{{.Underlying}} alias){{ end -}}
-(Appears on: @@ -22,6 +24,30 @@ {{ safe (renderComments .CommentLines) }}
+{{ with (constantsOfType .) }} +| Value | +Description | +
|---|---|
{{ typeDisplayName . }} |
+ {{ safe (renderComments .CommentLines) }} | +
-activeKey
-
-
-Kubernetes core/v1.LocalObjectReference
-
-
+apiVersion
+string |
+
+
+hypershift.openshift.io/v1alpha1
+
|
+
|
- ActiveKey defines the active key used to encrypt new secrets +kind
+string
|
+HostedCluster |
-backupKey
+metadata
-
-Kubernetes core/v1.LocalObjectReference
+
+Kubernetes meta/v1.ObjectMeta
|
-(Optional)
- BackupKey defines the old key during the rotation process so previously created -secrets can continue to be decrypted until they are all re-encrypted with the active key. +Refer to the Kubernetes API documentation for the fields of the +metadata field.
|
-(Appears on: -HostedControlPlaneStatus) -
--
-| Field | -Description | -||
|---|---|---|---|
-host
+spec
-string
+
+HostedClusterSpec
+
|
- Host is the hostname on which the API server is serving. - |
-
-port
+release
-int32
+
+Release
+
|
- Port is the port on which the API server is serving. +Release specifies the release image to use for this HostedCluster |
-(Appears on: -ClusterNetworking) -
--
APIServerNetworking specifies how the APIServer is exposed inside a worker node.
- -| Field | -Description | -
|---|---|
-advertiseAddress
+fips
-string
+bool
|
- AdvertiseAddress is the address that workers will use to talk to the -API server. This is an address associated with the loopback adapter of -each worker. If not specified, 172.20.0.1 is used. +(Optional) |
-port
+pullSecret
-int32
+
+Kubernetes core/v1.LocalObjectReference
+
|
- Port is the port at which the APIServer is exposed inside a worker node -Other pods using host networking cannot listen on this port. If not -specified, 6443 is used. +PullSecret is a pull secret injected into the container runtime of guest +workers. It should have an “.dockerconfigjson” key containing the pull secret JSON. |
-(Appears on: -AWSPlatformSpec) -
--
-| Field | -Description | -
|---|---|
-subnet
+auditWebhook
-
-AWSResourceReference
+
+Kubernetes core/v1.LocalObjectReference
|
(Optional)
- Subnet is the subnet to use for instances +AuditWebhook contains metadata for configuring an audit webhook +endpoint for a cluster to process cluster audit events. It references +a secret that contains the webhook information for the audit webhook endpoint. +It is a secret because if the endpoint has MTLS the kubeconfig will contain client +keys. This is currently only supported in IBM Cloud. The kubeconfig needs to be stored +in the secret with a secret key name that corresponds to the constant AuditWebhookKubeconfigKey. |
-zone
+issuerURL
string
|
-(Optional)
- Zone is the availability zone where the instances are created |
-vpc
+sshKey
-string
+
+Kubernetes core/v1.LocalObjectReference
+
|
- VPC specifies the VPC used for the cluster +SSHKey is a reference to a Secret containing a single key “id_rsa.pub”, +whose value is the public part of an SSH key that can be used to access +Nodes. |
string alias)-(Appears on: -AWSPlatformSpec) -
--
--
AWSEndpointService specifies a request for an Endpoint Service in AWS
- -| Field | -Description | +
+networking
+
+
+ClusterNetworking
+
+
+ |
+
+ Networking contains network-specific settings for this cluster + |
|---|---|---|---|
-metadata
+autoscaling
-
-Kubernetes meta/v1.ObjectMeta
+
+ClusterAutoscaling
|
-Refer to the Kubernetes API documentation for the fields of the
-metadata field.
+(Optional)
+Autoscaling for compute nodes only, does not cover control plane |
||
-spec
+platform
-
-AWSEndpointServiceSpec
+
+PlatformSpec
|
- - -
InfraID is used to identify the cluster in cloud platforms |
||
-status
+dns
-
-AWSEndpointServiceStatus
+
+DNSSpec
|
+ DNS configuration for the cluster |
-(Appears on: -AWSEndpointService) -
--
AWSEndpointServiceSpec defines the desired state of AWSEndpointService
- -| Field | -Description | -
|---|---|
-networkLoadBalancerName
+services
-string
+
+[]ServicePublishingStrategyMapping
+
|
- The name of the NLB for which an Endpoint Service should be configured +Services defines metadata about how control plane services are published +in the management cluster. +TODO (alberto): include Ignition endpoint here. |
-(Appears on: -AWSEndpointService) -
--
AWSEndpointServiceStatus defines the observed state of AWSEndpointService
- -| Field | -Description | -
|---|---|
-endpointServiceName
+controllerAvailabilityPolicy
-string
+
+AvailabilityPolicy
+
|
(Optional)
- The endpoint service name created in AWS in response to the request +ControllerAvailabilityPolicy specifies an availability policy to apply +to critical control plane components. +Defaults to SingleReplica when not set. |
-conditions
+infrastructureAvailabilityPolicy
-
-[]Kubernetes meta/v1.Condition
+
+AvailabilityPolicy
|
- Condition contains details for the current state of the Endpoint Service -request If there is an error processing the request e.g. the NLB doesn’t -exist, then the Available condition will be false, reason AWSErrorReason, -and the error reported in the message. -Current condition types are: “Available” +(Optional) +InfrastructureAvailabilityPolicy specifies whether to run infrastructure services that +run on the guest cluster nodes in HA mode +Defaults to HighlyAvailable when not set |
-(Appears on: -AWSKMSSpec) -
--
AWSKMSAuthSpec defines metadata about the management of credentials used to interact with AWS KMS
- -| Field | -Description | +
+etcd
+
+
+EtcdSpec
+
+
+ |
+
+ Etcd contains metadata about the etcd cluster the hypershift managed Openshift control plane components +use to store data. Changing the ManagementType for the etcd cluster is not supported after initial creation. + |
|---|---|---|---|
-credentials
+configuration
-
-Kubernetes core/v1.LocalObjectReference
+
+ClusterConfiguration
|
- Credentials contains the name of the secret that holds the aws credentials that can be used -to make the necessary KMS calls. It should at key AWSCredentialsFileSecretKey contain the -aws credentials file that can be used to configure AWS SDKs +(Optional) +Configuration embeds resources that correspond to the openshift configuration API: +https://docs.openshift.com/container-platform/4.7/rest_api/config_apis/config-apis-index.html |
-(Appears on: -AWSKMSSpec) -
--
AWSKMSKeyEntry defines metadata to locate the encryption key in AWS
- -| Field | -Description | +
+imageContentSources
+
+
+[]ImageContentSource
+
+
+ |
+
+(Optional)
+ ImageContentSources lists sources/repositories for the release-image content. + |
|---|---|---|---|
-arn
+secretEncryption
-string
+
+SecretEncryptionSpec
+
|
- ARN is the Amazon Resource Name for the encryption key +(Optional) +SecretEncryption contains metadata about the kubernetes secret encryption strategy being used for the +cluster when applicable. + |
+
status
+
+
+HostedClusterStatus
+
+
+Status is the latest observed status of the HostedCluster.
