // OwningProduct is the product that owns the lifecycle of the gate. OwningProduct OwningProduct + // EnhancementPR is the PR for the enhancement. + EnhancementPR string } type FeatureGateEnabledDisabled struct { @@ -45,10 +49,15 @@ type featureGateBuilder struct { owningJiraComponent string responsiblePerson string owningProduct OwningProduct + enhancementPRURL string statusByClusterProfileByFeatureSet map[ClusterProfileName]map[configv1.FeatureSet]bool } +const ( + legacyFeatureGateWithoutEnhancement = "FeatureGate predates 4.18" +) + // newFeatureGate featuregate are disabled in every FeatureSet and selectively enabled func newFeatureGate(name string) *featureGateBuilder { b := &featureGateBuilder{ @@ -80,6 +89,11 @@ func (b *featureGateBuilder) productScope(owningProduct OwningProduct) *featureG return b } +func (b *featureGateBuilder) enhancementPR(url string) *featureGateBuilder { + b.enhancementPRURL = url + return b +} + func (b *featureGateBuilder) enableIn(featureSets ...configv1.FeatureSet) *featureGateBuilder { for clusterProfile := range b.statusByClusterProfileByFeatureSet { for _, featureSet := range featureSets { @@ -109,6 +123,19 @@ func (b *featureGateBuilder) register() (configv1.FeatureGateName, error) { if len(b.owningProduct) == 0 { return "", fmt.Errorf("missing owningProduct") } + _, enhancementPRErr := url.Parse(b.enhancementPRURL) + switch { + case b.enhancementPRURL == legacyFeatureGateWithoutEnhancement: + + case len(b.enhancementPRURL) == 0: + return "", fmt.Errorf("FeatureGate/%s is missing an enhancementPR with GA Graduation Criteria like https://github.com/openshift/enhancements/pull/#### or https://github.com/kubernetes/enhancements/issues/####", b.name) + + case !strings.HasPrefix(b.enhancementPRURL, "https://github.com/openshift/enhancements/pull/") && !strings.HasPrefix(b.enhancementPRURL, "https://github.com/kubernetes/enhancements/issues/"): + return "", fmt.Errorf("FeatureGate/%s enhancementPR format is incorrect; must be like https://github.com/openshift/enhancements/pull/#### or https://github.com/kubernetes/enhancements/issues/####", b.name) + + case enhancementPRErr != nil: + return "", fmt.Errorf("FeatureGate/%s is enhancementPR is invalid: %w", b.name, enhancementPRErr) + } featureGateName := configv1.FeatureGateName(b.name) description := FeatureGateDescription{ @@ -118,6 +145,7 @@ func (b *featureGateBuilder) register() (configv1.FeatureGateName, error) { OwningJiraComponent: b.owningJiraComponent, ResponsiblePerson: b.responsiblePerson, OwningProduct: b.owningProduct, + EnhancementPR: b.enhancementPRURL, } // statusByClusterProfileByFeatureSet is initialized by constructor to be false for every combination diff --git a/vendor/github.com/openshift/api/kubecontrolplane/v1/types.go b/vendor/github.com/openshift/api/kubecontrolplane/v1/types.go index b9cdcc213..6d29f42e3 100644 --- a/vendor/github.com/openshift/api/kubecontrolplane/v1/types.go +++ b/vendor/github.com/openshift/api/kubecontrolplane/v1/types.go @@ -62,6 +62,25 @@ type KubeAPIServerConfig struct { // TODO this needs to be removed. APIServerArguments map[string]Arguments `json:"apiServerArguments"` + + // minimumKubeletVersion is the lowest version of a kubelet that can join the cluster. + // Specifically, the apiserver will deny most authorization requests of kubelets that are older + // than the specified version, only allowing the kubelet to get and update its node object, and perform + // subjectaccessreviews. + // This means any kubelet that attempts to join the cluster will not be able to run any assigned workloads, + // and will eventually be marked as not ready. + // Its max length is 8, so maximum version allowed is either "9.999.99" or "99.99.99". + // Since the kubelet reports the version of the kubernetes release, not Openshift, this field references + // the underlying kubernetes version this version of Openshift is based off of. + // In other words: if an admin wishes to ensure no nodes run an older version than Openshift 4.17, then + // they should set the minimumKubeletVersion to 1.30.0. + // When comparing versions, the kubelet's version is stripped of any contents outside of major.minor.patch version. + // Thus, a kubelet with version "1.0.0-ec.0" will be compatible with minimumKubeletVersion "1.0.0" or earlier. + // +kubebuilder:validation:XValidation:rule="self == \"\" || self.matches('^[0-9]*.[0-9]*.[0-9]*$')",message="minmumKubeletVersion must be in a semver compatible format of x.y.z, or empty" + // +kubebuilder:validation:MaxLength:=8 + // +openshift:enable:FeatureGate=MinimumKubeletVersion + // +optional + MinimumKubeletVersion string `json:"minimumKubeletVersion"` } // Arguments masks the value so protobuf can generate diff --git a/vendor/github.com/openshift/api/kubecontrolplane/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/kubecontrolplane/v1/zz_generated.swagger_doc_generated.go index 906bb271b..5ecdd0583 100644 --- a/vendor/github.com/openshift/api/kubecontrolplane/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/kubecontrolplane/v1/zz_generated.swagger_doc_generated.go @@ -33,6 +33,7 @@ var map_KubeAPIServerConfig = map[string]string{ "projectConfig": "projectConfig feeds an admission plugin", "serviceAccountPublicKeyFiles": "serviceAccountPublicKeyFiles is a list of files, each containing a PEM-encoded public RSA key. (If any file contains a private key, the public portion of the key is used) The list of public keys is used to verify presented service account tokens. Each key is tried in order until the list is exhausted or verification succeeds. If no keys are specified, no service account authentication will be available.", "oauthConfig": "oauthConfig, if present start the /oauth endpoint in this process", + "minimumKubeletVersion": "minimumKubeletVersion is the lowest version of a kubelet that can join the cluster. Specifically, the apiserver will deny most authorization requests of kubelets that are older than the specified version, only allowing the kubelet to get and update its node object, and perform subjectaccessreviews. This means any kubelet that attempts to join the cluster will not be able to run any assigned workloads, and will eventually be marked as not ready. Its max length is 8, so maximum version allowed is either \"9.999.99\" or \"99.99.99\". Since the kubelet reports the version of the kubernetes release, not Openshift, this field references the underlying kubernetes version this version of Openshift is based off of. In other words: if an admin wishes to ensure no nodes run an older version than Openshift 4.17, then they should set the minimumKubeletVersion to 1.30.0. When comparing versions, the kubelet's version is stripped of any contents outside of major.minor.patch version. Thus, a kubelet with version \"1.0.0-ec.0\" will be compatible with minimumKubeletVersion \"1.0.0\" or earlier.", } func (KubeAPIServerConfig) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/operator/v1/types.go b/vendor/github.com/openshift/api/operator/v1/types.go index eeb8afdc6..f04b6846a 100644 --- a/vendor/github.com/openshift/api/operator/v1/types.go +++ b/vendor/github.com/openshift/api/operator/v1/types.go @@ -147,17 +147,27 @@ type GenerationStatus struct { // group is the group of the thing you're tracking // +kubebuilder:validation:Required Group string `json:"group"` + // resource is the resource type of the thing you're tracking // +kubebuilder:validation:Required Resource string `json:"resource"` + // namespace is where the thing you're tracking is // +kubebuilder:validation:Required Namespace string `json:"namespace"` + // name is the name of the thing you're tracking // +kubebuilder:validation:Required Name string `json:"name"` + + // TODO: Add validation for lastGeneration. The value for this field should generally increase, except when the associated + // resource has been deleted and re-created. To accurately validate this field, we should introduce a new UID field and only + // enforce an increasing value in lastGeneration when the UID remains unchanged. A change in the UID indicates that the resource + // was re-created, allowing the lastGeneration value to reset or decrease. + // lastGeneration is the last generation of the workload controller involved LastGeneration int64 `json:"lastGeneration"` + // hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps Hash string `json:"hash"` } @@ -178,12 +188,34 @@ var ( // OperatorCondition is just the standard condition fields. type OperatorCondition struct { + // type of condition in CamelCase or in foo.example.com/CamelCase. + // --- + // Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + // useful (see .node.status.conditions), the ability to deconflict is important. + // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + // +required // +kubebuilder:validation:Required - Type string `json:"type"` - Status ConditionStatus `json:"status"` - LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` - Reason string `json:"reason,omitempty"` - Message string `json:"message,omitempty"` + // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` + // +kubebuilder:validation:MaxLength=316 + Type string `json:"type" protobuf:"bytes,1,opt,name=type"` + + // status of the condition, one of True, False, Unknown. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Enum=True;False;Unknown + Status ConditionStatus `json:"status"` + + // lastTransitionTime is the last time the condition transitioned from one status to another. + // This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Type=string + // +kubebuilder:validation:Format=date-time + LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` + + Reason string `json:"reason,omitempty"` + + Message string `json:"message,omitempty"` } type ConditionStatus string diff --git a/vendor/github.com/openshift/api/operator/v1/types_ingress.go b/vendor/github.com/openshift/api/operator/v1/types_ingress.go index 7ae22ee0a..1f5664345 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/operator/v1/types_ingress.go @@ -392,6 +392,7 @@ type CIDR string // LoadBalancerStrategy holds parameters for a load balancer. // +openshift:validation:FeatureGateAwareXValidation:featureGate=SetEIPForNLBIngressController,rule="!has(self.scope) || self.scope != 'Internal' || !has(self.providerParameters) || !has(self.providerParameters.aws) || !has(self.providerParameters.aws.networkLoadBalancer) || !has(self.providerParameters.aws.networkLoadBalancer.eipAllocations)",message="eipAllocations are forbidden when the scope is Internal." +// +kubebuilder:validation:XValidation:rule=`!has(self.scope) || self.scope != 'Internal' || !has(self.providerParameters) || !has(self.providerParameters.openstack) || !has(self.providerParameters.openstack.floatingIP) || self.providerParameters.openstack.floatingIP == ""`,message="cannot specify a floating ip when scope is internal" type LoadBalancerStrategy struct { // scope indicates the scope at which the load balancer is exposed. // Possible values are "External" and "Internal". @@ -678,19 +679,28 @@ type IBMLoadBalancerParameters struct { // OpenStackLoadBalancerParameters provides configuration settings that are // specific to OpenStack load balancers. type OpenStackLoadBalancerParameters struct { - // loadBalancerIP specifies the floating IP address that the load balancer will use. + // loadBalancerIP is tombstoned since the field was replaced by floatingIP. + // LoadBalancerIP string `json:"loadBalancerIP,omitempty"` + + // floatingIP specifies the IP address that the load balancer will use. // When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. + // When specified, the floating IP has to be pre-created. If the + // specified value is not a floating IP or is already claimed, the + // OpenStack cloud provider won't be able to provision the load + // balancer. + // This field may only be used if the IngressController has External scope. // This value must be a valid IPv4 or IPv6 address. // + --- - // + Note: this field is meant to be set by the ingress controller to populate the - // + `Service.Spec.LoadBalancerIP` field which has been deprecated in Kubernetes: + // + Note: this field is meant to be set by the ingress controller + // + to populate the `Service.Spec.LoadBalancerIP` field which has been + // + deprecated in Kubernetes: // + https://github.com/kubernetes/kubernetes/pull/107235 // + However, the field is still used by cloud-provider-openstack to reconcile - // + the floating IP that we attach to the load balancer. + // + the floating IP that we attach to the external load balancer. // - // +kubebuilder:validation:XValidation:rule="isIP(self)",message="loadBalancerIP must be a valid IPv4 or IPv6 address" + // +kubebuilder:validation:XValidation:rule="isIP(self)",message="floatingIP must be a valid IPv4 or IPv6 address" // +optional - LoadBalancerIP string `json:"loadBalancerIP,omitempty"` + FloatingIP string `json:"floatingIP,omitempty"` } // AWSClassicLoadBalancerParameters holds configuration parameters for an diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_10_config-operator_01_configs.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_10_config-operator_01_configs.crd.yaml index c2d91226a..323ba4687 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_10_config-operator_01_configs.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_10_config-operator_01_configs.crd.yaml @@ -110,6 +110,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -117,10 +120,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-CustomNoUpgrade.crd.yaml index afe82c37b..b68cce4db 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-CustomNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-CustomNoUpgrade.crd.yaml @@ -151,6 +151,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -158,10 +161,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-Default.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-Default.crd.yaml index f5df3557f..ebe2486ef 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-Default.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-Default.crd.yaml @@ -138,6 +138,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -145,10 +148,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml index 3c01a3ce6..bc49df765 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml @@ -151,6 +151,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -158,10 +161,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-TechPreviewNoUpgrade.crd.yaml index cfaa4c7ce..8449c20a6 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-TechPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-TechPreviewNoUpgrade.crd.yaml @@ -151,6 +151,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -158,10 +161,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers.crd.yaml index da4ae9be6..435a8a81e 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers.crd.yaml @@ -128,6 +128,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -135,10 +138,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_25_kube-controller-manager_01_kubecontrollermanagers.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_25_kube-controller-manager_01_kubecontrollermanagers.crd.yaml index 4cbd378af..7cd18e09b 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_25_kube-controller-manager_01_kubecontrollermanagers.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_25_kube-controller-manager_01_kubecontrollermanagers.crd.yaml @@ -137,6 +137,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -144,10 +147,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_25_kube-scheduler_01_kubeschedulers.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_25_kube-scheduler_01_kubeschedulers.crd.yaml index 255eab4c1..9654facc4 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_25_kube-scheduler_01_kubeschedulers.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_25_kube-scheduler_01_kubeschedulers.crd.yaml @@ -128,6 +128,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -135,10 +138,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers.crd.yaml index d2ae6f79a..bb9b904fc 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers.crd.yaml @@ -109,6 +109,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -116,10 +119,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_40_cloud-credential_00_cloudcredentials.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_40_cloud-credential_00_cloudcredentials.crd.yaml index 197b3f4e7..bf6c616af 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_40_cloud-credential_00_cloudcredentials.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_40_cloud-credential_00_cloudcredentials.crd.yaml @@ -126,6 +126,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -133,10 +136,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_40_kube-storage-version-migrator_00_kubestorageversionmigrators.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_40_kube-storage-version-migrator_00_kubestorageversionmigrators.crd.yaml index 930f5506a..30d1f9055 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_40_kube-storage-version-migrator_00_kubestorageversionmigrators.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_40_kube-storage-version-migrator_00_kubestorageversionmigrators.crd.yaml @@ -104,6 +104,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -111,10 +114,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications.crd.yaml index 52fac7bef..3fab2ff1f 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications.crd.yaml @@ -103,6 +103,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -110,10 +113,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_console_01_consoles.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_console_01_consoles.crd.yaml index 956c84547..505332e4b 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_console_01_consoles.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_console_01_consoles.crd.yaml @@ -849,6 +849,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -856,10 +859,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml index 968febc36..2524b5a84 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml @@ -639,15 +639,20 @@ spec: If empty, defaults will be applied. See specific openstack fields for details about their defaults. properties: - loadBalancerIP: + floatingIP: description: |- - loadBalancerIP specifies the floating IP address that the load balancer will use. + floatingIP specifies the IP address that the load balancer will use. When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. + When specified, the floating IP has to be pre-created. If the + specified value is not a floating IP or is already claimed, the + OpenStack cloud provider won't be able to provision the load + balancer. + This field may only be used if the IngressController has External scope. This value must be a valid IPv4 or IPv6 address. type: string x-kubernetes-validations: - - message: loadBalancerIP must be a valid IPv4 or - IPv6 address + - message: floatingIP must be a valid IPv4 or IPv6 + address rule: isIP(self) type: object type: @@ -689,6 +694,10 @@ spec: rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) || !has(self.providerParameters.aws) || !has(self.providerParameters.aws.networkLoadBalancer) || !has(self.providerParameters.aws.networkLoadBalancer.eipAllocations)' + - message: cannot specify a floating ip when scope is internal + rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) + || !has(self.providerParameters.openstack) || !has(self.providerParameters.openstack.floatingIP) + || self.providerParameters.openstack.floatingIP == ""' nodePort: description: |- nodePort holds parameters for the NodePortService endpoint publishing strategy. @@ -2336,6 +2345,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -2343,10 +2355,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array @@ -2815,15 +2837,20 @@ spec: If empty, defaults will be applied. See specific openstack fields for details about their defaults. properties: - loadBalancerIP: + floatingIP: description: |- - loadBalancerIP specifies the floating IP address that the load balancer will use. + floatingIP specifies the IP address that the load balancer will use. When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. + When specified, the floating IP has to be pre-created. If the + specified value is not a floating IP or is already claimed, the + OpenStack cloud provider won't be able to provision the load + balancer. + This field may only be used if the IngressController has External scope. This value must be a valid IPv4 or IPv6 address. type: string x-kubernetes-validations: - - message: loadBalancerIP must be a valid IPv4 or - IPv6 address + - message: floatingIP must be a valid IPv4 or IPv6 + address rule: isIP(self) type: object type: @@ -2865,6 +2892,10 @@ spec: rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) || !has(self.providerParameters.aws) || !has(self.providerParameters.aws.networkLoadBalancer) || !has(self.providerParameters.aws.networkLoadBalancer.eipAllocations)' + - message: cannot specify a floating ip when scope is internal + rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) + || !has(self.providerParameters.openstack) || !has(self.providerParameters.openstack.floatingIP) + || self.providerParameters.openstack.floatingIP == ""' nodePort: description: |- nodePort holds parameters for the NodePortService endpoint publishing strategy. diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_insights_00_insightsoperators.