-(Appears on: -KMSSpec) -
+##NodePool { #hypershift.openshift.io/v1alpha1.NodePool }-
AWSKMSSpec defines metadata about the configuration of the AWS KMS Secret Encryption provider
+NodePool is a scalable set of worker nodes attached to a HostedCluster. NodePool +machine architectures are uniform within a given pool, and are independent of +the control plane’s underlying machine architecture.
-region
-
-string
-
+apiVersion
+string |
+
+
+hypershift.openshift.io/v1alpha1
+
|
+
|
- Region contains the AWS region +kind
+string
|
+NodePool |
-activeKey
+metadata
-
-AWSKMSKeyEntry
+
+Kubernetes meta/v1.ObjectMeta
|
- ActiveKey defines the active key used to encrypt new secrets +Refer to the Kubernetes API documentation for the fields of the +metadata field.
|
-backupKey
+spec
-
-AWSKMSKeyEntry
+
+NodePoolSpec
|
-(Optional)
- BackupKey defines the old key during the rotation process so previously created -secrets can continue to be decrypted until they are all re-encrypted with the active key. - |
-
-auth
+clusterName
-
-AWSKMSAuthSpec
-
+string
|
- Auth defines metadata about the management of credentials used to interact with AWS KMS +ClusterName is the name of the Cluster this object belongs to. |
-(Appears on: -NodePoolPlatform) -
--
AWSNodePoolPlatform stores the configuration for a node pool -installed on AWS.
- -| Field | -Description | -
|---|---|
-instanceType
+nodeCount
-string
+int32
|
- InstanceType defines the ec2 instance type. -eg. m4-large +(Optional) |
-instanceProfile
+config
-string
+
+[]Kubernetes core/v1.LocalObjectReference
+
|
+ TODO (alberto): this ConfigMaps are meant to contain +MachineConfig, KubeletConfig and ContainerRuntimeConfig but +MCO only supports MachineConfig in bootstrap mode atm +https://github.com/openshift/machine-config-operator/blob/9c6c2bfd7ed498bfbc296d530d1839bd6a177b0b/pkg/controller/bootstrap/bootstrap.go#L104-L119 +By contractual convention the ConfigMap structure is as follow: +type: ConfigMap +data: +config: |- |
-subnet
+nodePoolManagement
-
-AWSResourceReference
+
+NodePoolManagement
|
-(Optional)
- Subnet is the subnet to use for instances |
-ami
+autoScaling
-string
+
+NodePoolAutoScaling
+
|
(Optional)
- AMI is the image id to use |
-securityGroups
+platform
-
-[]AWSResourceReference
+
+NodePoolPlatform
|
-(Optional)
- SecurityGroups is the set of security groups to associate with nodepool machines |
-rootVolume
+release
-
-Volume
+
+Release
|
-(Optional)
- RootVolume specifies the root volume of the platform. +Release specifies the release image to use for this NodePool +For a nodePool a given version dictates the ignition config and +an image artifact e.g an AMI in AWS. +Release specifies the release image to use for this HostedCluster + |
+
resourceTags
+status
-
-[]AWSResourceTag
+
+NodePoolStatus
resourceTags is a list of additional tags to apply to AWS nodes. -These will be merged with Cluster-level tags and Cluster-level tags take precedence in case of conflicts. -See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. -AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags -available for the user.
+Status is the most recently observed status of the NodePool.
(Appears on: -PlatformSpec) +SecretEncryptionSpec)
+
AESCBCSpec defines metadata about the AESCBC secret encryption strategy
-region
+activeKey
-string
+
+Kubernetes core/v1.LocalObjectReference
+
|
- Region is the AWS region for the cluster. -This is used by CRs that are consumed by OCP Operators. -E.g cluster-infrastructure-02-config.yaml and install-config.yaml -This is also used by nodePools to fetch the default boot AMI in a given payload. +ActiveKey defines the active key used to encrypt new secrets |
-cloudProviderConfig
+backupKey
-
-AWSCloudProviderConfig
+
+Kubernetes core/v1.LocalObjectReference
|
(Optional)
- CloudProviderConfig is used to generate the ConfigMap with the cloud config consumed -by the Control Plane components. +BackupKey defines the old key during the rotation process so previously created +secrets can continue to be decrypted until they are all re-encrypted with the active key. |
+(Appears on: +ClusterNetworking) +
++
APIServerNetworking specifies how the APIServer is exposed inside a worker node.
+ +
-serviceEndpoints
-
-
-[]AWSServiceEndpoint
-
-
- |
-
-(Optional)
- ServiceEndpoints list contains custom endpoints which will override default -service endpoint of AWS Services. -There must be only one ServiceEndpoint for a service. - |
-||
-roles
-
-
-[]AWSRoleCredentials
-
-
- |
-- | -||
-kubeCloudControllerCreds
-
-
-Kubernetes core/v1.LocalObjectReference
-
-
- |
-
- KubeCloudControllerCreds is a reference to a secret containing cloud
-credentials with permissions matching the Kube cloud controller policy.
-The secret should have exactly one key, |
-||
-nodePoolManagementCreds
-
-
-Kubernetes core/v1.LocalObjectReference
-
-
- |
-
- NodePoolManagementCreds is a reference to a secret containing cloud
-credentials with permissions matching the noe pool management policy.
-The secret should have exactly one key, |
+Field | +Description |
|---|---|---|---|
-resourceTags
+advertiseAddress
-
-[]AWSResourceTag
-
+string
|
-(Optional)
- resourceTags is a list of additional tags to apply to AWS resources created for the cluster. -See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. -AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags -available for the user. +AdvertiseAddress is the address that workers will use to talk to the +API server. This is an address associated with the loopback adapter of +each worker. If not specified, 172.20.0.1 is used. |
||
-endpointAccess
+port
-
-AWSEndpointAccessType
-
+int32
|
-(Optional)
- EndpointAccess determines if cluster endpoints are public and/or private +Port is the port at which the APIServer is exposed inside a worker node +Other pods using host networking cannot listen on this port. If not +specified, 6443 is used. |
(Appears on: -AWSCloudProviderConfig, -AWSNodePoolPlatform) +AWSPlatformSpec)
-
AWSResourceReference is a reference to a specific AWS resource by ID, ARN, or filters. -Only one of ID, ARN or Filters may be specified. Specifying more than one will result in -a validation error.
-id
+subnet
-string
+
+AWSResourceReference
+
|
(Optional)
- ID of resource +Subnet is the subnet to use for instances |
-arn
+zone
string
|
(Optional)
- ARN of resource +Zone is the availability zone where the instances are created |
-filters
+vpc
-
-[]Filter
-
+string
|
-(Optional)
- Filters is a set of key/value pairs used to identify a resource -They are applied according to the rules defined by the AWS API: -https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html +VPC specifies the VPC used for the cluster |
(Appears on: -AWSNodePoolPlatform, AWSPlatformSpec)
-
AWSResourceTag is a tag to apply to AWS resources created for the cluster.
| Field | +Value | Description |
|---|---|---|
-key
-
-string
-
+ | ||
"Private" |
+Private endpoint access allows only private kube-apiserver access and private node communication with the control plane |
-
- key is the key of the tag - |
-
-value
-
-string
-
+ | ||
"Public" |
+Public endpoint access allows public kube-apiserver access and public node communication with the control plane |
-
- value is the value of the tag. -Some AWS service do not support empty values. Since tags are added to resources in many services, the -length of the tag value must meet the requirements of all services. + |
"PublicAndPrivate" |
+PublicAndPrivate endpoint access allows public kube-apiserver access and private node communication with the control plane |
-
(Appears on: -AWSPlatformSpec) +AWSKMSSpec)
+
AWSKMSAuthSpec defines metadata about the management of credentials used to interact with AWS KMS
-arn
-
-string
-
- |
-- | -
-namespace
-
-string
-
- |
-- | -
-name
+credentials
-string
+
+Kubernetes core/v1.LocalObjectReference
+
|
+ Credentials contains the name of the secret that holds the aws credentials that can be used +to make the necessary KMS calls. It should at key AWSCredentialsFileSecretKey contain the +aws credentials file that can be used to configure AWS SDKs |
(Appears on: -AWSPlatformSpec) +AWSKMSSpec)
-
AWSServiceEndpoint stores the configuration for services to -override existing defaults of AWS Services.
+AWSKMSKeyEntry defines metadata to locate the encryption key in AWS
-name
-
-string
-
- |
-
- Name is the name of the AWS service. -This must be provided and cannot be empty. - |
-
-url
+arn
string
|
- URL is fully qualified URI with scheme https, that overrides the default generated -endpoint for a client. -This must be provided and cannot be empty. +ARN is the Amazon Resource Name for the encryption key |
string alias)-(Appears on: -HostedClusterSpec, -HostedControlPlaneSpec) -
--
-(Appears on: -HostedClusterSpec) +KMSSpec)
-
TODO maybe we have profiles for scaling behaviors
+AWSKMSSpec defines metadata about the configuration of the AWS KMS Secret Encryption provider
-maxNodesTotal
+region
-int32
+string
|
- Maximum number of nodes in all node groups. -Cluster autoscaler will not grow the cluster beyond this number. +Region contains the AWS region |
-maxPodGracePeriod
+activeKey
-int32
+
+AWSKMSKeyEntry
+
|
- Gives pods graceful termination time before scaling down -default: 600 seconds +ActiveKey defines the active key used to encrypt new secrets |
-maxNodeProvisionTime
+backupKey
-string
+
+AWSKMSKeyEntry
+
|
- Maximum time CA waits for node to be provisioned -default: 15 minutes +(Optional) +BackupKey defines the old key during the rotation process so previously created +secrets can continue to be decrypted until they are all re-encrypted with the active key. |
-podPriorityThreshold
+auth
-int32
+
+AWSKMSAuthSpec
+
|
- To allow users to schedule “best-effort” pods, which shouldn’t trigger -Cluster Autoscaler actions, but only run when there are spare resources available, -default: -10 -More info: https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#how-does-cluster-autoscaler-work-with-pod-priority-and-preemption +Auth defines metadata about the management of credentials used to interact with AWS KMS |
(Appears on: -HostedClusterSpec, -HostedControlPlaneSpec) +NodePoolPlatform)
-
ClusterConfiguration contains global configuration for a HostedCluster.