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_insights_00_insightsoperators.crd.yaml index d1d2fa6b0..b7ce165e3 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_insights_00_insightsoperators.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_insights_00_insightsoperators.crd.yaml @@ -108,6 +108,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -115,10 +118,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_openshift-controller-manager_02_openshiftcontrollermanagers.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_openshift-controller-manager_02_openshiftcontrollermanagers.crd.yaml index 1abf8e03d..d6dabdda0 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_openshift-controller-manager_02_openshiftcontrollermanagers.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_openshift-controller-manager_02_openshiftcontrollermanagers.crd.yaml @@ -106,6 +106,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -113,10 +116,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_service-ca_02_servicecas.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_service-ca_02_servicecas.crd.yaml index f31a18f21..16fba0d6d 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_service-ca_02_servicecas.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_service-ca_02_servicecas.crd.yaml @@ -107,6 +107,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -114,10 +117,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_storage_01_storages.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_storage_01_storages.crd.yaml index b928c9137..e0f841881 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_storage_01_storages.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_storage_01_storages.crd.yaml @@ -123,6 +123,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -130,10 +133,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_dns_00_dnses.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_dns_00_dnses.crd.yaml index bdb32882b..7d2acd004 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_dns_00_dnses.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_dns_00_dnses.crd.yaml @@ -576,6 +576,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -583,10 +586,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-CustomNoUpgrade.crd.yaml index c023c8c27..146c68405 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-CustomNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-CustomNoUpgrade.crd.yaml @@ -923,6 +923,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -930,10 +933,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-Default.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-Default.crd.yaml index e1adf488a..3f150defe 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-Default.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-Default.crd.yaml @@ -867,6 +867,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -874,10 +877,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml index ce2db2e92..fd0679763 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml @@ -923,6 +923,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -930,10 +933,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml index 2704f6fbd..e55b94afc 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml @@ -923,6 +923,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -930,10 +933,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_80_csi-snapshot-controller_01_csisnapshotcontrollers.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_80_csi-snapshot-controller_01_csisnapshotcontrollers.crd.yaml index 23197942e..a166e4c3a 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_80_csi-snapshot-controller_01_csisnapshotcontrollers.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_80_csi-snapshot-controller_01_csisnapshotcontrollers.crd.yaml @@ -107,6 +107,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -114,10 +117,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_90_csi-driver_01_clustercsidrivers.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_90_csi-driver_01_clustercsidrivers.crd.yaml index 1f0f61a94..9a65a695a 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_90_csi-driver_01_clustercsidrivers.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_90_csi-driver_01_clustercsidrivers.crd.yaml @@ -384,6 +384,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -391,10 +394,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index a3a78a89b..03d9e16ed 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -52,7 +52,10 @@ func (NodeStatus) SwaggerDoc() map[string]string { } var map_OperatorCondition = map[string]string{ - "": "OperatorCondition is just the standard condition fields.", + "": "OperatorCondition is just the standard condition fields.", + "type": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "status": "status of the condition, one of True, False, Unknown.", + "lastTransitionTime": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", } func (OperatorCondition) SwaggerDoc() map[string]string { @@ -1122,8 +1125,8 @@ func (NodePortStrategy) SwaggerDoc() map[string]string { } var map_OpenStackLoadBalancerParameters = map[string]string{ - "": "OpenStackLoadBalancerParameters provides configuration settings that are specific to OpenStack load balancers.", - "loadBalancerIP": "loadBalancerIP specifies the floating IP address that the load balancer will use. When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. This value must be a valid IPv4 or IPv6 address. ", + "": "OpenStackLoadBalancerParameters provides configuration settings that are specific to OpenStack load balancers.", + "floatingIP": "floatingIP specifies the IP address that the load balancer will use. When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. When specified, the floating IP has to be pre-created. If the specified value is not a floating IP or is already claimed, the OpenStack cloud provider won't be able to provision the load balancer. This field may only be used if the IngressController has External scope. This value must be a valid IPv4 or IPv6 address. ", } func (OpenStackLoadBalancerParameters) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/library-go/pkg/manifestclient/discovery_reader.go b/vendor/github.com/openshift/library-go/pkg/manifestclient/discovery_reader.go new file mode 100644 index 000000000..e5126561c --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/manifestclient/discovery_reader.go @@ -0,0 +1,150 @@ +package manifestclient + +import ( + "embed" + "errors" + "fmt" + "io/fs" + "path/filepath" + "sync" + + apidiscoveryv2 "k8s.io/api/apidiscovery/v2" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/util/json" + apirequest "k8s.io/apiserver/pkg/endpoints/request" + "sigs.k8s.io/yaml" +) + +type kindData struct { + kind schema.GroupVersionKind + listKind schema.GroupVersionKind + err error +} + +func newDiscoveryReader(content fs.FS) *discoveryReader { + return &discoveryReader{ + sourceFS: content, + kindForResource: make(map[schema.GroupVersionResource]kindData), + } +} + +type discoveryReader struct { + kindForResource map[schema.GroupVersionResource]kindData + + sourceFS fs.FS + lock sync.RWMutex +} + +func (dr *discoveryReader) getKindForResource(gvr schema.GroupVersionResource) (kindData, error) { + dr.lock.RLock() + kindForGVR, ok := dr.kindForResource[gvr] + if ok { + defer dr.lock.RUnlock() + return kindForGVR, kindForGVR.err + } + dr.lock.RUnlock() + + dr.lock.Lock() + defer dr.lock.Unlock() + + kindForGVR, ok = dr.kindForResource[gvr] + if ok { + return kindForGVR, kindForGVR.err + } + + discoveryPath := "/apis" + if len(gvr.Group) == 0 { + discoveryPath = "/api" + } + discoveryBytes, err := dr.getGroupResourceDiscovery(&apirequest.RequestInfo{Path: discoveryPath}) + if err != nil { + kindForGVR.err = fmt.Errorf("error reading discovery: %w", err) + dr.kindForResource[gvr] = kindForGVR + return kindForGVR, kindForGVR.err + } + + discoveryInfo := &apidiscoveryv2.APIGroupDiscoveryList{} + if err := json.Unmarshal(discoveryBytes, discoveryInfo); err != nil { + kindForGVR.err = fmt.Errorf("error unmarshalling discovery: %w", err) + dr.kindForResource[gvr] = kindForGVR + return kindForGVR, kindForGVR.err + } + + kindForGVR.err = fmt.Errorf("did not find kind for %v\n", gvr) + for _, groupInfo := range discoveryInfo.Items { + if groupInfo.Name != gvr.Group { + continue + } + for _, versionInfo := range groupInfo.Versions { + if versionInfo.Version != gvr.Version { + continue + } + for _, resourceInfo := range versionInfo.Resources { + if resourceInfo.Resource != gvr.Resource { + continue + } + if resourceInfo.ResponseKind == nil { + continue + } + kindForGVR.kind = schema.GroupVersionKind{ + Group: gvr.Group, + Version: gvr.Version, + Kind: resourceInfo.ResponseKind.Kind, + } + if len(resourceInfo.ResponseKind.Group) > 0 { + kindForGVR.kind.Group = resourceInfo.ResponseKind.Group + } + if len(resourceInfo.ResponseKind.Version) > 0 { + kindForGVR.kind.Version = resourceInfo.ResponseKind.Version + } + kindForGVR.listKind = schema.GroupVersionKind{ + Group: kindForGVR.kind.Group, + Version: kindForGVR.kind.Version, + Kind: resourceInfo.ResponseKind.Kind + "List", + } + kindForGVR.err = nil + dr.kindForResource[gvr] = kindForGVR + return kindForGVR, kindForGVR.err + } + } + } + + dr.kindForResource[gvr] = kindForGVR + return kindForGVR, kindForGVR.err +} + +func (dr *discoveryReader) getGroupResourceDiscovery(requestInfo *apirequest.RequestInfo) ([]byte, error) { + switch { + case requestInfo.Path == "/api": + return dr.getAggregatedDiscoveryForURL("aggregated-discovery-api.yaml", requestInfo.Path) + case requestInfo.Path == "/apis": + return dr.getAggregatedDiscoveryForURL("aggregated-discovery-apis.yaml", requestInfo.Path) + default: + // TODO can probably do better + return nil, fmt.Errorf("unsupported discovery path: %q", requestInfo.Path) + } +} + +func (dr *discoveryReader) getAggregatedDiscoveryForURL(filename, url string) ([]byte, error) { + discoveryBytes, err := fs.ReadFile(dr.sourceFS, filename) + if errors.Is(err, fs.ErrNotExist) { + discoveryBytes, err = fs.ReadFile(defaultDiscovery, filepath.Join("default-discovery", filename)) + } + if err != nil { + return nil, fmt.Errorf("error reading discovery: %w", err) + } + + apiMap := map[string]interface{}{} + if err := yaml.Unmarshal(discoveryBytes, &apiMap); err != nil { + return nil, fmt.Errorf("discovery %q unmarshal failed: %w", url, err) + } + apiJSON, err := json.Marshal(apiMap) + if err != nil { + return nil, fmt.Errorf("discovery %q marshal failed: %w", url, err) + } + + return apiJSON, err +} + +//go:embed default-discovery +var defaultDiscovery embed.FS diff --git a/vendor/github.com/openshift/library-go/pkg/manifestclient/group_resource_discovery.go b/vendor/github.com/openshift/library-go/pkg/manifestclient/group_resource_discovery.go deleted file mode 100644 index 84e3b5aff..000000000 --- a/vendor/github.com/openshift/library-go/pkg/manifestclient/group_resource_discovery.go +++ /dev/null @@ -1,250 +0,0 @@ -package manifestclient - -import ( - "errors" - "fmt" - "io/fs" - "path/filepath" - "strings" - - "k8s.io/apimachinery/pkg/util/json" - "sigs.k8s.io/yaml" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - apirequest "k8s.io/apiserver/pkg/endpoints/request" -) - -func (mrt *manifestRoundTripper) getGroupResourceDiscovery(requestInfo *apirequest.RequestInfo) ([]byte, error) { - switch { - case requestInfo.Path == "/api": - ret, err := mrt.getAggregatedDiscoveryForURL("aggregated-discovery-api.yaml", requestInfo.Path) - if errors.Is(err, fs.ErrNotExist) { - return mrt.getLegacyGroupResourceDiscovery(requestInfo) - } - return ret, err - case requestInfo.Path == "/apis": - ret, err := mrt.getAggregatedDiscoveryForURL("aggregated-discovery-apis.yaml", requestInfo.Path) - if errors.Is(err, fs.ErrNotExist) { - return mrt.getLegacyGroupResourceDiscovery(requestInfo) - } - return ret, err - default: - // TODO can probably do better - return nil, fmt.Errorf("unsupported discovery path: %q", requestInfo.Path) - } -} - -func (mrt *manifestRoundTripper) getAggregatedDiscoveryForURL(filename, url string) ([]byte, error) { - discoveryBytes, err := fs.ReadFile(mrt.sourceFS, filename) - if errors.Is(err, fs.ErrNotExist) { - discoveryBytes, err = fs.ReadFile(defaultDiscovery, filepath.Join("default-discovery", filename)) - } - if err != nil { - return nil, fmt.Errorf("error reading discovery: %w", err) - } - - apiMap := map[string]interface{}{} - if err := yaml.Unmarshal(discoveryBytes, &apiMap); err != nil { - return nil, fmt.Errorf("discovery %q unmarshal failed: %w", url, err) - } - apiJSON, err := json.Marshal(apiMap) - if err != nil { - return nil, fmt.Errorf("discovery %q marshal failed: %w", url, err) - } - - return apiJSON, err -} - -func (mrt *manifestRoundTripper) getLegacyGroupResourceDiscovery(requestInfo *apirequest.RequestInfo) ([]byte, error) { - if len(requestInfo.Path) == 0 { - return nil, fmt.Errorf("path required for group resource discovery") - } - - apiResourceList := &metav1.APIResourceList{} - - group, version, err := splitGroupVersionFromRequestPath(requestInfo.Path) - if err != nil { - return nil, fmt.Errorf("unable to split group/version from path: %w", err) - } - - apiResourceList.GroupVersion = fmt.Sprintf("%s/%s", group, version) - if group == "core" { - apiResourceList.GroupVersion = version - } - - // Map of resource name to APIResource. - apiResources := map[string]metav1.APIResource{} - - clusterGroupPath := filepath.Join("cluster-scoped-resources", group) - clusterGroupDirEntries, err := fs.ReadDir(mrt.sourceFS, clusterGroupPath) - if err != nil && !errors.Is(err, fs.ErrNotExist) { - return nil, fmt.Errorf("unable to read directory: %w", err) - } - - apiResourcesForClusterScope, err := getAPIResourcesFromNamespaceDirEntries(clusterGroupDirEntries, mrt.sourceFS, group, version, clusterGroupPath, false /* cluster-scoped */) - if err != nil { - return nil, fmt.Errorf("unable to get resources from cluster-scoped directory: %w", err) - } - for resourceName, apiResource := range apiResourcesForClusterScope { - apiResources[resourceName] = apiResource - } - - namespaceDirEntries, err := fs.ReadDir(mrt.sourceFS, "namespaces") - if err != nil { - return nil, fmt.Errorf("unable to read directory: %w", err) - } - for _, namespaceDirEntry := range namespaceDirEntries { - if !namespaceDirEntry.IsDir() { - continue - } - - namespaceGroupPath := filepath.Join("namespaces", namespaceDirEntry.Name(), group) - namespaceGroupDirEntries, err := fs.ReadDir(mrt.sourceFS, namespaceGroupPath) - if err != nil && !errors.Is(err, fs.ErrNotExist) { - return nil, fmt.Errorf("unable to read directory: %w", err) - } else if errors.Is(err, fs.ErrNotExist) { - // No resources for this namespace. - continue - } - - apiResourcesForNamespace, err := getAPIResourcesFromNamespaceDirEntries(namespaceGroupDirEntries, mrt.sourceFS, group, version, namespaceGroupPath, true /* namespaced */) - if err != nil { - return nil, fmt.Errorf("unable to get resources from namespace directory: %w", err) - } - - for resourceName, apiResource := range apiResourcesForNamespace { - apiResources[resourceName] = apiResource - } - - // Namespaces are special: each namespace is stored in its own file within the namespace directory - namespacePath := filepath.Join("namespaces", namespaceDirEntry.Name(), namespaceDirEntry.Name()+".yaml") - if namespaceObj, err := readIndividualFile(mrt.sourceFS, namespacePath); err == nil { - // It's currently not guaranteed that the file is always present - apiResources["namespaces"] = metav1.APIResource{ - Name: "namespaces", - Kind: namespaceObj.GetKind(), - Group: namespaceObj.GroupVersionKind().Group, - Version: namespaceObj.GroupVersionKind().Version, - Namespaced: false, - Verbs: []string{"get", "list", "watch"}, - } - } - } - - for _, apiResource := range apiResources { - apiResourceList.APIResources = append(apiResourceList.APIResources, apiResource) - } - - ret, err := serializeAPIResourceListToJSON(apiResourceList) - if err != nil { - return nil, fmt.Errorf("failed to serialize group resource discovery: %v", err) - } - return []byte(ret), nil -} - -func splitGroupVersionFromRequestPath(path string) (string, string, error) { - if path == "/api/v1" { - return "core", "v1", nil - } - - parts := strings.Split(path, "/") - if len(parts) != 4 { - return "", "", fmt.Errorf("invalid path: %s", path) - } - - return parts[2], parts[3], nil -} - -func getResourceDirAPIServerListEntry(sourceFS fs.FS, groupPath, resourceName, group, version string, namespaced bool) (*metav1.APIResource, error) { - resourceDirEntries, err := fs.ReadDir(sourceFS, filepath.Join(groupPath, resourceName)) - if err != nil { - return nil, fmt.Errorf("unable to read directory: %w", err) - } - for _, fileEntry := range resourceDirEntries { - if !strings.HasSuffix(fileEntry.Name(), ".yaml") { - // There shouldn't be anything that hits this, but ignore it if there is. - continue - } - - individualObj, individualErr := readIndividualFile(sourceFS, filepath.Join(groupPath, resourceName, fileEntry.Name())) - if individualErr != nil { - return nil, fmt.Errorf("unable to read file: %w", individualErr) - } - - groupVersion := fmt.Sprintf("%s/%s", group, version) - if group == "core" { - group = "" - groupVersion = version - } - - if individualObj.GetAPIVersion() != groupVersion { - continue - } - - // No point checking further, all files should produce the same APIResource. - return &metav1.APIResource{ - Name: resourceName, - Kind: individualObj.GetKind(), - Group: group, - Version: version, - Namespaced: namespaced, - Verbs: []string{"get", "list", "watch"}, - }, nil - } - - return nil, nil -} - -func getAPIResourcesFromNamespaceDirEntries(dirEntries []fs.DirEntry, sourceFS fs.FS, group, version string, basePath string, namespaced bool) (map[string]metav1.APIResource, error) { - apiResources := map[string]metav1.APIResource{} - for _, dirEntry := range dirEntries { - // Directories are named after the resource and contain individual resources. - if dirEntry.IsDir() { - apiResource, err := getResourceDirAPIServerListEntry(sourceFS, basePath, dirEntry.Name(), group, version, namespaced) - if err != nil { - return nil, fmt.Errorf("unable to get resource from directory: %w", err) - } - if apiResource != nil { - apiResources[dirEntry.Name()] = *apiResource - } - } - - if !strings.HasSuffix(dirEntry.Name(), ".yaml") { - // There shouldn't be anything that hits this, but ignore it if there is. - continue - } - - resourceName := strings.TrimSuffix(dirEntry.Name(), ".yaml") - if _, ok := apiResources[resourceName]; ok { - // We already have this resource. - continue - } - - // Files are named after the resource and contain a list of resources. - listObj, err := readListFile(sourceFS, filepath.Join(basePath, dirEntry.Name())) - if err != nil { - return nil, fmt.Errorf("unable to read list file: %w", err) - } - - for _, obj := range listObj.Items { - if obj.GetAPIVersion() != fmt.Sprintf("%s/%s", group, version) { - continue - } - - apiResources[resourceName] = metav1.APIResource{ - Name: resourceName, - Kind: obj.GetKind(), - Group: group, - Version: version, - Namespaced: namespaced, - Verbs: []string{"get", "list", "watch"}, - } - - // Once we find a resource in the expected group/version, we can break. - // Anything else would produce the same APIResource. - break - } - } - - return apiResources, nil -} diff --git a/vendor/github.com/openshift/library-go/pkg/manifestclient/list.go b/vendor/github.com/openshift/library-go/pkg/manifestclient/list.go index d0e61f761..6ee3da6e5 100644 --- a/vendor/github.com/openshift/library-go/pkg/manifestclient/list.go +++ b/vendor/github.com/openshift/library-go/pkg/manifestclient/list.go @@ -42,7 +42,7 @@ func (mrt *manifestRoundTripper) listAll(requestInfo *apirequest.RequestInfo) ([ Resource: requestInfo.Resource, } - kind, err := mrt.getKindForResource(gvr) + kind, err := mrt.discoveryReader.getKindForResource(gvr) if err != nil { return nil, fmt.Errorf("unable to determine list kind: %w", err) } @@ -240,7 +240,10 @@ func allPossibleListFileLocations(sourceFS fs.FS, requestInfo *apirequest.Reques allPossibleListFileLocations = append(allPossibleListFileLocations, filepath.Join(clusterParts...)) namespaces, err := allNamespacesWithData(sourceFS) - if err != nil { + switch { + case errors.Is(err, fs.ErrNotExist): + return allPossibleListFileLocations, nil + case err != nil: return nil, fmt.Errorf("unable to read namespaces: %w", err) } for _, ns := range namespaces { diff --git a/vendor/github.com/openshift/library-go/pkg/manifestclient/read_roundtripper.go b/vendor/github.com/openshift/library-go/pkg/manifestclient/read_roundtripper.go index 4f798e5c2..bb0290632 100644 --- a/vendor/github.com/openshift/library-go/pkg/manifestclient/read_roundtripper.go +++ b/vendor/github.com/openshift/library-go/pkg/manifestclient/read_roundtripper.go @@ -2,19 +2,14 @@ package manifestclient import ( "bytes" - "embed" "fmt" "io" "io/fs" "net/http" "strconv" "strings" - "sync" "time" - apidiscoveryv2 "k8s.io/api/apidiscovery/v2" - "k8s.io/apimachinery/pkg/util/json" - apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/runtime/schema" utilruntime "k8s.io/apimachinery/pkg/util/runtime" @@ -36,23 +31,16 @@ type manifestRoundTripper struct { // requestInfoResolver is the same type constructed the same way as the kube-apiserver requestInfoResolver *apirequest.RequestInfoFactory - lock sync.RWMutex - kindForResource map[schema.GroupVersionResource]kindData -} - -type kindData struct { - kind schema.GroupVersionKind - listKind schema.GroupVersionKind - err error + discoveryReader *discoveryReader } -func newReadRoundTripper(content fs.FS) *manifestRoundTripper { +func newReadRoundTripper(content fs.FS, discoveryRoundTripper *discoveryReader) *manifestRoundTripper { return &manifestRoundTripper{ sourceFS: content, requestInfoResolver: server.NewRequestInfoResolver(&server.Config{ LegacyAPIGroupPrefixes: sets.NewString(server.DefaultLegacyAPIPrefix), }), - kindForResource: make(map[schema.GroupVersionResource]kindData), + discoveryReader: discoveryRoundTripper, } } @@ -82,7 +70,7 @@ func (mrt *manifestRoundTripper) RoundTrip(req *http.Request) (*http.Response, e switch requestInfo.Verb { case "get": if isDiscovery { - returnBody, returnErr = mrt.getGroupResourceDiscovery(requestInfo) + returnBody, returnErr = mrt.discoveryReader.getGroupResourceDiscovery(requestInfo) } else { // TODO handle label and field selectors because single item lists are GETs returnBody, returnErr = mrt.get(requestInfo) @@ -168,84 +156,3 @@ func isServerGroupResourceDiscovery(path string) bool { } return parts[0] == "" && parts[1] == "apis" } - -//go:embed default-discovery -var defaultDiscovery embed.FS - -func (mrt *manifestRoundTripper) getKindForResource(gvr schema.GroupVersionResource) (kindData, error) { - mrt.lock.RLock() - kindForGVR, ok := mrt.kindForResource[gvr] - if ok { - defer mrt.lock.RUnlock() - return kindForGVR, kindForGVR.err - } - mrt.lock.RUnlock() - - mrt.lock.Lock() - defer mrt.lock.Unlock() - - kindForGVR, ok = mrt.kindForResource[gvr] - if ok { - return kindForGVR, kindForGVR.err - } - - discoveryPath := "/apis" - if len(gvr.Group) == 0 { - discoveryPath = "/api" - } - discoveryBytes, err := mrt.getGroupResourceDiscovery(&apirequest.RequestInfo{Path: discoveryPath}) - if err != nil { - kindForGVR.err = fmt.Errorf("error reading discovery: %w", err) - mrt.kindForResource[gvr] = kindForGVR - return kindForGVR, kindForGVR.err - } - - discoveryInfo := &apidiscoveryv2.APIGroupDiscoveryList{} - if err := json.Unmarshal(discoveryBytes, discoveryInfo); err != nil { - kindForGVR.err = fmt.Errorf("error unmarshalling discovery: %w", err) - mrt.kindForResource[gvr] = kindForGVR - return kindForGVR, kindForGVR.err - } - - kindForGVR.err = fmt.Errorf("did not find kind for %v\n", gvr) - for _, groupInfo := range discoveryInfo.Items { - if groupInfo.Name != gvr.Group { - continue - } - for _, versionInfo := range groupInfo.Versions { - if versionInfo.Version != gvr.Version { - continue - } - for _, resourceInfo := range versionInfo.Resources { - if resourceInfo.Resource != gvr.Resource { - continue - } - if resourceInfo.ResponseKind == nil { - continue - } - kindForGVR.kind = schema.GroupVersionKind{ - Group: gvr.Group, - Version: gvr.Version, - Kind: resourceInfo.ResponseKind.Kind, - } - if len(resourceInfo.ResponseKind.Group) > 0 { - kindForGVR.kind.Group = resourceInfo.ResponseKind.Group - } - if len(resourceInfo.ResponseKind.Version) > 0 { - kindForGVR.kind.Version = resourceInfo.ResponseKind.Version - } - kindForGVR.listKind = schema.GroupVersionKind{ - Group: kindForGVR.kind.Group, - Version: kindForGVR.kind.Version, - Kind: resourceInfo.ResponseKind.Kind + "List", - } - kindForGVR.err = nil - mrt.kindForResource[gvr] = kindForGVR - return kindForGVR, kindForGVR.err - } - } - } - - mrt.kindForResource[gvr] = kindForGVR - return kindForGVR, kindForGVR.err -} diff --git a/vendor/github.com/openshift/library-go/pkg/manifestclient/readwrite_roundtripper.go b/vendor/github.com/openshift/library-go/pkg/manifestclient/readwrite_roundtripper.go index c781a41c5..13d01f533 100644 --- a/vendor/github.com/openshift/library-go/pkg/manifestclient/readwrite_roundtripper.go +++ b/vendor/github.com/openshift/library-go/pkg/manifestclient/readwrite_roundtripper.go @@ -49,10 +49,11 @@ func NewRoundTripper(mustGatherDir string) *readWriteRoundTripper { } func newReadWriteRoundTripper(sourceFS fs.FS) *readWriteRoundTripper { - return &readWriteRoundTripper{ - readDelegate: newReadRoundTripper(sourceFS), - writeDelegate: newWriteRoundTripper(), - } + rt := &readWriteRoundTripper{} + discoveryReader := newDiscoveryReader(sourceFS) + rt.readDelegate = newReadRoundTripper(sourceFS, discoveryReader) + rt.writeDelegate = newWriteRoundTripper(discoveryReader) + return rt } type readWriteRoundTripper struct { diff --git a/vendor/github.com/openshift/library-go/pkg/manifestclient/write_roundtripper.go b/vendor/github.com/openshift/library-go/pkg/manifestclient/write_roundtripper.go index a75dd8a4a..d85d78dd4 100644 --- a/vendor/github.com/openshift/library-go/pkg/manifestclient/write_roundtripper.go +++ b/vendor/github.com/openshift/library-go/pkg/manifestclient/write_roundtripper.go @@ -28,18 +28,21 @@ type writeTrackingRoundTripper struct { // requestInfoResolver is the same type constructed the same way as the kube-apiserver requestInfoResolver *apirequest.RequestInfoFactory + discoveryReader *discoveryReader + lock sync.RWMutex nextRequestNumber int actionTracker *AllActionsTracker[TrackedSerializedRequest] } -func newWriteRoundTripper() *writeTrackingRoundTripper { +func newWriteRoundTripper(discoveryRoundTripper *discoveryReader) *writeTrackingRoundTripper { return &writeTrackingRoundTripper{ nextRequestNumber: 1, actionTracker: &AllActionsTracker[TrackedSerializedRequest]{}, requestInfoResolver: server.NewRequestInfoResolver(&server.Config{ LegacyAPIGroupPrefixes: sets.NewString(server.DefaultLegacyAPIPrefix), }), + discoveryReader: discoveryRoundTripper, } } @@ -213,8 +216,14 @@ func (mrt *writeTrackingRoundTripper) roundTrip(req *http.Request) ([]byte, erro ret := &unstructured.Unstructured{Object: map[string]interface{}{}} ret.SetName(serializedRequest.ActionMetadata.Name) ret.SetNamespace(serializedRequest.ActionMetadata.Namespace) - if actionHasRuntimeObjectBody { // TODO might be able to do something generally based on discovery if absolutely necessary + if actionHasRuntimeObjectBody { ret.SetGroupVersionKind(bodyObj.GetObjectKind().GroupVersionKind()) + } else { + kindForResource, err := mrt.discoveryReader.getKindForResource(gvr) + if err != nil { + return nil, err + } + ret.SetGroupVersionKind(kindForResource.kind) } retBytes, err := json.Marshal(ret.Object) if err != nil { diff --git a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/apiservice/apiservice_controller.go b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/apiservice/apiservice_controller.go index 78d3fe663..817f7fe1a 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/apiservice/apiservice_controller.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/apiservice/apiservice_controller.go @@ -70,7 +70,7 @@ func NewAPIServiceController( kubeClient: kubeClient, } - return factory.New().WithSync(c.sync).WithControllerInstanceName(c.controllerInstanceName).ResyncEvery(10*time.Second).WithInformers( + return factory.New().WithSync(c.sync).WithControllerInstanceName(c.controllerInstanceName).ResyncEvery(1*time.Minute).WithInformers( append(informers, kubeInformersForNamespaces.InformersFor(targetNamespace).Core().V1().Services().Informer(), kubeInformersForNamespaces.InformersFor(targetNamespace).Core().V1().Endpoints().Informer(), diff --git a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/auditpolicy/auditpolicy_controller.go b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/auditpolicy/auditpolicy_controller.go index 9695e69da..318bf2e52 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/auditpolicy/auditpolicy_controller.