+AWSNodePoolPlatform stores the configuration for a node pool +installed on AWS.
|
-(Optional)
- SecretRefs holds references to secrets used in configuration entries -so that they can be properly synced by the hypershift operator. +InstanceType defines the ec2 instance type. +eg. m4-large |
|
-configMapRefs
+instanceProfile
-
-[]Kubernetes core/v1.LocalObjectReference
-
+string
|
-(Optional)
- ConfigMapRefs holds references to configmaps used in configuration entries -so that they can be properly synced by the hypershift operator. |
-items
+subnet
-
-[]k8s.io/apimachinery/pkg/runtime.RawExtension
+
+AWSResourceReference
|
(Optional)
- Items embeds the configuration resource - |
-
-(Appears on: -HostedClusterSpec) -
--
-| Field | -Description | -
|---|---|
-serviceCIDR
-
-string
-
- |
-
+ Subnet is the subnet to use for instances |
-podCIDR
+ami
string
|
+(Optional)
+ AMI is the image id to use |
-machineCIDR
+securityGroups
-string
+
+[]AWSResourceReference
+
|
+(Optional)
+ SecurityGroups is the set of security groups to associate with nodepool machines |
-networkType
+rootVolume
-
-NetworkType
+
+Volume
|
- NetworkType specifies the SDN provider used for cluster networking. +(Optional) +RootVolume specifies the root volume of the platform. |
-apiServer
+resourceTags
-
-APIServerNetworking
+
+[]AWSResourceTag
|
- APIServer contains advanced network settings for the API server that affect -how the APIServer is exposed inside a worker node. +(Optional) +resourceTags is a list of additional tags to apply to AWS nodes. +These will be merged with Cluster-level tags and Cluster-level tags take precedence in case of conflicts. +See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. +AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags +available for the user. |
(Appears on: -HostedClusterStatus) +PlatformSpec)
-
ClusterVersionStatus reports the status of the cluster versioning, -including any upgrades that are in progress. The current field will -be set to whichever version the cluster is reconciling to, and the -conditions array will report whether the update succeeded, is in -progress, or is failing.
-desired
+region
-
-Release
+string
+
+ |
+
+ Region is the AWS region for the cluster. +This is used by CRs that are consumed by OCP Operators. +E.g cluster-infrastructure-02-config.yaml and install-config.yaml +This is also used by nodePools to fetch the default boot AMI in a given payload. + |
+
+cloudProviderConfig
+
+
+AWSCloudProviderConfig
|
- desired is the version that the cluster is reconciling towards. -If the cluster is not yet fully initialized desired will be set -with the information available, which may be an image or a tag. +(Optional) +CloudProviderConfig is used to generate the ConfigMap with the cloud config consumed +by the Control Plane components. |
-history
+serviceEndpoints
-[]github.com/openshift/api/config/v1.UpdateHistory
+
+[]AWSServiceEndpoint
+
|
(Optional)
- history contains a list of the most recent versions applied to the cluster. -This value may be empty during cluster startup, and then will be updated -when a new update is being applied. The newest update is first in the -list and it is ordered by recency. Updates in the history have state -Completed if the rollout completed - if an update was failing or halfway -applied the state will be Partial. Only a limited amount of update history -is preserved. +ServiceEndpoints list contains custom endpoints which will override default +service endpoint of AWS Services. +There must be only one ServiceEndpoint for a service. |
-observedGeneration
+roles
-int64
+
+[]AWSRoleCredentials
+
|
- observedGeneration reports which version of the spec is being synced. -If this value is not equal to metadata.generation, then the desired -and conditions fields may represent a previous version. |
string alias)-
--(Appears on: -HostedClusterSpec, -HostedControlPlaneSpec) -
--
DNSSpec specifies the DNS configuration in the cluster
- -| Field | -Description | +
+kubeCloudControllerCreds
+
+
+Kubernetes core/v1.LocalObjectReference
+
+
+ |
+
+ KubeCloudControllerCreds is a reference to a secret containing cloud
+credentials with permissions matching the Kube cloud controller policy.
+The secret should have exactly one key, |
|---|---|---|---|
-baseDomain
+nodePoolManagementCreds
-string
+
+Kubernetes core/v1.LocalObjectReference
+
|
- BaseDomain is the base domain of the cluster. +NodePoolManagementCreds is a reference to a secret containing cloud
+credentials with permissions matching the noe pool management policy.
+The secret should have exactly one key, |
||
-publicZoneID
+resourceTags
-string
+
+[]AWSResourceTag
+
|
(Optional)
- PublicZoneID is the Hosted Zone ID where all the DNS records that are publicly accessible to -the internet exist. +resourceTags is a list of additional tags to apply to AWS resources created for the cluster. +See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. +AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags +available for the user. |
||
-privateZoneID
+endpointAccess
-string
+
+AWSEndpointAccessType
+
|
(Optional)
- PrivateZoneID is the Hosted Zone ID where all the DNS records that are only available internally -to the cluster exist. +EndpointAccess determines if cluster endpoints are public and/or private |
string alias)-(Appears on: -EtcdSpec) -
--
EtcdManagementType is a enum specifying the strategy for managing the cluster’s etcd instance
- -(Appears on: -HostedClusterSpec, -HostedControlPlaneSpec) +AWSCloudProviderConfig, +AWSNodePoolPlatform)
+
AWSResourceReference is a reference to a specific AWS resource by ID, ARN, or filters. +Only one of ID, ARN or Filters may be specified. Specifying more than one will result in +a validation error.
-managementType
+id
-
-EtcdManagementType
-
+string
|
- ManagementType defines how the etcd cluster is managed. Unmanaged means -the etcd cluster is managed by a system outside the hypershift controllers. -Managed means the hypershift controllers manage the provisioning of the etcd cluster -and the operations around it +(Optional) +ID of resource |
-managed
+arn
-
-ManagedEtcdSpec
-
+string
|
(Optional)
- Managed provides metadata that defines how the hypershift controllers manage the etcd cluster +ARN of resource |
-unmanaged
+filters
-
-UnmanagedEtcdSpec
+
+[]Filter
|
(Optional)
- Unmanaged provides metadata that enables the Openshift controllers to connect to the external etcd cluster +Filters is a set of key/value pairs used to identify a resource +They are applied according to the rules defined by the AWS API: +https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html |
(Appears on: -UnmanagedEtcdSpec) +AWSNodePoolPlatform, +AWSPlatformSpec)
+
AWSResourceTag is a tag to apply to AWS resources created for the cluster.
-clientSecret
+key
-
-Kubernetes core/v1.LocalObjectReference
-
+string
|
- ClientSecret refers to a secret for client MTLS authentication with the etcd cluster -The CA must be stored at secret key etcd-client-ca.crt. -The client cert must be stored at secret key etcd-client.crt. -The client key must be stored at secret key etcd-client.key. +key is the key of the tag + |
+
+value
+
+string
+
+ |
+
+ value is the value of the tag. +Some AWS service do not support empty values. Since tags are added to resources in many services, the +length of the tag value must meet the requirements of all services. |
(Appears on: -AWSResourceReference) +AWSPlatformSpec)
-
Filter is a filter used to identify an AWS resource
-name
+arn
string
|
- Name of the filter. Filter names are case-sensitive. |
-values
+namespace
-[]string
+string
+
+ |
++ | +
+name
+
+string
|
- Values includes one or more filter values. Filter values are case-sensitive. |
+(Appears on: +AWSPlatformSpec) +
-
HostedCluster is the Schema for the hostedclusters API
+AWSServiceEndpoint stores the configuration for services to +override existing defaults of AWS Services.
-metadata
+name
-
-Kubernetes meta/v1.ObjectMeta
-
+string
|
-Refer to the Kubernetes API documentation for the fields of the
-metadata field.
+Name is the name of the AWS service. +This must be provided and cannot be empty. |
-spec
+url
-
-HostedClusterSpec
-
+string
|
- - + URL is fully qualified URI with scheme https, that overrides the default generated +endpoint for a client. +This must be provided and cannot be empty. + |
+
+(Appears on: +HostedClusterSpec, +HostedControlPlaneSpec) +
++
AvailabilityPolicy specifies a high level availability policy for components.
+
-release
-
-
-Release
-
-
- |
-
- Release specifies the release image to use for this HostedCluster - |
+Value | +Description |
|---|---|---|---|
"HighlyAvailable" |
+HighlyAvailable means components should be resilient to problems across fault +boundaries as defined by the component to which the policy is attached. This +usually means running critical workloads with 3 replicas and with little or +no toleration of disruption of the component. + |
+||
"SingleReplica" |
+SingleReplica means components are not expected to be resilient to problems +across most fault boundaries associated with high availability. This usually +means running critical workloads with just 1 replica and with toleration of +full disruption of the component. + |
+
+(Appears on: +HostedClusterSpec) +
++
TODO maybe we have profiles for scaling behaviors
+ +
-fips
-
-bool
-
- |
--(Optional) - | +Field | +Description |
|---|---|---|---|
-pullSecret
+maxNodesTotal
-
-Kubernetes core/v1.LocalObjectReference
-
+int32
|
- PullSecret is a pull secret injected into the container runtime of guest -workers. It should have an “.dockerconfigjson” key containing the pull secret JSON. +Maximum number of nodes in all node groups. +Cluster autoscaler will not grow the cluster beyond this number. |
||
-auditWebhook
+maxPodGracePeriod
-
-Kubernetes core/v1.LocalObjectReference
-
+int32
|
-(Optional)
- AuditWebhook contains metadata for configuring an audit webhook -endpoint for a cluster to process cluster audit events. It references -a secret that contains the webhook information for the audit webhook endpoint. -It is a secret because if the endpoint has MTLS the kubeconfig will contain client -keys. This is currently only supported in IBM Cloud. The kubeconfig needs to be stored -in the secret with a secret key name that corresponds to the constant AuditWebhookKubeconfigKey. +Gives pods graceful termination time before scaling down +default: 600 seconds |
||
-issuerURL
+maxNodeProvisionTime
string
|
+ Maximum time CA waits for node to be provisioned +default: 15 minutes |
||
-sshKey
+podPriorityThreshold
-
-Kubernetes core/v1.LocalObjectReference
-
+int32
|
- SSHKey is a reference to a Secret containing a single key “id_rsa.pub”, -whose value is the public part of an SSH key that can be used to access -Nodes. +To allow users to schedule “best-effort” pods, which shouldn’t trigger +Cluster Autoscaler actions, but only run when there are spare resources available, +default: -10 +More info: https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#how-does-cluster-autoscaler-work-with-pod-priority-and-preemption |
+(Appears on: +HostedClusterSpec, +HostedControlPlaneSpec) +
++
ClusterConfiguration contains global configuration for a HostedCluster.
+ +| Field | +Description | +
|---|---|
-networking
+secretRefs
-
-ClusterNetworking
+
+[]Kubernetes core/v1.LocalObjectReference
|
- Networking contains network-specific settings for this cluster +(Optional) +SecretRefs holds references to secrets used in configuration entries +so that they can be properly synced by the hypershift operator. |
-autoscaling
+configMapRefs
-
-ClusterAutoscaling
+
+[]Kubernetes core/v1.LocalObjectReference
|
(Optional)
- Autoscaling for compute nodes only, does not cover control plane +ConfigMapRefs holds references to configmaps used in configuration entries +so that they can be properly synced by the hypershift operator. |
-platform
+items
-
-PlatformSpec
+
+[]k8s.io/apimachinery/pkg/runtime.RawExtension
|
+(Optional)
+ Items embeds the configuration resource |
+(Appears on: +HostedClusterSpec) +
++
+| Field | +Description | +
|---|---|
-infraID
+serviceCIDR
string
|
- InfraID is used to identify the cluster in cloud platforms |
-dns
+podCIDR
-
-DNSSpec
-
+string
|
- DNS configuration for the cluster |
-services
+machineCIDR
-
-[]ServicePublishingStrategyMapping
-
+string
|
- Services defines metadata about how control plane services are published -in the management cluster. -TODO (alberto): include Ignition endpoint here. |
-controllerAvailabilityPolicy
+networkType
-
-AvailabilityPolicy
+
+NetworkType
|
-(Optional)
- ControllerAvailabilityPolicy specifies whether to run control plane controllers in HA mode -Defaults to SingleReplica when not set. +NetworkType specifies the SDN provider used for cluster networking. |
-infrastructureAvailabilityPolicy
+apiServer
-
-AvailabilityPolicy
-
-
- |
-
-(Optional)
- InfrastructureAvailabilityPolicy specifies whether to run infrastructure services that -run on the guest cluster nodes in HA mode -Defaults to HighlyAvailable when not set - |
-
-etcd
-
-
-EtcdSpec
-
-
- |
-
- Etcd contains metadata about the etcd cluster the hypershift managed Openshift control plane components -use to store data. Changing the ManagementType for the etcd cluster is not supported after initial creation. - |
-
-configuration
-
-
-ClusterConfiguration
-
-
- |
-
-(Optional)
- Configuration embeds resources that correspond to the openshift configuration API: -https://docs.openshift.com/container-platform/4.7/rest_api/config_apis/config-apis-index.html - |
-
-imageContentSources
-
-
-[]ImageContentSource
-
-
- |
-
-(Optional)
- ImageContentSources lists sources/repositories for the release-image content. - |
-
-secretEncryption
-
-
-SecretEncryptionSpec
-
-
- |
-
-(Optional)
- SecretEncryption contains metadata about the kubernetes secret encryption strategy being used for the -cluster when applicable. - |
-
status
-
-
-HostedClusterStatus
+
+APIServerNetworking
APIServer contains advanced network settings for the API server that affect +how the APIServer is exposed inside a worker node.