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/auditpolicy/auditpolicy_controller.go @@ -38,7 +38,6 @@ func NewAuditPolicyController( name string, targetNamespace string, targetConfigMapName string, - apiserverConfigLister configv1listers.APIServerLister, operatorClient v1helpers.OperatorClient, kubeClient kubernetes.Interface, configInformers configinformers.SharedInformerFactory, @@ -48,13 +47,13 @@ func NewAuditPolicyController( c := &auditPolicyController{ controllerInstanceName: factory.ControllerInstanceName(name, "AuditPolicy"), operatorClient: operatorClient, - apiserverConfigLister: apiserverConfigLister, + apiserverConfigLister: configInformers.Config().V1().APIServers().Lister(), kubeClient: kubeClient, targetNamespace: targetNamespace, targetConfigMapName: targetConfigMapName, } - return factory.New().WithSync(c.sync).WithControllerInstanceName(c.controllerInstanceName).ResyncEvery(10*time.Second).WithInformers( + return factory.New().WithSync(c.sync).WithControllerInstanceName(c.controllerInstanceName).ResyncEvery(1*time.Minute).WithInformers( configInformers.Config().V1().APIServers().Informer(), kubeInformersForTargetNamesace.Core().V1().ConfigMaps().Informer(), operatorClient.Informer(), diff --git a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/workload/workload.go b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/workload/workload.go index e6e0ba8e2..732740236 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/workload/workload.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/workload/workload.go @@ -35,7 +35,7 @@ const ( // Delegate captures a set of methods that hold a custom logic type Delegate interface { // Sync a method that will be used for delegation. It should bring the desired workload into operation. - Sync(ctx context.Context, controllerContext factory.SyncContext) (*appsv1.Deployment, bool, []error) + Sync(ctx context.Context, controllerContext factory.SyncContext) (*appsv1.Deployment, bool, bool, []error) // PreconditionFulfilled a method that indicates whether all prerequisites are met and we can Sync. // @@ -83,7 +83,7 @@ func NewController(instanceName, operatorNamespace, targetNamespace, targetOpera kubeClient kubernetes.Interface, podLister corev1listers.PodLister, informers []factory.Informer, - tagetNamespaceInformers []factory.Informer, + targetNamespaceInformers []factory.Informer, delegate Delegate, openshiftClusterConfigClient openshiftconfigclientv1.ClusterOperatorInterface, eventRecorder events.Recorder, @@ -102,11 +102,11 @@ func NewController(instanceName, operatorNamespace, targetNamespace, targetOpera delegate: delegate, openshiftClusterConfigClient: openshiftClusterConfigClient, versionRecorder: versionRecorder, - queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), instanceName), + queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultTypedControllerRateLimiter[any](), instanceName), } c := factory.New() - for _, nsi := range tagetNamespaceInformers { + for _, nsi := range targetNamespaceInformers { c.WithNamespaceInformer(nsi, targetNamespace) } @@ -130,14 +130,14 @@ func (c *Controller) sync(ctx context.Context, controllerContext factory.SyncCon } if fulfilled, err := c.delegate.PreconditionFulfilled(ctx); err != nil { - return c.updateOperatorStatus(ctx, operatorStatus, nil, false, false, []error{err}) + return c.updateOperatorStatus(ctx, operatorStatus, nil, false, false, false, []error{err}) } else if !fulfilled { - return c.updateOperatorStatus(ctx, operatorStatus, nil, false, false, nil) + return c.updateOperatorStatus(ctx, operatorStatus, nil, false, false, false, nil) } - workload, operatorConfigAtHighestGeneration, errs := c.delegate.Sync(ctx, controllerContext) + workload, operatorConfigAtHighestGeneration, removeConditions, errs := c.delegate.Sync(ctx, controllerContext) - return c.updateOperatorStatus(ctx, operatorStatus, workload, operatorConfigAtHighestGeneration, true, errs) + return c.updateOperatorStatus(ctx, operatorStatus, workload, operatorConfigAtHighestGeneration, true, removeConditions, errs) } // shouldSync checks ManagementState to determine if we can run this operator, probably set by a cluster administrator. @@ -159,22 +159,30 @@ func (c *Controller) shouldSync(ctx context.Context, operatorSpec *operatorv1.Op } // updateOperatorStatus updates the status based on the actual workload and errors that might have occurred during synchronization. -func (c *Controller) updateOperatorStatus(ctx context.Context, previousStatus *operatorv1.OperatorStatus, workload *appsv1.Deployment, operatorConfigAtHighestGeneration bool, preconditionsReady bool, errs []error) (err error) { +func (c *Controller) updateOperatorStatus(ctx context.Context, previousStatus *operatorv1.OperatorStatus, workload *appsv1.Deployment, operatorConfigAtHighestGeneration, preconditionsReady, removeConditions bool, errs []error) (err error) { if errs == nil { errs = []error{} } - deploymentAvailableCondition := applyoperatorv1.OperatorCondition(). - WithType(fmt.Sprintf("%sDeployment%s", c.conditionsPrefix, operatorv1.OperatorStatusTypeAvailable)) + typeAvailable := fmt.Sprintf("%sDeployment%s", c.conditionsPrefix, operatorv1.OperatorStatusTypeAvailable) + typeDegraded := fmt.Sprintf("%sDeployment%s", c.conditionsPrefix, operatorv1.OperatorStatusTypeDegraded) + typeProgressing := fmt.Sprintf("%sDeployment%s", c.conditionsPrefix, operatorv1.OperatorStatusTypeProgressing) + typeWorkloadDegraded := fmt.Sprintf("%sWorkload%s", c.conditionsPrefix, operatorv1.OperatorStatusTypeDegraded) - workloadDegradedCondition := applyoperatorv1.OperatorCondition(). - WithType(fmt.Sprintf("%sWorkloadDegraded", c.conditionsPrefix)) + deploymentAvailableCondition := applyoperatorv1.OperatorCondition().WithType(typeAvailable) + workloadDegradedCondition := applyoperatorv1.OperatorCondition().WithType(typeWorkloadDegraded) + deploymentDegradedCondition := applyoperatorv1.OperatorCondition().WithType(typeDegraded) + deploymentProgressingCondition := applyoperatorv1.OperatorCondition().WithType(typeProgressing) - deploymentDegradedCondition := applyoperatorv1.OperatorCondition(). - WithType(fmt.Sprintf("%sDeploymentDegraded", c.conditionsPrefix)) + if preconditionsReady && removeConditions && workload == nil { + jsonPatch := v1helpers.RemoveConditionsJSONPatch(previousStatus, []string{typeAvailable, typeDegraded, typeProgressing, typeWorkloadDegraded}) + if jsonPatch.IsEmpty() { + return kerrors.NewAggregate(errs) + } - deploymentProgressingCondition := applyoperatorv1.OperatorCondition(). - WithType(fmt.Sprintf("%sDeployment%s", c.conditionsPrefix, operatorv1.OperatorStatusTypeProgressing)) + err = c.operatorClient.PatchOperatorStatus(ctx, jsonPatch) + return kerrors.NewAggregate(append(errs, err)) + } status := applyoperatorv1.OperatorStatus() if workload != nil { diff --git a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controllerset/apiservercontrollerset.go b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controllerset/apiservercontrollerset.go index 87311adee..39438998f 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controllerset/apiservercontrollerset.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controllerset/apiservercontrollerset.go @@ -11,7 +11,6 @@ import ( openshiftconfigclientv1 "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1" configinformers "github.com/openshift/client-go/config/informers/externalversions" configv1informers "github.com/openshift/client-go/config/informers/externalversions/config/v1" - configv1listers "github.com/openshift/client-go/config/listers/config/v1" "github.com/openshift/library-go/pkg/controller/factory" "github.com/openshift/library-go/pkg/operator/apiserver/controller/apiservice" "github.com/openshift/library-go/pkg/operator/apiserver/controller/auditpolicy" @@ -400,7 +399,6 @@ func (cs *APIServerControllerSet) WithoutEncryptionControllers() *APIServerContr func (cs *APIServerControllerSet) WithAuditPolicyController( targetNamespace string, targetConfigMapName string, - apiserverConfigLister configv1listers.APIServerLister, configInformers configinformers.SharedInformerFactory, kubeInformersForTargetNamesace kubeinformers.SharedInformerFactory, kubeClient kubernetes.Interface, @@ -409,7 +407,6 @@ func (cs *APIServerControllerSet) WithAuditPolicyController( cs.name, targetNamespace, targetConfigMapName, - apiserverConfigLister, cs.operatorClient, kubeClient, configInformers, diff --git a/vendor/github.com/openshift/library-go/pkg/operator/staleconditions/remove_stale_conditions.go b/vendor/github.com/openshift/library-go/pkg/operator/staleconditions/remove_stale_conditions.go index 3e2e270d5..ad4d0ccbd 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/staleconditions/remove_stale_conditions.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/staleconditions/remove_stale_conditions.go @@ -2,10 +2,8 @@ package staleconditions import ( "context" - "fmt" "time" - "github.com/openshift/library-go/pkg/apiserver/jsonpatch" "github.com/openshift/library-go/pkg/controller/factory" "github.com/openshift/library-go/pkg/operator/events" "github.com/openshift/library-go/pkg/operator/v1helpers" @@ -45,25 +43,7 @@ func (c RemoveStaleConditionsController) sync(ctx context.Context, syncContext f return err } - var removedCount int - jsonPatch := jsonpatch.New() - for i, existingCondition := range operatorStatus.Conditions { - for _, conditionTypeToRemove := range c.conditionTypesToRemove { - if existingCondition.Type != conditionTypeToRemove { - continue - } - removeAtIndex := i - if !jsonPatch.IsEmpty() { - removeAtIndex = removeAtIndex - removedCount - } - jsonPatch.WithRemove( - fmt.Sprintf("/status/conditions/%d", removeAtIndex), - jsonpatch.NewTestCondition(fmt.Sprintf("/status/conditions/%d/type", removeAtIndex), conditionTypeToRemove), - ) - removedCount++ - } - } - + jsonPatch := v1helpers.RemoveConditionsJSONPatch(operatorStatus, c.conditionTypesToRemove) if jsonPatch.IsEmpty() { return nil } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/helpers.go b/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/helpers.go index e69ec34af..794d148ee 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/helpers.