(Appears on: -HostedCluster) +HostedClusterStatus)
-
HostedClusterSpec defines the desired state of HostedCluster
+ClusterVersionStatus reports the status of the cluster versioning, +including any upgrades that are in progress. The current field will +be set to whichever version the cluster is reconciling to, and the +conditions array will report whether the update succeeded, is in +progress, or is failing.
-release
+desired
Release
@@ -1768,255 +1530,274 @@ Release
|
- Release specifies the release image to use for this HostedCluster +desired is the version that the cluster is reconciling towards. +If the cluster is not yet fully initialized desired will be set +with the information available, which may be an image or a tag. |
-fips
+history
-bool
+[]github.com/openshift/api/config/v1.UpdateHistory
|
(Optional)
+ history contains a list of the most recent versions applied to the cluster. +This value may be empty during cluster startup, and then will be updated +when a new update is being applied. The newest update is first in the +list and it is ordered by recency. Updates in the history have state +Completed if the rollout completed - if an update was failing or halfway +applied the state will be Partial. Only a limited amount of update history +is preserved. |
-pullSecret
-
-
-Kubernetes core/v1.LocalObjectReference
-
-
- |
-
- PullSecret is a pull secret injected into the container runtime of guest -workers. It should have an “.dockerconfigjson” key containing the pull secret JSON. - |
-
-auditWebhook
+observedGeneration
-
-Kubernetes core/v1.LocalObjectReference
-
+int64
|
-(Optional)
- AuditWebhook contains metadata for configuring an audit webhook -endpoint for a cluster to process cluster audit events. It references -a secret that contains the webhook information for the audit webhook endpoint. -It is a secret because if the endpoint has MTLS the kubeconfig will contain client -keys. This is currently only supported in IBM Cloud. The kubeconfig needs to be stored -in the secret with a secret key name that corresponds to the constant AuditWebhookKubeconfigKey. +observedGeneration reports which version of the spec is being synced. +If this value is not equal to metadata.generation, then the desired +and conditions fields may represent a previous version. |
+
+
-issuerURL
-
-string
-
- |
-- | +Value | +Description |
|---|---|---|---|
"Available" |
+AWSEndpointServiceAvailable indicates whether the AWS Endpoint Service +has been created for the specified NLB + |
+||
"ClusterVersionFailing" |
++ | ||
"EtcdAvailable" |
++ | ||
"Available" |
+HostedClusterAvailable indicates whether the HostedCluster has a healthy +control plane. + |
+||
"Available" |
++ | ||
"IgnitionEndpointAvailable" |
+IgnitionEndpointAvailable indicates whether the ignition server for the +HostedCluster is available to handle ignition requests. + |
+||
"InfrastructureReady" |
++ | ||
"KubeAPIServerAvailable" |
++ | ||
"SupportedHostedCluster" |
+SupportedHostedCluster indicates whether a HostedCluster is supported by +the current configuration of the hypershift-operator. +e.g. If HostedCluster requests endpointAcess Private but the hypershift-operator +is running on a management cluster outside AWS or is not configured with AWS +credentials, the HostedCluster is not supported. + |
+||
"UnmanagedEtcdAvailable" |
+UnmanagedEtcdAvailable indicates whether a user-managed etcd cluster is +healthy. + |
+||
"ValidConfiguration" |
+ValidHostedClusterConfiguration indicates (if status is true) that the +ClusterConfiguration specified for the HostedCluster is valid. + |
+||
"ValidHostedControlPlaneConfiguration" |
++ |
+(Appears on: +HostedClusterSpec, +HostedControlPlaneSpec) +
++
DNSSpec specifies the DNS configuration in the cluster
+ +
-sshKey
-
-
-Kubernetes core/v1.LocalObjectReference
-
-
- |
-
- SSHKey is a reference to a Secret containing a single key “id_rsa.pub”, -whose value is the public part of an SSH key that can be used to access -Nodes. - |
+Field | +Description |
|---|---|---|---|
-networking
+baseDomain
-
-ClusterNetworking
-
+string
|
- Networking contains network-specific settings for this cluster +BaseDomain is the base domain of the cluster. |
||
-autoscaling
+publicZoneID
-
-ClusterAutoscaling
-
+string
|
(Optional)
- Autoscaling for compute nodes only, does not cover control plane - |
-||
-platform
-
-
-PlatformSpec
-
-
- |
-
+ PublicZoneID is the Hosted Zone ID where all the DNS records that are publicly accessible to +the internet exist. |
||
-infraID
+privateZoneID
string
|
- InfraID is used to identify the cluster in cloud platforms +(Optional) +PrivateZoneID is the Hosted Zone ID where all the DNS records that are only available internally +to the cluster exist. |
+(Appears on: +EtcdSpec) +
++
EtcdManagementType is a enum specifying the strategy for managing the cluster’s etcd instance
+ +
-dns
-
-
-DNSSpec
-
-
- |
-
- DNS configuration for the cluster - |
+Value | +Description |
|---|---|---|---|
"Managed" |
++ | ||
"Unmanaged" |
++ |
+(Appears on: +HostedClusterSpec, +HostedControlPlaneSpec) +
++
+
-services
-
-
-[]ServicePublishingStrategyMapping
-
-
- |
-
- Services defines metadata about how control plane services are published -in the management cluster. -TODO (alberto): include Ignition endpoint here. - |
+Field | +Description |
|---|---|---|---|
-controllerAvailabilityPolicy
+managementType
-
-AvailabilityPolicy
+
+EtcdManagementType
|
-(Optional)
- ControllerAvailabilityPolicy specifies whether to run control plane controllers in HA mode -Defaults to SingleReplica when not set. +ManagementType defines how the etcd cluster is managed. Unmanaged means +the etcd cluster is managed by a system outside the hypershift controllers. +Managed means the hypershift controllers manage the provisioning of the etcd cluster +and the operations around it |
||
-infrastructureAvailabilityPolicy
+managed
-
-AvailabilityPolicy
+
+ManagedEtcdSpec
|
(Optional)
- InfrastructureAvailabilityPolicy specifies whether to run infrastructure services that -run on the guest cluster nodes in HA mode -Defaults to HighlyAvailable when not set - |
-||
-etcd
-
-
-EtcdSpec
-
-
- |
-
- Etcd contains metadata about the etcd cluster the hypershift managed Openshift control plane components -use to store data. Changing the ManagementType for the etcd cluster is not supported after initial creation. +Managed provides metadata that defines how the hypershift controllers manage the etcd cluster |
||
-configuration
+unmanaged
-
-ClusterConfiguration
+
+UnmanagedEtcdSpec
|
(Optional)
- Configuration embeds resources that correspond to the openshift configuration API: -https://docs.openshift.com/container-platform/4.7/rest_api/config_apis/config-apis-index.html +Unmanaged provides metadata that enables the Openshift controllers to connect to the external etcd cluster |
+(Appears on: +UnmanagedEtcdSpec) +
++
+
-imageContentSources
-
-
-[]ImageContentSource
-
-
- |
-
-(Optional)
- ImageContentSources lists sources/repositories for the release-image content. - |
+Field | +Description |
|---|---|---|---|
-secretEncryption
+clientSecret
-
-SecretEncryptionSpec
+
+Kubernetes core/v1.LocalObjectReference
|
-(Optional)
- SecretEncryption contains metadata about the kubernetes secret encryption strategy being used for the -cluster when applicable. +ClientSecret refers to a secret for client MTLS authentication with the etcd cluster +The CA must be stored at secret key etcd-client-ca.crt. +The client cert must be stored at secret key etcd-client.crt. +The client key must be stored at secret key etcd-client.key. |
(Appears on: -HostedCluster) +AWSResourceReference)
-
HostedClusterStatus defines the observed state of HostedCluster
+Filter is a filter used to identify an AWS resource
-version
-
-
-ClusterVersionStatus
-
-
- |
-
-(Optional)
- Version is the status of the release version applied to the -HostedCluster. - |
-
-kubeconfig
-
-
-Kubernetes core/v1.LocalObjectReference
-
-
- |
-
-(Optional)
- KubeConfig is a reference to the secret containing the default kubeconfig -for the cluster. - |
-
-ignitionEndpoint
+name
string
|
-(Optional)
- IgnitionEndpoint is the endpoint injected in the ign config userdata. -It exposes the config for instances to become kubernetes nodes. +Name of the filter. Filter names are case-sensitive. |
-conditions
+values
-
-[]Kubernetes meta/v1.Condition
-
+[]string
|
+ Values includes one or more filter values. Filter values are case-sensitive. |
+(Appears on: +HostedCluster) +
-
HostedControlPlane defines the desired state of HostedControlPlane
+HostedClusterSpec defines the desired state of HostedCluster
-metadata
+release
-
-Kubernetes meta/v1.ObjectMeta
+
+Release
|
-Refer to the Kubernetes API documentation for the fields of the
-metadata field.
+Release specifies the release image to use for this HostedCluster |
||||||||||||||||||||||||||||||||||||||||
-spec
-
-
-HostedControlPlaneSpec
-
-
- |
-
- - -
+(Appears on: +HostedCluster) + ++ HostedClusterStatus defines the observed state of HostedCluster + +
IgnitionEndpoint is the endpoint injected in the ign config userdata. +It exposes the config for instances to become kubernetes nodes. |
||||||||||||||||||||||||||||||||||||||||
-status
+conditions
-
-HostedControlPlaneStatus
+
+[]Kubernetes meta/v1.Condition
|
@@ -2433,12 +2172,7 @@ HostedControlPlaneStatus
-(Appears on: -HostedControlPlane) -
+###HostedControlPlaneSpec { #hypershift.openshift.io/v1alpha1.HostedControlPlaneSpec }
HostedControlPlaneSpec defines the desired state of HostedControlPlane
@@ -2745,12 +2479,7 @@ cluster when applicable. --(Appears on: -HostedControlPlane) -
+###HostedControlPlaneStatus { #hypershift.openshift.io/v1alpha1.HostedControlPlaneStatus }
HostedControlPlaneStatus defines the observed state of HostedControlPlane
@@ -2885,8 +2614,7 @@ Current condition types are: “Available” -(Appears on: IBMCloudKMSSpec) @@ -2946,8 +2674,7 @@ KMS system (all provider managed).
-string alias)(Appears on: IBMCloudKMSAuthSpec) @@ -2955,8 +2682,24 @@ KMS system (all provider managed).
IBMCloudKMSAuthType defines the IBM Cloud KMS authentication strategy
-| Value | +Description | +
|---|---|
"Managed" |
+IBMCloudKMSManagedAuth defines the KMS authentication strategy where the IKS/ROKS platform uses +service to service auth to call IBM Cloud KMS APIs (no customer credentials requried) + |
+
"Unmanaged" |
+IBMCloudKMSUnmanagedAuth defines the KMS authentication strategy where a customer supplies IBM Cloud +authentication to interact with IBM Cloud KMS APIs + |
+
(Appears on: IBMCloudKMSSpec) @@ -3030,8 +2773,7 @@ key is enabled for data encryption.