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/helpers.go @@ -12,6 +12,7 @@ import ( "github.com/google/go-cmp/cmp" configv1 "github.com/openshift/api/config/v1" operatorv1 "github.com/openshift/api/operator/v1" + "github.com/openshift/library-go/pkg/apiserver/jsonpatch" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/equality" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -550,3 +551,30 @@ func IsConditionPresentAndEqual(conditions []metav1.Condition, conditionType str } return false } + +func RemoveConditionsJSONPatch(operatorStatus *operatorv1.OperatorStatus, conditionTypesToRemove []string) *jsonpatch.PatchSet { + if operatorStatus == nil { + return nil + } + + var removedCount int + jsonPatch := jsonpatch.New() + for i, existingCondition := range operatorStatus.Conditions { + for _, conditionTypeToRemove := range conditionTypesToRemove { + if existingCondition.Type != conditionTypeToRemove { + continue + } + removeAtIndex := i + if !jsonPatch.IsEmpty() { + removeAtIndex = removeAtIndex - removedCount + } + jsonPatch.WithRemove( + fmt.Sprintf("/status/conditions/%d", removeAtIndex), + jsonpatch.NewTestCondition(fmt.Sprintf("/status/conditions/%d/type", removeAtIndex), conditionTypeToRemove), + ) + removedCount++ + } + } + + return jsonPatch +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 7c97b75fa..ead35068c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -175,7 +175,7 @@ github.com/modern-go/reflect2 # github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 ## explicit github.com/munnerz/goautoneg -# github.com/openshift/api v0.0.0-20241001152557-e415140e5d5f +# github.com/openshift/api v0.0.0-20241101202457-04eb3fd119d2 ## explicit; go 1.22.0 github.com/openshift/api github.com/openshift/api/annotations @@ -315,7 +315,7 @@ github.com/openshift/client-go/user/applyconfigurations/internal github.com/openshift/client-go/user/applyconfigurations/user/v1 github.com/openshift/client-go/user/clientset/versioned/scheme github.com/openshift/client-go/user/clientset/versioned/typed/user/v1 -# github.com/openshift/library-go v0.0.0-20241120135057-fc703a7407c9 +# github.com/openshift/library-go v0.0.0-20241120135057-fc703a7407c9 => github.com/liouk/library-go v0.0.0-20241210104019-f07c37b790cf ## explicit; go 1.22.0 github.com/openshift/library-go/pkg/apiserver/jsonpatch github.com/openshift/library-go/pkg/apps/deployment @@ -1482,3 +1482,4 @@ sigs.k8s.io/structured-merge-diff/v4/value ## explicit; go 1.12 sigs.k8s.io/yaml sigs.k8s.io/yaml/goyaml.v2 +# github.com/openshift/library-go => github.com/liouk/library-go v0.0.0-20241210104019-f07c37b790cf From 667715a1699d732915c241ce61988f6f40eef3e7 Mon Sep 17 00:00:00 2001 From: Ilias Rinis Date: Tue, 10 Dec 2024 12:56:35 +0100 Subject: [PATCH 2/2] demo: remove oauth-server and oauth-apiserver deployments when external OIDC is enabled --- .../deployment/deployment_controller.go | 42 +++++++++++---- pkg/operator/starter.go | 3 +- .../sync_openshift_oauth_apiserver.go | 51 ++++++++++++++----- .../sync_openshift_oauth_apiserver_test.go | 50 +++++++++++++++++- 4 files changed, 121 insertions(+), 25 deletions(-) diff --git a/pkg/controllers/deployment/deployment_controller.go b/pkg/controllers/deployment/deployment_controller.go index 4889a0a93..e872d2919 100644 --- a/pkg/controllers/deployment/deployment_controller.go +++ b/pkg/controllers/deployment/deployment_controller.go @@ -9,6 +9,7 @@ import ( appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/client-go/informers" coreinformers "k8s.io/client-go/informers/core/v1" @@ -59,6 +60,7 @@ type oauthServerDeploymentSyncer struct { podsLister corev1listers.PodLister proxyLister configv1listers.ProxyLister routeLister routev1listers.RouteLister + authLister configv1listers.AuthenticationLister bootstrapUserDataGetter bootstrap.BootstrapUserDataGetter bootstrapUserChangeRollOut bool @@ -73,6 +75,7 @@ func NewOAuthServerWorkloadController( openshiftClusterConfigClient configv1client.ClusterOperatorInterface, configInformers configinformer.SharedInformerFactory, routeInformersForTargetNamespace routeinformers.SharedInformerFactory, + authLister configv1listers.AuthenticationLister, bootstrapUserDataGetter bootstrap.BootstrapUserDataGetter, eventsRecorder events.Recorder, versionRecorder status.VersionGetter, @@ -94,6 +97,7 @@ func NewOAuthServerWorkloadController( proxyLister: configInformers.Config().V1().Proxies().Lister(), routeLister: routeInformersForTargetNamespace.Route().V1().Routes().Lister(), + authLister: authLister, bootstrapUserDataGetter: bootstrapUserDataGetter, } @@ -147,17 +151,17 @@ func (c *oauthServerDeploymentSyncer) PreconditionFulfilled(_ context.Context) ( return true, nil } -func (c *oauthServerDeploymentSyncer) Sync(ctx context.Context, syncContext factory.SyncContext) (*appsv1.Deployment, bool, []error) { +func (c *oauthServerDeploymentSyncer) Sync(ctx context.Context, syncContext factory.SyncContext) (*appsv1.Deployment, bool, bool, []error) { errs := []error{} operatorSpec, operatorStatus, _, err := c.operatorClient.GetOperatorState() if err != nil { - return nil, false, append(errs, err) + return nil, false, false, append(errs, err) } proxyConfig, err := c.getProxyConfig() if err != nil { - return nil, false, append(errs, err) + return nil, false, false, append(errs, err) } // resourceVersions serves to store versions of config resources so that we @@ -174,7 +178,7 @@ func (c *oauthServerDeploymentSyncer) Sync(ctx context.Context, syncContext fact configResourceVersions, err := c.getConfigResourceVersions() if err != nil { - return nil, false, append(errs, err) + return nil, false, false, append(errs, err) } resourceVersions = append(resourceVersions, configResourceVersions...) @@ -192,7 +196,17 @@ func (c *oauthServerDeploymentSyncer) Sync(ctx context.Context, syncContext fact // deployment, have RV of all resources expectedDeployment, err := getOAuthServerDeployment(operatorSpec, proxyConfig, c.bootstrapUserChangeRollOut, resourceVersions...) if err != nil { - return nil, false, append(errs, err) + return nil, false, false, append(errs, err) + } + + if oidcEnabled, err := c.oidcEnabled(); err != nil { + return nil, false, false, append(errs, err) + } else if oidcEnabled { + err := c.deployments.Deployments(expectedDeployment.Namespace).Delete(ctx, expectedDeployment.Name, metav1.DeleteOptions{}) + if err != nil { + return nil, false, false, append(errs, err) + } + return nil, false, true, errs } if _, err := c.secretLister.Secrets("openshift-authentication").Get("v4-0-config-system-custom-router-certs"); err == nil { @@ -213,13 +227,13 @@ func (c *oauthServerDeploymentSyncer) Sync(ctx context.Context, syncContext fact err = c.ensureAtMostOnePodPerNode(&expectedDeployment.Spec, "oauth-openshift") if err != nil { - return nil, false, append(errs, fmt.Errorf("unable to ensure at most one pod per node: %v", err)) + return nil, false, false, append(errs, fmt.Errorf("unable to ensure at most one pod per node: %v", err)) } // Set the replica count to the number of master nodes. masterNodeCount, err := c.countNodes(expectedDeployment.Spec.Template.Spec.NodeSelector) if err != nil { - return nil, false, append(errs, fmt.Errorf("failed to determine number of master nodes: %v", err)) + return nil, false, false, append(errs, fmt.Errorf("failed to determine number of master nodes: %v", err)) } expectedDeployment.Spec.Replicas = masterNodeCount @@ -229,10 +243,10 @@ func (c *oauthServerDeploymentSyncer) Sync(ctx context.Context, syncContext fact resourcemerge.ExpectedDeploymentGeneration(expectedDeployment, operatorStatus.Generations), ) if err != nil { - return nil, false, append(errs, fmt.Errorf("applying deployment of the integrated OAuth server failed: %w", err)) + return nil, false, false, append(errs, fmt.Errorf("applying deployment of the integrated OAuth server failed: %w", err)) } - return deployment, true, errs + return deployment, true, false, errs } func (c *oauthServerDeploymentSyncer) getProxyConfig() (*configv1.Proxy, error) { @@ -274,3 +288,13 @@ func (c *oauthServerDeploymentSyncer) getConfigResourceVersions() ([]string, err return configRVs, nil } + +func (c *oauthServerDeploymentSyncer) oidcEnabled() (bool, error) { + auth, err := c.authLister.Get("cluster") + if err != nil { + return false, err + } + + // note that the actual check will be more involved than this; this is just for demo purposes + return auth.Spec.Type == configv1.AuthenticationTypeOIDC, nil +} diff --git a/pkg/operator/starter.go b/pkg/operator/starter.go index 2967dc83d..afd89446a 100644 --- a/pkg/operator/starter.go +++ b/pkg/operator/starter.go @@ -239,6 +239,7 @@ func prepareOauthOperator( authOperatorInput.configClient.ConfigV1().ClusterOperators(), informerFactories.operatorConfigInformer, informerFactories.namespacedOpenshiftAuthenticationRoutes, + informerFactories.operatorConfigInformer.Config().V1().Authentications().Lister(), bootstrapauthenticator.NewBootstrapUserDataGetter(authOperatorInput.kubeClient.CoreV1(), authOperatorInput.kubeClient.CoreV1()), authOperatorInput.eventRecorder, versionRecorder, @@ -416,6 +417,7 @@ func prepareOauthAPIServerOperator( os.Getenv("IMAGE_OAUTH_APISERVER"), os.Getenv("OPERATOR_IMAGE"), authOperatorInput.kubeClient, + informerFactories.operatorConfigInformer.Config().V1().Authentications().Lister(), versionRecorder) infra, err := authOperatorInput.configClient.ConfigV1().Infrastructures().Get(ctx, "cluster", metav1.GetOptions{}) @@ -551,7 +553,6 @@ func prepareOauthAPIServerOperator( ).WithAuditPolicyController( "openshift-oauth-apiserver", "audit", - informerFactories.operatorConfigInformer.Config().V1().APIServers().Lister(), informerFactories.operatorConfigInformer, informerFactories.kubeInformersForNamespaces.InformersFor("openshift-oauth-apiserver"), authOperatorInput.kubeClient, diff --git a/pkg/operator/workload/sync_openshift_oauth_apiserver.go b/pkg/operator/workload/sync_openshift_oauth_apiserver.go index b9b173821..a77eae916 100644 --- a/pkg/operator/workload/sync_openshift_oauth_apiserver.go +++ b/pkg/operator/workload/sync_openshift_oauth_apiserver.go @@ -11,11 +11,14 @@ import ( "github.com/openshift/library-go/pkg/operator/v1helpers" appsv1 "k8s.io/api/apps/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/client-go/kubernetes" "k8s.io/klog/v2" + configv1 "github.com/openshift/api/config/v1" operatorv1 "github.com/openshift/api/operator/v1" + configv1listers "github.com/openshift/client-go/config/listers/config/v1" "github.com/openshift/library-go/pkg/controller/factory" libgoetcd "github.com/openshift/library-go/pkg/operator/configobserver/etcd" "github.com/openshift/library-go/pkg/operator/events" @@ -51,6 +54,7 @@ type OAuthAPIServerWorkload struct { operatorImagePullSpec string kubeClient kubernetes.Interface versionRecorder status.VersionGetter + authLister configv1listers.AuthenticationLister } // NewOAuthAPIServerWorkload creates new OAuthAPIServerWorkload struct @@ -62,6 +66,7 @@ func NewOAuthAPIServerWorkload( targetImagePullSpec string, operatorImagePullSpec string, kubeClient kubernetes.Interface, + authLister configv1listers.AuthenticationLister, versionRecorder status.VersionGetter, ) *OAuthAPIServerWorkload { return &OAuthAPIServerWorkload{ @@ -72,6 +77,7 @@ func NewOAuthAPIServerWorkload( targetImagePullSpec: targetImagePullSpec, operatorImagePullSpec: operatorImagePullSpec, kubeClient: kubeClient, + authLister: authLister, versionRecorder: versionRecorder, } } @@ -117,41 +123,41 @@ func (c *OAuthAPIServerWorkload) preconditionFulfilledInternal(operatorSpec *ope } // Sync essentially manages OAuthAPI server. -func (c *OAuthAPIServerWorkload) Sync(ctx context.Context, syncCtx factory.SyncContext) (*appsv1.Deployment, bool, []error) { +func (c *OAuthAPIServerWorkload) Sync(ctx context.Context, syncCtx factory.SyncContext) (*appsv1.Deployment, bool, bool, []error) { errs := []error{} operatorSpec, operatorStatus, _, err := c.operatorClient.GetOperatorState() if err != nil { errs = append(errs, err) - return nil, false, errs + return nil, false, false, errs } - actualDeployment, err := c.syncDeployment(ctx, operatorSpec, operatorStatus, syncCtx.Recorder()) + actualDeployment, deploymentDeleted, err := c.syncDeployment(ctx, operatorSpec, operatorStatus, syncCtx.Recorder()) if err != nil { errs = append(errs, fmt.Errorf("%q: %v", "deployments", err)) } - return actualDeployment, true, errs + return actualDeployment, true, deploymentDeleted, errs } -func (c *OAuthAPIServerWorkload) syncDeployment(ctx context.Context, operatorSpec *operatorv1.OperatorSpec, operatorStatus *operatorv1.OperatorStatus, eventRecorder events.Recorder) (*appsv1.Deployment, error) { +func (c *OAuthAPIServerWorkload) syncDeployment(ctx context.Context, operatorSpec *operatorv1.OperatorSpec, operatorStatus *operatorv1.OperatorStatus, eventRecorder events.Recorder) (*appsv1.Deployment, bool, error) { if operatorStatus.LatestAvailableRevision == 0 { // this a backstop during the migration from 4.17 whe this information is in .status.oauthAPIServer.latestAvailableRevision - return nil, fmt.Errorf(".status.latestAvailableRevision is not yet available") + return nil, false, fmt.Errorf(".status.latestAvailableRevision is not yet available") } tmpl, err := bindata.Asset("oauth-apiserver/deploy.yaml") if err != nil { - return nil, err + return nil, false, err } argsRaw, err := GetAPIServerArgumentsRaw(*operatorSpec) if err != nil { - return nil, err + return nil, false, err } args, err := arguments.Parse(argsRaw) if err != nil { - return nil, err + return nil, false, err } // log level verbosity is taken from the spec always @@ -167,11 +173,18 @@ func (c *OAuthAPIServerWorkload) syncDeployment(ctx context.Context, operatorSpe tmpl = []byte(r.Replace(string(tmpl))) re := regexp.MustCompile(`\$\{[^}]*}`) if match := re.Find(tmpl); len(match) > 0 && !excludedReferences.Has(string(match)) { - return nil, fmt.Errorf("invalid template reference %q", string(match)) + return nil, false, fmt.Errorf("invalid template reference %q", string(match)) } required := resourceread.ReadDeploymentV1OrDie(tmpl) + if oidcEnabled, err := c.oidcEnabled(); err != nil { + return nil, false, err + } else if oidcEnabled { + err := c.kubeClient.AppsV1().Deployments(required.Namespace).Delete(ctx, required.Name, metav1.DeleteOptions{}) + return nil, err == nil, err + } + // use the following routine for things that would require special formatting/padding (yaml) encodedArgs := arguments.EncodeWithDelimiter(args, " \\\n ") r = strings.NewReplacer( @@ -208,7 +221,7 @@ func (c *OAuthAPIServerWorkload) syncDeployment(ctx context.Context, operatorSpe resourcehash.NewObjectRef().ForConfigMap().InNamespace(c.targetNamespace).Named("trusted-ca-bundle"), ) if err != nil { - return nil, fmt.Errorf("invalid dependency reference: %q", err) + return nil, false, fmt.Errorf("invalid dependency reference: %q", err) } for k, v := range inputHashes { @@ -222,18 +235,28 @@ func (c *OAuthAPIServerWorkload) syncDeployment(ctx context.Context, operatorSpe err = c.ensureAtMostOnePodPerNode(&required.Spec, "oauth-apiserver") if err != nil { - return nil, fmt.Errorf("unable to ensure at most one pod per node: %v", err) + return nil, false, fmt.Errorf("unable to ensure at most one pod per node: %v", err) } // Set the replica count to the number of master nodes. masterNodeCount, err := c.countNodes(required.Spec.Template.Spec.NodeSelector) if err != nil { - return nil, fmt.Errorf("failed to determine number of master nodes: %v", err) + return nil, false, fmt.Errorf("failed to determine number of master nodes: %v", err) } required.Spec.Replicas = masterNodeCount deployment, _, err := resourceapply.ApplyDeployment(ctx, c.kubeClient.AppsV1(), eventRecorder, required, resourcemerge.ExpectedDeploymentGeneration(required, operatorStatus.Generations)) - return deployment, err + return deployment, false, err +} + +func (c *OAuthAPIServerWorkload) oidcEnabled() (bool, error) { + auth, err := c.authLister.Get("cluster") + if err != nil { + return false, err + } + + // note that the actual check will be more involved than this; this is just for demo purposes + return auth.Spec.Type == configv1.AuthenticationTypeOIDC, nil } func loglevelToKlog(logLevel operatorv1.LogLevel) string { diff --git a/pkg/operator/workload/sync_openshift_oauth_apiserver_test.go b/pkg/operator/workload/sync_openshift_oauth_apiserver_test.go index 715d45068..048baf5c5 100644 --- a/pkg/operator/workload/sync_openshift_oauth_apiserver_test.go +++ b/pkg/operator/workload/sync_openshift_oauth_apiserver_test.go @@ -10,16 +10,20 @@ import ( "github.com/google/go-cmp/cmp" + configv1 "github.com/openshift/api/config/v1" operatorv1 "github.com/openshift/api/operator/v1" + configv1listers "github.com/openshift/client-go/config/listers/config/v1" "github.com/openshift/library-go/pkg/operator/events" appsv1 "k8s.io/api/apps/v1" "k8s.io/apimachinery/pkg/api/equality" "k8s.io/apimachinery/pkg/api/meta" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/kubernetes/fake" "k8s.io/client-go/kubernetes/scheme" clientgotesting "k8s.io/client-go/testing" + "k8s.io/client-go/tools/cache" clocktesting "k8s.io/utils/clock/testing" ) @@ -66,6 +70,10 @@ func TestSyncOAuthAPIServerDeployment(t *testing.T) { goldenFile string operator *operatorv1.Authentication expectedActions []string + + existingDeployment *appsv1.Deployment + authType configv1.AuthenticationType + expectDeleted bool }{ // scenario 1 { @@ -134,6 +142,30 @@ func TestSyncOAuthAPIServerDeployment(t *testing.T) { "create:deployments:openshift-oauth-apiserver:apiserver", }, }, + + // demo scenario: OIDC + { + name: "deployment deleted for OIDC", + authType: configv1.AuthenticationTypeOIDC, + existingDeployment: &appsv1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: "apiserver", + Namespace: "openshift-oauth-apiserver", + }, + }, + expectDeleted: true, + operator: &operatorv1.Authentication{ + Spec: operatorv1.AuthenticationSpec{OperatorSpec: operatorv1.OperatorSpec{}}, + Status: operatorv1.AuthenticationStatus{ + OperatorStatus: operatorv1.OperatorStatus{ + LatestAvailableRevision: 1, + }, + }, + }, + expectedActions: []string{ + "delete:deployments:openshift-oauth-apiserver:apiserver", + }, + }, } for _, scenario := range scenarios { @@ -141,16 +173,32 @@ func TestSyncOAuthAPIServerDeployment(t *testing.T) { eventRecorder := events.NewInMemoryRecorder("", clocktesting.NewFakePassiveClock(time.Now())) fakeKubeClient := fake.NewSimpleClientset() + if scenario.existingDeployment != nil { + fakeKubeClient.Tracker().Add(scenario.existingDeployment) + } + + authIndexer := cache.NewIndexer(cache.MetaNamespaceKeyFunc, cache.Indexers{}) + authIndexer.Add(&configv1.Authentication{ + ObjectMeta: metav1.ObjectMeta{Name: "cluster"}, + Spec: configv1.AuthenticationSpec{ + Type: scenario.authType, + }, + }) + target := &OAuthAPIServerWorkload{ countNodes: func(nodeSelector map[string]string) (*int32, error) { var i int32; i = 1; return &i, nil }, ensureAtMostOnePodPerNode: func(spec *appsv1.DeploymentSpec, componentName string) error { return nil }, kubeClient: fakeKubeClient, + authLister: configv1listers.NewAuthenticationLister(authIndexer), } - actualDeployment, err := target.syncDeployment(context.TODO(), &scenario.operator.Spec.OperatorSpec, &scenario.operator.Status.OperatorStatus, eventRecorder) + actualDeployment, workloadDeleted, err := target.syncDeployment(context.TODO(), &scenario.operator.Spec.OperatorSpec, &scenario.operator.Status.OperatorStatus, eventRecorder) if err != nil { t.Fatal(err) } + if scenario.expectDeleted != workloadDeleted { + t.Fatalf("expected workload deleted: %v; got: %v", scenario.expectDeleted, workloadDeleted) + } if err := validateActionsVerbs(fakeKubeClient.Actions(), scenario.expectedActions); err != nil { t.Fatal(err) }