-(Appears on: IBMCloudKMSAuthSpec) @@ -3040,8 +2782,7 @@ key is enabled for data encryption.
IBMCloudKMSManagedAuthSpec defines metadata around the service to service authentication strategy for the IBM Cloud KMS system (all provider managed).
-(Appears on: KMSSpec) @@ -3096,8 +2837,7 @@ IBMCloudKMSAuthSpec -
(Appears on: IBMCloudKMSAuthSpec) @@ -3129,8 +2869,7 @@ call IBM Cloud KMS APIs
-(Appears on: HostedClusterSpec, @@ -3172,16 +2911,14 @@ string -
(Appears on: NodePoolManagement)
-
string alias)(Appears on: KMSSpec) @@ -3189,8 +2926,20 @@ string
KMSProvider defines the supported KMS providers
-| Value | +Description | +
|---|---|
"AWS" |
++ |
"IBMCloud" |
++ |
(Appears on: SecretEncryptionSpec) @@ -3249,47 +2998,7 @@ AWSKMSSpec -
-(Appears on: -HostedControlPlaneSpec, -HostedControlPlaneStatus) -
--
-| Field | -Description | -
|---|---|
-name
-
-string
-
- |
-- | -
-key
-
-string
-
- |
-- | -
(Appears on: EtcdSpec) @@ -3319,8 +3028,7 @@ ManagedEtcdStorageSpec -
(Appears on: ManagedEtcdSpec) @@ -3368,16 +3076,26 @@ availability configuration).
-string alias)(Appears on: ManagedEtcdStorageSpec)
-
string alias)| Value | +Description | +
|---|---|
"PersistentVolume" |
+PersistentVolumeEtcdStorage uses PersistentVolumes for etcd storage. + |
+
(Appears on: ClusterNetworking, @@ -3386,160 +3104,22 @@ availability configuration).
NetworkType specifies the SDN provider used for cluster networking.
--
NodePool defines the desired state of NodePool
-| Field | +Value | Description | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
-metadata
-
-
-Kubernetes meta/v1.ObjectMeta
-
-
- |
-
-Refer to the Kubernetes API documentation for the fields of the
-metadata field.
- |
-||||||||||||||||
-spec
-
-
-NodePoolSpec
-
-
- |
-
- - -
|
-||||||||||||||||
-status
-
-
-NodePoolStatus
-
-
- |
-+ | ||||||||||||||||
"OpenShiftSDN" |
+OpenShiftSDN specifies OpenshiftSDN as the SDN provider |
-
(Appears on: NodePoolSpec) @@ -3576,8 +3156,7 @@ int32 -
(Appears on: NodePoolSpec) @@ -3641,8 +3220,7 @@ bool -
(Appears on: NodePoolSpec) @@ -3686,8 +3264,7 @@ AWSNodePoolPlatform -
(Appears on: NodePool) @@ -3800,8 +3377,7 @@ Release specifies the release image to use for this HostedCluster
-(Appears on: NodePool) @@ -3857,8 +3433,7 @@ an image artifact e.g an AMI in AWS.
-(Appears on: ServicePublishingStrategy) @@ -3898,8 +3473,7 @@ int32 -
(Appears on: ManagedEtcdStorageSpec) @@ -3945,8 +3519,7 @@ k8s.io/apimachinery/pkg/api/resource.Quantity -
(Appears on: HostedClusterSpec, @@ -3991,8 +3564,7 @@ AWSPlatformSpec -
string alias)(Appears on: NodePoolPlatform, @@ -4001,8 +3573,23 @@ AWSPlatformSpec
PlatformType is a specific supported infrastructure provider.
-string alias)| Value | +Description | +
|---|---|
"AWS" |
+AWSPlatformType represents Amazon Web Services infrastructure. + |
+
"IBMCloud" |
++ |
"None" |
++ |
(Appears on: ServicePublishingStrategy) @@ -4010,8 +3597,7 @@ AWSPlatformSpec
PublishingStrategyType defines publishing strategies for services.
-(Appears on: ClusterVersionStatus, @@ -4041,8 +3627,7 @@ string -
(Appears on: NodePoolManagement) @@ -4083,8 +3668,7 @@ RollingUpdate -
(Appears on: ReplaceUpgrade) @@ -4125,8 +3709,7 @@ k8s.io/apimachinery/pkg/util/intstr.IntOrString -
(Appears on: HostedClusterSpec, @@ -4187,8 +3770,7 @@ AESCBCSpec -
string alias)(Appears on: SecretEncryptionSpec) @@ -4196,8 +3778,22 @@ AESCBCSpec
SecretEncryptionType defines the type of kube secret encryption being used.
-| Value | +Description | +
|---|---|
"aescbc" |
+AESCBC uses AES-CBC with PKCS#7 padding to do secret encryption + |
+
"kms" |
+KMS integrates with a cloud provider’s key management service to do secret encryption + |
+
(Appears on: ServicePublishingStrategyMapping) @@ -4241,8 +3837,7 @@ NodePortPublishingStrategy -
(Appears on: HostedClusterSpec, @@ -4286,8 +3881,7 @@ ServicePublishingStrategy -
string alias)(Appears on: ServicePublishingStrategyMapping) @@ -4295,8 +3889,7 @@ ServicePublishingStrategy
ServiceType defines what control plane services can be exposed from the management control plane
-(Appears on: EtcdSpec) @@ -4340,24 +3933,47 @@ the etcd cluster
-string alias)(Appears on: ReplaceUpgrade)
-
string alias)| Value | +Description | +
|---|---|
"OnDelete" |
++ |
"RollingUpdate" |
++ |
(Appears on: NodePoolManagement)
-
| Value | +Description | +
|---|---|
"InPlace" |
++ |
"Replace" |
++ |
(Appears on: AWSNodePoolPlatform) diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index 4bb056d6a3..d88140b69c 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -9,3 +9,7 @@ plugins: docs_dir: content repo_url: https://github.com/openshift/hypershift repo_name: openshift/hypershift +markdown_extensions: +- toc: + toc_depth: "2-2" +- attr_list: