diff --git a/apiextensions/install.go b/apiextensions/install.go index adaca4d6bad..6691adc1aec 100644 --- a/apiextensions/install.go +++ b/apiextensions/install.go @@ -4,6 +4,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" + apiextensionsv1 "github.com/openshift/api/apiextensions/v1" apiextensionsv1alpha1 "github.com/openshift/api/apiextensions/v1alpha1" ) @@ -12,7 +13,7 @@ const ( ) var ( - schemeBuilder = runtime.NewSchemeBuilder(apiextensionsv1alpha1.Install) + schemeBuilder = runtime.NewSchemeBuilder(apiextensionsv1alpha1.Install, apiextensionsv1.Install) // Install is a function which adds every version of this group to a scheme Install = schemeBuilder.AddToScheme ) diff --git a/apiextensions/v1/Makefile b/apiextensions/v1/Makefile new file mode 100644 index 00000000000..0d5fd08072d --- /dev/null +++ b/apiextensions/v1/Makefile @@ -0,0 +1,3 @@ +.PHONY: test +test: + make -C ../../tests test GINKGO_EXTRA_ARGS=--focus="apiextensions.openshift.io/v1" diff --git a/apiextensions/v1/doc.go b/apiextensions/v1/doc.go new file mode 100644 index 00000000000..54634166639 --- /dev/null +++ b/apiextensions/v1/doc.go @@ -0,0 +1,9 @@ +// +k8s:deepcopy-gen=package,register +// +k8s:defaulter-gen=TypeMeta +// +k8s:openapi-gen=true +// +k8s:openapi-model-package=com.github.openshift.api.apiextensions.v1 +// +openshift:featuregated-schema-gen=true + +// +groupName=apiextensions.openshift.io +// Package v1 is the v1 version of the API. +package v1 diff --git a/apiextensions/v1/manual-override-crd-manifests/compatibilityrequirements.apiextensions.openshift.io/CRDCompatibilityRequirementOperator.yaml b/apiextensions/v1/manual-override-crd-manifests/compatibilityrequirements.apiextensions.openshift.io/CRDCompatibilityRequirementOperator.yaml new file mode 100644 index 00000000000..c8fbde3ec06 --- /dev/null +++ b/apiextensions/v1/manual-override-crd-manifests/compatibilityrequirements.apiextensions.openshift.io/CRDCompatibilityRequirementOperator.yaml @@ -0,0 +1,540 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/2479 + feature-gate.release.openshift.io/CRDCompatibilityRequirementOperator: "true" + name: compatibilityrequirements.apiextensions.openshift.io +spec: + group: apiextensions.openshift.io + names: + kind: CompatibilityRequirement + listKind: CompatibilityRequirementList + plural: compatibilityrequirements + singular: compatibilityrequirement + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + CompatibilityRequirement expresses a set of requirements on a target CRD. + It is used to ensure compatibility between different actors using the same + CRD. + + Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Compatibility Requirement. + properties: + compatibilitySchema: + description: |- + compatibilitySchema defines the schema used by + customResourceDefinitionSchemaValidation and objectSchemaValidation. + This field is required. + properties: + customResourceDefinition: + description: |- + customResourceDefinition contains the complete definition of the CRD for schema and object validation purposes. + This field is required. + properties: + data: + description: |- + data contains the complete definition of the CRD. This field must be in + the format specified by the type field. It may not be longer than 1572864 + characters. + This field is required. + maxLength: 1572864 + minLength: 1 + type: string + type: + description: |- + type indicates the type of the CRD data. The only supported type is "YAML". + This field is required. + enum: + - YAML + type: string + required: + - data + - type + type: object + excludedFields: + description: |- + excludedFields is a set of fields in the schema which will not be validated by + crdSchemaValidation or objectSchemaValidation. + The list may contain at most 64 fields. + Each path in the list must be unique. + When not specified, all fields in the schema will be validated. + items: + description: |- + APIExcludedField describes a field in the schema which will not be validated by + crdSchemaValidation or objectSchemaValidation. + properties: + path: + description: |- + path is the path to the field in the schema. + Paths are dot-separated field names (e.g., "fieldA.fieldB.fieldC") representing nested object fields. + If part of the path is a slice (e.g., "status.conditions") the remaining path is applied to all items in the slice + (e.g., "status.conditions.lastTransitionTimestamp"). + Each field name must be a valid Kubernetes CRD field name: start with a letter, contain only + letters, digits, and underscores, and be between 1 and 63 characters in length. + A path may contain at most 16 fields. + maxLength: 1023 + minLength: 1 + type: string + x-kubernetes-validations: + - message: There may be at most 16 fields in the path. + rule: self.split('.').size() <= 16 + - message: path must be dot-separated field names, each + starting with a letter and containing only letters, + digits, and underscores not exceeding 63 characters. + There may be at most 16 fields in the path. + rule: self.split('.', 16).all(f, f.matches('^[a-zA-Z][a-zA-Z0-9_]{0,62}$')) + versions: + description: |- + versions are the API versions the field is excluded from. + When not specified, the field is excluded from all versions. + + Each item must be at most 63 characters in length, and must must + consist of only lowercase alphanumeric characters and hyphens, and must + start with an alphabetic character and end with an alphanumeric + character. + At most 32 versions may be specified. + items: + description: APIVersionString is a string representing + a kubernetes API version. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: It must contain only lower-case alphanumeric + characters and hyphens and must start with an alphabetic + character and end with an alphanumeric character + rule: '!format.dns1035Label().validate(self).hasValue()' + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - path + - versions + type: object + maxItems: 64 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: each path in the list must be unique. + rule: self.all(x, self.exists_one(y, y.path == x.path)) + requiredVersions: + description: |- + requiredVersions specifies a subset of the CRD's API versions which will be asserted for compatibility. + This field is required. + properties: + additionalVersions: + description: |- + additionalVersions specifies a set api versions to require in addition to + the default selection. It is explicitly permitted to specify a version in + additionalVersions which was also selected by the default selection. The + selections will be merged and deduplicated. + + Each item must be at most 63 characters in length, and must must consist + of only lowercase alphanumeric characters and hyphens, and must start + with an alphabetic character and end with an alphanumeric character.// with an alphabetic character and end with an alphanumeric character. + At most 32 additional versions may be specified. + items: + description: APIVersionString is a string representing a + kubernetes API version. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: It must contain only lower-case alphanumeric + characters and hyphens and must start with an alphabetic + character and end with an alphanumeric character + rule: '!format.dns1035Label().validate(self).hasValue()' + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-type: set + defaultSelection: + description: |- + defaultSelection specifies a method for automatically selecting a set of + versions to require. + + Valid options are StorageOnly and AllServed. + When set to StorageOnly, only the storage version is selected for + compatibility assessment. + When set to AllServed, all served versions are selected for compatibility + assessment. + + This field is required. + enum: + - StorageOnly + - AllServed + type: string + required: + - defaultSelection + type: object + x-kubernetes-validations: + - message: additionalVersions may not be defined when defaultSelection + is 'AllServed' + rule: self.defaultSelection != 'AllServed' || !has(self.additionalVersions) + required: + - customResourceDefinition + - requiredVersions + type: object + customResourceDefinitionSchemaValidation: + description: |- + customResourceDefinitionSchemaValidation ensures that updates to the + installed CRD are compatible with this compatibility requirement. If not + specified, admission of the target CRD will not be validated. + This field is optional. + properties: + action: + description: |- + action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). + Valid options are Deny and Warn. + When set to Deny, incompatible CRDs will be rejected and not admitted to the cluster. + When set to Warn, incompatible CRDs will be allowed but a warning will be generated in the API response. + This field is required. + enum: + - Deny + - Warn + type: string + required: + - action + type: object + objectSchemaValidation: + description: |- + objectSchemaValidation ensures that matching resources conform to + compatibilitySchema. If not specified, admission of matching resources + will not be validated. + This field is optional. + properties: + action: + description: |- + action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). + Valid options are Deny and Warn. + When set to Deny, incompatible Objects will be rejected and not admitted to the cluster. + When set to Warn, incompatible Objects will be allowed but a warning will be generated in the API response. + This field is required. + enum: + - Deny + - Warn + type: string + matchConditions: + description: |- + matchConditions defines the matchConditions field of the resulting ValidatingWebhookConfiguration. + When present, must contain between 1 and 64 match conditions. + When not specified, the webhook will match all requests according to its other selectors. + items: + description: MatchCondition represents a condition which must + by fulfilled for a request to be sent to a webhook. + properties: + expression: + description: |- + Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. + CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables: + + 'object' - The object from the incoming request. The value is null for DELETE requests. + 'oldObject' - The existing object. The value is null for CREATE requests. + 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). + 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request. + See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz + 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the + request resource. + Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ + + Required. + type: string + name: + description: |- + Name is an identifier for this match condition, used for strategic merging of MatchConditions, + as well as providing an identifier for logging purposes. A good name should be descriptive of + the associated expression. + Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and + must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or + '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an + optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName') + + Required. + type: string + required: + - expression + - name + type: object + maxItems: 64 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + namespaceSelector: + description: |- + namespaceSelector defines a label selector for namespaces. If defined, + only objects in a namespace with matching labels will be subject to + validation. When not specified, objects for validation will not be + filtered by namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + x-kubernetes-validations: + - message: must have at least one of matchLabels or matchExpressions + when specified + rule: size(self.matchLabels) > 0 || size(self.matchExpressions) + > 0 + objectSelector: + description: |- + objectSelector defines a label selector for objects. If defined, only + objects with matching labels will be subject to validation. When not + specified, objects for validation will not be filtered by label. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + x-kubernetes-validations: + - message: must have at least one of matchLabels or matchExpressions + when specified + rule: size(self.matchLabels) > 0 || size(self.matchExpressions) + > 0 + required: + - action + type: object + required: + - compatibilitySchema + type: object + status: + description: status is the most recently observed status of the Compatibility + Requirement. + minProperties: 1 + properties: + conditions: + description: |- + conditions is a list of conditions and their status. + Known condition types are Progressing, Admitted, and Compatible. + + The Progressing condition indicates if reconciliation of a CompatibilityRequirement is still + progressing or has finished. + + The Admitted condition indicates if the validating webhook has been configured. + + The Compatible condition indicates if the observed CRD is compatible with the requirement. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + crdName: + description: |- + crdName is the name of the target CRD. The target CRD is not required to + exist, as we may legitimately place requirements on it before it is + created. The observed CRD is given in status.observedCRD, which will be + empty if no CRD is observed. + When present, must be between 1 and 253 characters and conform to RFC 1123 subdomain format: + lowercase alphanumeric characters, '-' or '.', starting and ending with alphanumeric characters. + When not specified, the requirement applies to any CRD name discovered from the compatibility schema. + This field is optional. Once set, the value cannot be changed and must always remain set. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: a lowercase RFC 1123 subdomain must consist of lower case + alphanumeric characters, '-' or '.', and must start and end with + an alphanumeric character. + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + observedCRD: + description: |- + observedCRD documents the uid and generation of the CRD object when the current status was written. + This field will be omitted if the target CRD does not exist or could not be retrieved. + properties: + generation: + description: |- + generation is the observed generation of the CRD. + Must be a positive integer (minimum value of 1). + format: int64 + minimum: 1 + type: integer + uid: + description: |- + uid is the uid of the observed CRD. + Must be a valid UUID consisting of lowercase hexadecimal digits in 5 hyphenated blocks (8-4-4-4-12 format). + Length must be between 1 and 36 characters. + format: uuid + maxLength: 36 + minLength: 1 + type: string + required: + - generation + - uid + type: object + x-kubernetes-validations: + - message: generation may only increase on the same CRD + rule: oldSelf.uid != self.uid || self.generation >= oldSelf.generation + type: object + x-kubernetes-validations: + - message: crdName cannot be changed once set + rule: '!has(oldSelf.crdName) || has(self.crdName) && oldSelf.crdName + == self.crdName' + required: + - metadata + - spec + type: object + served: true + storage: false + subresources: + status: {} diff --git a/apiextensions/v1/register.go b/apiextensions/v1/register.go new file mode 100644 index 00000000000..4e1d4d826d7 --- /dev/null +++ b/apiextensions/v1/register.go @@ -0,0 +1,39 @@ +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +var ( + GroupName = "apiextensions.openshift.io" + GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} + schemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + // Install is a function which adds this version to a scheme + Install = schemeBuilder.AddToScheme + + // SchemeGroupVersion generated code relies on this name + // Deprecated + SchemeGroupVersion = GroupVersion + // AddToScheme exists solely to keep the old generators creating valid code + // DEPRECATED + AddToScheme = schemeBuilder.AddToScheme +) + +// Resource generated code relies on this being here, but it logically belongs to the group +// DEPRECATED +func Resource(resource string) schema.GroupResource { + return schema.GroupResource{Group: GroupName, Resource: resource} +} + +func addKnownTypes(scheme *runtime.Scheme) error { + metav1.AddToGroupVersion(scheme, GroupVersion) + + scheme.AddKnownTypes(GroupVersion, + &CompatibilityRequirement{}, + &CompatibilityRequirementList{}, + ) + + return nil +} diff --git a/apiextensions/v1/tests/compatibilityrequirements.apiextensions.openshift.io/CRDCompatibilityRequirementOperator.yaml b/apiextensions/v1/tests/compatibilityrequirements.apiextensions.openshift.io/CRDCompatibilityRequirementOperator.yaml new file mode 100644 index 00000000000..4617e24c376 --- /dev/null +++ b/apiextensions/v1/tests/compatibilityrequirements.apiextensions.openshift.io/CRDCompatibilityRequirementOperator.yaml @@ -0,0 +1,1431 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "CompatibilityRequirement" +crdName: compatibilityrequirements.apiextensions.openshift.io +version: v1 +tests: + onCreate: + - name: Should be able to create a minimal CompatibilityRequirement + initial: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + requiredVersions: + defaultSelection: StorageOnly + expected: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + requiredVersions: + defaultSelection: StorageOnly + + - name: Should be able to create CompatibilityRequirement with additional API versions + initial: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + additionalVersions: + - v1alpha1 + - v1beta1 + expected: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + additionalVersions: + - v1alpha1 + - v1beta1 + + - name: Should be able to create CompatibilityRequirement with excluded fields + initial: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + excludedFields: + - path: spec.fieldToExclude + versions: + - v1 + - path: status.anotherField + versions: + - v1alpha1 + expected: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + excludedFields: + - path: spec.fieldToExclude + versions: + - v1 + - path: status.anotherField + versions: + - v1alpha1 + + - name: Should not be able to create CompatibilityRequirement with excluded fields with duplicate paths + initial: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + excludedFields: + - path: spec.fieldToExclude + versions: + - v1 + - path: spec.fieldToExclude + versions: + - v1alpha1 + expectedError: "spec.compatibilitySchema.excludedFields: Invalid value: \"array\": each path in the list must be unique." + + - name: Should not be able to create CompatibilityRequirement with invalid excluded field path + initial: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + excludedFields: + - path: "1invalidFieldName" + versions: + - v1 + expectedError: "spec.compatibilitySchema.excludedFields[0].path: Invalid value" + + - name: Should not be able to create CompatibilityRequirement with invalid DNS 1035 label in additionalVersions + initial: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + additionalVersions: + - V1Alpha1 + expectedError: "It must contain only lower-case alphanumeric characters and hyphens and must start with an alphabetic character and end with an alphanumeric character" + + - name: Should not be able to create CompatibilityRequirement with additionalVersions when defaultSelection is AllServed + initial: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: AllServed + additionalVersions: + - v1alpha1 + expectedError: "additionalVersions may not be defined when defaultSelection is 'AllServed'" + + - name: Should not be able to create CompatibilityRequirement with excludedFields path containing field name exceeding 63 characters + initial: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + excludedFields: + - path: spec.thisFieldNameIsWayTooLongBecauseItExceedsSixtyThreeCharactersInLength + versions: + - v1 + expectedError: "path must be dot-separated field names, each starting with a letter and containing only letters, digits, and underscores not exceeding 63 characters" + + - name: Should not be able to create CompatibilityRequirement with excludedFields path containing more than 16 fields + initial: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + excludedFields: + - path: a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q + versions: + - v1 + expectedError: "path must be dot-separated field names, each starting with a letter and containing only letters, digits, and underscores not exceeding 63 characters. There may be at most 16 fields in the path" + + - name: Should not be able to create CompatibilityRequirement with excludedFields path containing invalid characters + initial: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + excludedFields: + - path: spec.field-name + versions: + - v1 + expectedError: "path must be dot-separated field names, each starting with a letter and containing only letters, digits, and underscores not exceeding 63 characters" + + - name: Should be able to create CompatibilityRequirement with excludedFields path containing exactly 16 fields + initial: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + excludedFields: + - path: a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p + versions: + - v1 + expected: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + excludedFields: + - path: a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p + versions: + - v1 + + - name: Should not be able to create CompatibilityRequirement with empty objectSchemaValidation.namespaceSelector + initial: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + objectSchemaValidation: + action: Warn + namespaceSelector: {} + expectedError: "must have at least one of matchLabels or matchExpressions when specified" + - name: Should not be able to create CompatibilityRequirement with zero length objectSchemaValidation.namespaceSelector matchLabels and matchExpressions + initial: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + objectSchemaValidation: + action: Warn + namespaceSelector: + matchLabels: {} + matchExpressions: [] + expectedError: "must have at least one of matchLabels or matchExpressions when specified" + + onUpdate: + - name: Should be able to set valid observedCRD uid + initial: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + updated: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + status: + observedCRD: + uid: "123e4567-e89b-12d3-a456-426614174000" + generation: 1 + expected: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + status: + observedCRD: + uid: "123e4567-e89b-12d3-a456-426614174000" + generation: 1 + + - name: Should not be able to set invalid observedCRD uid + initial: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + updated: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + status: + observedCRD: + uid: "invalid-uuid" + generation: 1 + expectedStatusError: "status.observedCRD.uid: Invalid value: \"invalid-uuid\": observedCRD.uid in body must be of type uuid: \"invalid-uuid\"" + + - name: observedCRD may increase for the same CRD + initial: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + status: + observedCRD: + uid: "123e4567-e89b-12d3-a456-426614174000" + generation: 1 + updated: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + status: + observedCRD: + uid: "123e4567-e89b-12d3-a456-426614174000" + generation: 2 + expected: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + status: + observedCRD: + uid: "123e4567-e89b-12d3-a456-426614174000" + generation: 2 + + - name: Should not be able to decrease observedCRD.generation for the same CRD UID + initial: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + status: + observedCRD: + uid: "123e4567-e89b-12d3-a456-426614174000" + generation: 5 + conditions: + - type: Progressing + status: "True" + lastTransitionTime: "2023-01-01T00:00:00Z" + reason: "UpToDate" + message: "Processing" + updated: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + status: + observedCRD: + uid: "123e4567-e89b-12d3-a456-426614174000" + generation: 3 + conditions: + - type: Progressing + status: "True" + lastTransitionTime: "2023-01-01T00:00:00Z" + reason: "UpToDate" + message: "Processing" + expectedStatusError: "generation may only increase on the same CRD" + + - name: Should be able to decrease generation when UID changes + initial: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + status: + observedCRD: + uid: "123e4567-e89b-12d3-a456-426614174000" + generation: 5 + conditions: + - type: Progressing + status: "True" + lastTransitionTime: "2023-01-01T00:00:00Z" + reason: "UpToDate" + message: "Processing" + updated: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + status: + observedCRD: + uid: "987fcdeb-51a2-43d1-b654-123456789abc" + generation: 1 + conditions: + - type: Progressing + status: "True" + lastTransitionTime: "2023-01-01T00:00:00Z" + reason: "UpToDate" + message: "Processing" + expected: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + status: + observedCRD: + uid: "987fcdeb-51a2-43d1-b654-123456789abc" + generation: 1 + conditions: + - type: Progressing + status: "True" + lastTransitionTime: "2023-01-01T00:00:00Z" + reason: "UpToDate" + message: "Processing" + + - name: Should be able to set crdName initially + initial: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + status: + conditions: + - type: Progressing + status: "True" + lastTransitionTime: "2023-01-01T00:00:00Z" + reason: "UpToDate" + message: "Processing" + updated: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + status: + crdName: original.example.com + conditions: + - type: Progressing + status: "True" + lastTransitionTime: "2023-01-01T00:00:00Z" + reason: "UpToDate" + message: "Processing" + expected: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + status: + crdName: original.example.com + conditions: + - type: Progressing + status: "True" + lastTransitionTime: "2023-01-01T00:00:00Z" + reason: "UpToDate" + message: "Processing" + + - name: Should not be able to change crdName once set in status + initial: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + status: + crdName: original.example.com + conditions: + - type: Progressing + status: "True" + lastTransitionTime: "2023-01-01T00:00:00Z" + reason: "UpToDate" + message: "Processing" + updated: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + status: + crdName: different.example.com + conditions: + - type: Progressing + status: "True" + lastTransitionTime: "2023-01-01T00:00:00Z" + reason: "UpToDate" + message: "Processing" + expectedStatusError: "crdName cannot be changed once set" + + - name: Should not be able to remove crdName once set in status + initial: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + status: + crdName: original.example.com + conditions: + - type: Progressing + status: "True" + lastTransitionTime: "2023-01-01T00:00:00Z" + reason: "UpToDate" + message: "Processing" + updated: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + status: + conditions: + - type: Progressing + status: "True" + lastTransitionTime: "2023-01-01T00:00:00Z" + reason: "UpToDate" + message: "Processing" + expectedStatusError: "crdName cannot be changed once set" + + - name: Should be able to set valid observedCRD uid + initial: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + status: + observedCRD: + uid: "123e4567-e89b-12d3-a456-426614174000" + generation: 1 + updated: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + status: + observedCRD: + uid: "123e4567-e89b-12d3-a456-426614174000" + generation: 1 + expected: | + apiVersion: apiextensions.openshift.io/v1 + kind: CompatibilityRequirement + metadata: + name: test-requirement + spec: + compatibilitySchema: + customResourceDefinition: + type: YAML + data: | + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: testrequirements.example.com + spec: + group: example.com + names: + kind: TestRequirement + plural: testrequirements + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + requiredVersions: + defaultSelection: StorageOnly + status: + observedCRD: + uid: "123e4567-e89b-12d3-a456-426614174000" + generation: 1 diff --git a/apiextensions/v1/types_compatibilityrequirement.go b/apiextensions/v1/types_compatibilityrequirement.go new file mode 100644 index 00000000000..e6a009cd05b --- /dev/null +++ b/apiextensions/v1/types_compatibilityrequirement.go @@ -0,0 +1,390 @@ +package v1 + +import ( + admissionregistrationv1 "k8s.io/api/admissionregistration/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// CompatibilityRequirement expresses a set of requirements on a target CRD. +// It is used to ensure compatibility between different actors using the same +// CRD. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +openshift:file-pattern=cvoRunLevel=0000_20,operatorName=crd-compatibility-checker,operatorOrdering=01 +// +openshift:enable:FeatureGate=CRDCompatibilityRequirementOperator +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:resource:path=compatibilityrequirements,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/2479 +// +kubebuilder:metadata:annotations="release.openshift.io/feature-gate=CRDCompatibilityRequirementOperator" +type CompatibilityRequirement struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +required + metav1.ObjectMeta `json:"metadata,omitzero"` + + // spec is the specification of the desired behavior of the Compatibility Requirement. + // +required + Spec CompatibilityRequirementSpec `json:"spec,omitzero"` + + // status is the most recently observed status of the Compatibility Requirement. + // +optional + Status CompatibilityRequirementStatus `json:"status,omitzero"` +} + +// CompatibilityRequirementSpec is the specification of the desired behavior of the Compatibility Requirement. +type CompatibilityRequirementSpec struct { + // compatibilitySchema defines the schema used by + // customResourceDefinitionSchemaValidation and objectSchemaValidation. + // This field is required. + // +required + CompatibilitySchema CompatibilitySchema `json:"compatibilitySchema,omitzero"` + + // customResourceDefinitionSchemaValidation ensures that updates to the + // installed CRD are compatible with this compatibility requirement. If not + // specified, admission of the target CRD will not be validated. + // This field is optional. + // +optional + CustomResourceDefinitionSchemaValidation CustomResourceDefinitionSchemaValidation `json:"customResourceDefinitionSchemaValidation,omitzero"` + + // objectSchemaValidation ensures that matching resources conform to + // compatibilitySchema. If not specified, admission of matching resources + // will not be validated. + // This field is optional. + // +optional + ObjectSchemaValidation ObjectSchemaValidation `json:"objectSchemaValidation,omitzero"` +} + +// CRDDataType indicates the type of the CRD data. +// +kubebuilder:validation:Enum=YAML +type CRDDataType string + +const ( + // CRDDataTypeYAML indicates that the CRD data is in YAML format. + CRDDataTypeYAML CRDDataType = "YAML" +) + +// CRDData contains the complete definition of a CRD. +type CRDData struct { + // type indicates the type of the CRD data. The only supported type is "YAML". + // This field is required. + // +required + Type CRDDataType `json:"type,omitempty"` + + // data contains the complete definition of the CRD. This field must be in + // the format specified by the type field. It may not be longer than 1572864 + // characters. + // This field is required. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1572864 + // +required + Data string `json:"data,omitempty"` +} + +// APIVersionSelectionType specifies a method for automatically selecting a +// set of API versions to require. +// +kubebuilder:validation:Enum=StorageOnly;AllServed +type APIVersionSelectionType string + +const ( + APIVersionSetTypeStorageOnly APIVersionSelectionType = "StorageOnly" + APIVersionSetTypeAllServed APIVersionSelectionType = "AllServed" +) + +// APIVersionString is a string representing a kubernetes API version. +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=63 +// +kubebuilder:validation:XValidation:rule="!format.dns1035Label().validate(self).hasValue()",message="It must contain only lower-case alphanumeric characters and hyphens and must start with an alphabetic character and end with an alphanumeric character" +type APIVersionString string + +// APIVersions specifies a set of API versions of a CRD. +// +kubebuilder:validation:XValidation:rule="self.defaultSelection != 'AllServed' || !has(self.additionalVersions)",message="additionalVersions may not be defined when defaultSelection is 'AllServed'" +type APIVersions struct { + // defaultSelection specifies a method for automatically selecting a set of + // versions to require. + // + // Valid options are StorageOnly and AllServed. + // When set to StorageOnly, only the storage version is selected for + // compatibility assessment. + // When set to AllServed, all served versions are selected for compatibility + // assessment. + // + // This field is required. + // +required + DefaultSelection APIVersionSelectionType `json:"defaultSelection,omitempty"` + + // additionalVersions specifies a set api versions to require in addition to + // the default selection. It is explicitly permitted to specify a version in + // additionalVersions which was also selected by the default selection. The + // selections will be merged and deduplicated. + // + // Each item must be at most 63 characters in length, and must must consist + // of only lowercase alphanumeric characters and hyphens, and must start + // with an alphabetic character and end with an alphanumeric character.// with an alphabetic character and end with an alphanumeric character. + // At most 32 additional versions may be specified. + // + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=32 + // +listType=set + // +optional + AdditionalVersions []APIVersionString `json:"additionalVersions,omitempty"` +} + +// APIExcludedField describes a field in the schema which will not be validated by +// crdSchemaValidation or objectSchemaValidation. +type APIExcludedField struct { + // path is the path to the field in the schema. + // Paths are dot-separated field names (e.g., "fieldA.fieldB.fieldC") representing nested object fields. + // If part of the path is a slice (e.g., "status.conditions") the remaining path is applied to all items in the slice + // (e.g., "status.conditions.lastTransitionTimestamp"). + // Each field name must be a valid Kubernetes CRD field name: start with a letter, contain only + // letters, digits, and underscores, and be between 1 and 63 characters in length. + // A path may contain at most 16 fields. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=1023 + // +kubebuilder:validation:XValidation:rule="self.split('.').size() <= 16",message="There may be at most 16 fields in the path." + // +kubebuilder:validation:XValidation:rule="self.split('.', 16).all(f, f.matches('^[a-zA-Z][a-zA-Z0-9_]{0,62}$'))",message="path must be dot-separated field names, each starting with a letter and containing only letters, digits, and underscores not exceeding 63 characters. There may be at most 16 fields in the path." + // +required + Path string `json:"path,omitempty"` + + // versions are the API versions the field is excluded from. + // When not specified, the field is excluded from all versions. + // + // Each item must be at most 63 characters in length, and must must + // consist of only lowercase alphanumeric characters and hyphens, and must + // start with an alphabetic character and end with an alphanumeric + // character. + // At most 32 versions may be specified. + // + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=32 + // +listType=set + // +required + Versions []APIVersionString `json:"versions,omitempty"` +} + +// CompatibilitySchema defines the schema used by crdSchemaValidation and objectSchemaValidation. +type CompatibilitySchema struct { + // customResourceDefinition contains the complete definition of the CRD for schema and object validation purposes. + // This field is required. + // +required + CustomResourceDefinition CRDData `json:"customResourceDefinition,omitzero"` + + // requiredVersions specifies a subset of the CRD's API versions which will be asserted for compatibility. + // This field is required. + // +required + RequiredVersions APIVersions `json:"requiredVersions,omitzero"` + + // excludedFields is a set of fields in the schema which will not be validated by + // crdSchemaValidation or objectSchemaValidation. + // The list may contain at most 64 fields. + // Each path in the list must be unique. + // When not specified, all fields in the schema will be validated. + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=64 + // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, y.path == x.path))",message="each path in the list must be unique." + // +listType=atomic + // +optional + ExcludedFields []APIExcludedField `json:"excludedFields,omitempty"` +} + +// CustomResourceDefinitionSchemaValidation ensures that updates to the installed CRD are compatible with this compatibility requirement. +type CustomResourceDefinitionSchemaValidation struct { + // action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). + // Valid options are Deny and Warn. + // When set to Deny, incompatible CRDs will be rejected and not admitted to the cluster. + // When set to Warn, incompatible CRDs will be allowed but a warning will be generated in the API response. + // This field is required. + // +required + Action CRDAdmitAction `json:"action,omitempty"` +} + +// ObjectSchemaValidation ensures that matching objects conform to the compatibilitySchema. +type ObjectSchemaValidation struct { + // action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). + // Valid options are Deny and Warn. + // When set to Deny, incompatible Objects will be rejected and not admitted to the cluster. + // When set to Warn, incompatible Objects will be allowed but a warning will be generated in the API response. + // This field is required. + // +required + Action CRDAdmitAction `json:"action,omitempty"` + + // namespaceSelector defines a label selector for namespaces. If defined, + // only objects in a namespace with matching labels will be subject to + // validation. When not specified, objects for validation will not be + // filtered by namespace. + // +kubebuilder:validation:XValidation:rule="size(self.matchLabels) > 0 || size(self.matchExpressions) > 0",message="must have at least one of matchLabels or matchExpressions when specified" + // +optional + NamespaceSelector metav1.LabelSelector `json:"namespaceSelector,omitempty,omitzero"` + // objectSelector defines a label selector for objects. If defined, only + // objects with matching labels will be subject to validation. When not + // specified, objects for validation will not be filtered by label. + // +kubebuilder:validation:XValidation:rule="size(self.matchLabels) > 0 || size(self.matchExpressions) > 0",message="must have at least one of matchLabels or matchExpressions when specified" + // +optional + ObjectSelector metav1.LabelSelector `json:"objectSelector,omitempty,omitzero"` + + // matchConditions defines the matchConditions field of the resulting ValidatingWebhookConfiguration. + // When present, must contain between 1 and 64 match conditions. + // When not specified, the webhook will match all requests according to its other selectors. + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=64 + // +optional + MatchConditions []admissionregistrationv1.MatchCondition `json:"matchConditions,omitempty"` +} + +// CRDAdmitAction determines the action taken when a CRD is not compatible. +// +kubebuilder:validation:Enum=Deny;Warn +// +enum +type CRDAdmitAction string + +const ( + // CRDAdmitActionDeny means that incompatible CRDs will be rejected. + CRDAdmitActionDeny CRDAdmitAction = "Deny" + + // CRDAdmitActionWarn means that incompatible CRDs will be allowed but a warning will be generated. + CRDAdmitActionWarn CRDAdmitAction = "Warn" +) + +// CompatibilityRequirement's Progressing condition and corresponding reasons. +const ( + // CompatibilityRequirementProgressing is false if the spec has been + // completely reconciled against the condition's observed generation. + // True indicates that reconciliation is still in progress and the current status does not represent + // a stable state. Progressing false with an error reason indicates that the object cannot be reconciled. + CompatibilityRequirementProgressing string = "Progressing" + + // CompatibilityRequirementConfigurationErrorReason indicates that + // reconciliation cannot progress due to an invalid spec. The controller + // will not reconcile this object again until the spec is updated. + CompatibilityRequirementConfigurationErrorReason string = "ConfigurationError" + + // CompatibilityRequirementTransientErrorReason indicates that + // reconciliation failed due to an error that can be retried. + CompatibilityRequirementTransientErrorReason string = "TransientError" + + // CompatibilityRequirementUpToDateReason surfaces when reconciliation + // completed successfully for the condition's observed generation. + CompatibilityRequirementUpToDateReason string = "UpToDate" +) + +// CompatibilityRequirement's Admitted condition and corresponding reasons. +const ( + // CompatibilityRequirementAdmitted is true if the requirement has been configured in the validating webhook, + // otherwise false. + CompatibilityRequirementAdmitted string = "Admitted" + + // CompatibilityRequirementAdmittedReason surfaces when the requirement has been configured in the validating webhook. + CompatibilityRequirementAdmittedReason string = "Admitted" + + // CompatibilityRequirementNotAdmittedReason surfaces when the requirement has not been configured in the validating webhook. + CompatibilityRequirementNotAdmittedReason string = "NotAdmitted" +) + +// CompatibilityRequirement's Compatible condition and corresponding reasons. +const ( + // CompatibilityRequirementCompatible is true if the observed CRD is compatible with the requirement, + // otherwise false. Note that Compatible may be false when adding a new requirement which the existing + // CRD does not meet. + CompatibilityRequirementCompatible string = "Compatible" + + // CompatibilityRequirementRequirementsNotMetReason surfaces when a CRD exists, and it is not compatible with this requirement. + CompatibilityRequirementRequirementsNotMetReason string = "RequirementsNotMet" + + // CompatibilityRequirementCRDNotFoundReason surfaces when the referenced CRD does not exist. + CompatibilityRequirementCRDNotFoundReason string = "CRDNotFound" + + // CompatibilityRequirementCompatibleWithWarningsReason surfaces when the CRD exists and is compatible with this requirement, but Message contains one or more warning messages. + CompatibilityRequirementCompatibleWithWarningsReason string = "CompatibleWithWarnings" + + // CompatibilityRequirementCompatibleReason surfaces when the CRD exists and is compatible with this requirement. + CompatibilityRequirementCompatibleReason string = "Compatible" +) + +// CompatibilityRequirementStatus defines the observed status of the Compatibility Requirement. +// +kubebuilder:validation:MinProperties=1 +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.crdName) || has(self.crdName) && oldSelf.crdName == self.crdName",message="crdName cannot be changed once set" +type CompatibilityRequirementStatus struct { + // conditions is a list of conditions and their status. + // Known condition types are Progressing, Admitted, and Compatible. + // + // The Progressing condition indicates if reconciliation of a CompatibilityRequirement is still + // progressing or has finished. + // + // The Admitted condition indicates if the validating webhook has been configured. + // + // The Compatible condition indicates if the observed CRD is compatible with the requirement. + // + // +optional + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=32 + Conditions []metav1.Condition `json:"conditions,omitempty"` + + // observedCRD documents the uid and generation of the CRD object when the current status was written. + // This field will be omitted if the target CRD does not exist or could not be retrieved. + // +optional + ObservedCRD ObservedCRD `json:"observedCRD,omitzero"` + + // crdName is the name of the target CRD. The target CRD is not required to + // exist, as we may legitimately place requirements on it before it is + // created. The observed CRD is given in status.observedCRD, which will be + // empty if no CRD is observed. + // When present, must be between 1 and 253 characters and conform to RFC 1123 subdomain format: + // lowercase alphanumeric characters, '-' or '.', starting and ending with alphanumeric characters. + // When not specified, the requirement applies to any CRD name discovered from the compatibility schema. + // This field is optional. Once set, the value cannot be changed and must always remain set. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." + // +optional + CRDName string `json:"crdName,omitempty"` +} + +// ObservedCRD contains information about the observed target CRD. +// +kubebuilder:validation:XValidation:rule="oldSelf.uid != self.uid || self.generation >= oldSelf.generation",message="generation may only increase on the same CRD" +type ObservedCRD struct { + // uid is the uid of the observed CRD. + // Must be a valid UUID consisting of lowercase hexadecimal digits in 5 hyphenated blocks (8-4-4-4-12 format). + // Length must be between 1 and 36 characters. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=36 + // +kubebuilder:validation:Format=uuid + // +required + UID string `json:"uid,omitempty"` + + // generation is the observed generation of the CRD. + // Must be a positive integer (minimum value of 1). + // +kubebuilder:validation:Minimum=1 + // +required + Generation int64 `json:"generation,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// CompatibilityRequirementList is a collection of CompatibilityRequirements. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type CompatibilityRequirementList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metav1.ListMeta `json:"metadata,omitzero"` + + // items is a list of CompatibilityRequirements. + // +kubebuilder:validation:MaxItems=1000 + // +optional + Items []CompatibilityRequirement `json:"items,omitempty"` +} diff --git a/apiextensions/v1/zz_generated.crd-manifests/0000_20_crd-compatibility-checker_01_compatibilityrequirements.crd.yaml b/apiextensions/v1/zz_generated.crd-manifests/0000_20_crd-compatibility-checker_01_compatibilityrequirements.crd.yaml new file mode 100644 index 00000000000..2e0218565cd --- /dev/null +++ b/apiextensions/v1/zz_generated.crd-manifests/0000_20_crd-compatibility-checker_01_compatibilityrequirements.crd.yaml @@ -0,0 +1,1067 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/2479 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-gate: CRDCompatibilityRequirementOperator + name: compatibilityrequirements.apiextensions.openshift.io +spec: + group: apiextensions.openshift.io + names: + kind: CompatibilityRequirement + listKind: CompatibilityRequirementList + plural: compatibilityrequirements + singular: compatibilityrequirement + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + CompatibilityRequirement expresses a set of requirements on a target CRD. + It is used to ensure compatibility between different actors using the same + CRD. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Compatibility Requirement. + properties: + compatibilitySchema: + description: |- + compatibilitySchema defines the schema used by + customResourceDefinitionSchemaValidation and objectSchemaValidation. + This field is required. + properties: + customResourceDefinition: + description: |- + customResourceDefinition contains the complete definition of the CRD for schema and object validation purposes. + This field is required. + properties: + data: + description: |- + data contains the complete definition of the CRD. This field must be in + the format specified by the type field. It may not be longer than 1572864 + characters. + This field is required. + maxLength: 1572864 + minLength: 1 + type: string + type: + description: |- + type indicates the type of the CRD data. The only supported type is "YAML". + This field is required. + enum: + - YAML + type: string + required: + - data + - type + type: object + excludedFields: + description: |- + excludedFields is a set of fields in the schema which will not be validated by + crdSchemaValidation or objectSchemaValidation. + The list may contain at most 64 fields. + Each path in the list must be unique. + When not specified, all fields in the schema will be validated. + items: + description: |- + APIExcludedField describes a field in the schema which will not be validated by + crdSchemaValidation or objectSchemaValidation. + properties: + path: + description: |- + path is the path to the field in the schema. + Paths are dot-separated field names (e.g., "fieldA.fieldB.fieldC") representing nested object fields. + If part of the path is a slice (e.g., "status.conditions") the remaining path is applied to all items in the slice + (e.g., "status.conditions.lastTransitionTimestamp"). + Each field name must be a valid Kubernetes CRD field name: start with a letter, contain only + letters, digits, and underscores, and be between 1 and 63 characters in length. + A path may contain at most 16 fields. + maxLength: 1023 + minLength: 1 + type: string + x-kubernetes-validations: + - message: There may be at most 16 fields in the path. + rule: self.split('.').size() <= 16 + - message: path must be dot-separated field names, each + starting with a letter and containing only letters, + digits, and underscores not exceeding 63 characters. + There may be at most 16 fields in the path. + rule: self.split('.', 16).all(f, f.matches('^[a-zA-Z][a-zA-Z0-9_]{0,62}$')) + versions: + description: |- + versions are the API versions the field is excluded from. + When not specified, the field is excluded from all versions. + + Each item must be at most 63 characters in length, and must must + consist of only lowercase alphanumeric characters and hyphens, and must + start with an alphabetic character and end with an alphanumeric + character. + At most 32 versions may be specified. + items: + description: APIVersionString is a string representing + a kubernetes API version. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: It must contain only lower-case alphanumeric + characters and hyphens and must start with an alphabetic + character and end with an alphanumeric character + rule: '!format.dns1035Label().validate(self).hasValue()' + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - path + - versions + type: object + maxItems: 64 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: each path in the list must be unique. + rule: self.all(x, self.exists_one(y, y.path == x.path)) + requiredVersions: + description: |- + requiredVersions specifies a subset of the CRD's API versions which will be asserted for compatibility. + This field is required. + properties: + additionalVersions: + description: |- + additionalVersions specifies a set api versions to require in addition to + the default selection. It is explicitly permitted to specify a version in + additionalVersions which was also selected by the default selection. The + selections will be merged and deduplicated. + + Each item must be at most 63 characters in length, and must must consist + of only lowercase alphanumeric characters and hyphens, and must start + with an alphabetic character and end with an alphanumeric character.// with an alphabetic character and end with an alphanumeric character. + At most 32 additional versions may be specified. + items: + description: APIVersionString is a string representing a + kubernetes API version. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: It must contain only lower-case alphanumeric + characters and hyphens and must start with an alphabetic + character and end with an alphanumeric character + rule: '!format.dns1035Label().validate(self).hasValue()' + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-type: set + defaultSelection: + description: |- + defaultSelection specifies a method for automatically selecting a set of + versions to require. + + Valid options are StorageOnly and AllServed. + When set to StorageOnly, only the storage version is selected for + compatibility assessment. + When set to AllServed, all served versions are selected for compatibility + assessment. + + This field is required. + enum: + - StorageOnly + - AllServed + type: string + required: + - defaultSelection + type: object + x-kubernetes-validations: + - message: additionalVersions may not be defined when defaultSelection + is 'AllServed' + rule: self.defaultSelection != 'AllServed' || !has(self.additionalVersions) + required: + - customResourceDefinition + - requiredVersions + type: object + customResourceDefinitionSchemaValidation: + description: |- + customResourceDefinitionSchemaValidation ensures that updates to the + installed CRD are compatible with this compatibility requirement. If not + specified, admission of the target CRD will not be validated. + This field is optional. + properties: + action: + description: |- + action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). + Valid options are Deny and Warn. + When set to Deny, incompatible CRDs will be rejected and not admitted to the cluster. + When set to Warn, incompatible CRDs will be allowed but a warning will be generated in the API response. + This field is required. + enum: + - Deny + - Warn + type: string + required: + - action + type: object + objectSchemaValidation: + description: |- + objectSchemaValidation ensures that matching resources conform to + compatibilitySchema. If not specified, admission of matching resources + will not be validated. + This field is optional. + properties: + action: + description: |- + action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). + Valid options are Deny and Warn. + When set to Deny, incompatible Objects will be rejected and not admitted to the cluster. + When set to Warn, incompatible Objects will be allowed but a warning will be generated in the API response. + This field is required. + enum: + - Deny + - Warn + type: string + matchConditions: + description: |- + matchConditions defines the matchConditions field of the resulting ValidatingWebhookConfiguration. + When present, must contain between 1 and 64 match conditions. + When not specified, the webhook will match all requests according to its other selectors. + items: + description: MatchCondition represents a condition which must + by fulfilled for a request to be sent to a webhook. + properties: + expression: + description: |- + Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. + CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables: + + 'object' - The object from the incoming request. The value is null for DELETE requests. + 'oldObject' - The existing object. The value is null for CREATE requests. + 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). + 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request. + See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz + 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the + request resource. + Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ + + Required. + type: string + name: + description: |- + Name is an identifier for this match condition, used for strategic merging of MatchConditions, + as well as providing an identifier for logging purposes. A good name should be descriptive of + the associated expression. + Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and + must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or + '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an + optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName') + + Required. + type: string + required: + - expression + - name + type: object + maxItems: 64 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + namespaceSelector: + description: |- + namespaceSelector defines a label selector for namespaces. If defined, + only objects in a namespace with matching labels will be subject to + validation. When not specified, objects for validation will not be + filtered by namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + x-kubernetes-validations: + - message: must have at least one of matchLabels or matchExpressions + when specified + rule: size(self.matchLabels) > 0 || size(self.matchExpressions) + > 0 + objectSelector: + description: |- + objectSelector defines a label selector for objects. If defined, only + objects with matching labels will be subject to validation. When not + specified, objects for validation will not be filtered by label. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + x-kubernetes-validations: + - message: must have at least one of matchLabels or matchExpressions + when specified + rule: size(self.matchLabels) > 0 || size(self.matchExpressions) + > 0 + required: + - action + type: object + required: + - compatibilitySchema + type: object + status: + description: status is the most recently observed status of the Compatibility + Requirement. + minProperties: 1 + properties: + conditions: + description: |- + conditions is a list of conditions and their status. + Known condition types are Progressing, Admitted, and Compatible. + + The Progressing condition indicates if reconciliation of a CompatibilityRequirement is still + progressing or has finished. + + The Admitted condition indicates if the validating webhook has been configured. + + The Compatible condition indicates if the observed CRD is compatible with the requirement. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + crdName: + description: |- + crdName is the name of the target CRD. The target CRD is not required to + exist, as we may legitimately place requirements on it before it is + created. The observed CRD is given in status.observedCRD, which will be + empty if no CRD is observed. + When present, must be between 1 and 253 characters and conform to RFC 1123 subdomain format: + lowercase alphanumeric characters, '-' or '.', starting and ending with alphanumeric characters. + When not specified, the requirement applies to any CRD name discovered from the compatibility schema. + This field is optional. Once set, the value cannot be changed and must always remain set. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: a lowercase RFC 1123 subdomain must consist of lower case + alphanumeric characters, '-' or '.', and must start and end with + an alphanumeric character. + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + observedCRD: + description: |- + observedCRD documents the uid and generation of the CRD object when the current status was written. + This field will be omitted if the target CRD does not exist or could not be retrieved. + properties: + generation: + description: |- + generation is the observed generation of the CRD. + Must be a positive integer (minimum value of 1). + format: int64 + minimum: 1 + type: integer + uid: + description: |- + uid is the uid of the observed CRD. + Must be a valid UUID consisting of lowercase hexadecimal digits in 5 hyphenated blocks (8-4-4-4-12 format). + Length must be between 1 and 36 characters. + format: uuid + maxLength: 36 + minLength: 1 + type: string + required: + - generation + - uid + type: object + x-kubernetes-validations: + - message: generation may only increase on the same CRD + rule: oldSelf.uid != self.uid || self.generation >= oldSelf.generation + type: object + x-kubernetes-validations: + - message: crdName cannot be changed once set + rule: '!has(oldSelf.crdName) || has(self.crdName) && oldSelf.crdName + == self.crdName' + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + CompatibilityRequirement expresses a set of requirements on a target CRD. + It is used to ensure compatibility between different actors using the same + CRD. + + Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Compatibility Requirement. + properties: + compatibilitySchema: + description: |- + compatibilitySchema defines the schema used by + customResourceDefinitionSchemaValidation and objectSchemaValidation. + This field is required. + properties: + customResourceDefinition: + description: |- + customResourceDefinition contains the complete definition of the CRD for schema and object validation purposes. + This field is required. + properties: + data: + description: |- + data contains the complete definition of the CRD. This field must be in + the format specified by the type field. It may not be longer than 1572864 + characters. + This field is required. + maxLength: 1572864 + minLength: 1 + type: string + type: + description: |- + type indicates the type of the CRD data. The only supported type is "YAML". + This field is required. + enum: + - YAML + type: string + required: + - data + - type + type: object + excludedFields: + description: |- + excludedFields is a set of fields in the schema which will not be validated by + crdSchemaValidation or objectSchemaValidation. + The list may contain at most 64 fields. + Each path in the list must be unique. + When not specified, all fields in the schema will be validated. + items: + description: |- + APIExcludedField describes a field in the schema which will not be validated by + crdSchemaValidation or objectSchemaValidation. + properties: + path: + description: |- + path is the path to the field in the schema. + Paths are dot-separated field names (e.g., "fieldA.fieldB.fieldC") representing nested object fields. + If part of the path is a slice (e.g., "status.conditions") the remaining path is applied to all items in the slice + (e.g., "status.conditions.lastTransitionTimestamp"). + Each field name must be a valid Kubernetes CRD field name: start with a letter, contain only + letters, digits, and underscores, and be between 1 and 63 characters in length. + A path may contain at most 16 fields. + maxLength: 1023 + minLength: 1 + type: string + x-kubernetes-validations: + - message: There may be at most 16 fields in the path. + rule: self.split('.').size() <= 16 + - message: path must be dot-separated field names, each + starting with a letter and containing only letters, + digits, and underscores not exceeding 63 characters. + There may be at most 16 fields in the path. + rule: self.split('.', 16).all(f, f.matches('^[a-zA-Z][a-zA-Z0-9_]{0,62}$')) + versions: + description: |- + versions are the API versions the field is excluded from. + When not specified, the field is excluded from all versions. + + Each item must be at most 63 characters in length, and must must + consist of only lowercase alphanumeric characters and hyphens, and must + start with an alphabetic character and end with an alphanumeric + character. + At most 32 versions may be specified. + items: + description: APIVersionString is a string representing + a kubernetes API version. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: It must contain only lower-case alphanumeric + characters and hyphens and must start with an alphabetic + character and end with an alphanumeric character + rule: '!format.dns1035Label().validate(self).hasValue()' + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - path + - versions + type: object + maxItems: 64 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: each path in the list must be unique. + rule: self.all(x, self.exists_one(y, y.path == x.path)) + requiredVersions: + description: |- + requiredVersions specifies a subset of the CRD's API versions which will be asserted for compatibility. + This field is required. + properties: + additionalVersions: + description: |- + additionalVersions specifies a set api versions to require in addition to + the default selection. It is explicitly permitted to specify a version in + additionalVersions which was also selected by the default selection. The + selections will be merged and deduplicated. + + Each item must be at most 63 characters in length, and must must consist + of only lowercase alphanumeric characters and hyphens, and must start + with an alphabetic character and end with an alphanumeric character.// with an alphabetic character and end with an alphanumeric character. + At most 32 additional versions may be specified. + items: + description: APIVersionString is a string representing a + kubernetes API version. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: It must contain only lower-case alphanumeric + characters and hyphens and must start with an alphabetic + character and end with an alphanumeric character + rule: '!format.dns1035Label().validate(self).hasValue()' + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-type: set + defaultSelection: + description: |- + defaultSelection specifies a method for automatically selecting a set of + versions to require. + + Valid options are StorageOnly and AllServed. + When set to StorageOnly, only the storage version is selected for + compatibility assessment. + When set to AllServed, all served versions are selected for compatibility + assessment. + + This field is required. + enum: + - StorageOnly + - AllServed + type: string + required: + - defaultSelection + type: object + x-kubernetes-validations: + - message: additionalVersions may not be defined when defaultSelection + is 'AllServed' + rule: self.defaultSelection != 'AllServed' || !has(self.additionalVersions) + required: + - customResourceDefinition + - requiredVersions + type: object + customResourceDefinitionSchemaValidation: + description: |- + customResourceDefinitionSchemaValidation ensures that updates to the + installed CRD are compatible with this compatibility requirement. If not + specified, admission of the target CRD will not be validated. + This field is optional. + properties: + action: + description: |- + action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). + Valid options are Deny and Warn. + When set to Deny, incompatible CRDs will be rejected and not admitted to the cluster. + When set to Warn, incompatible CRDs will be allowed but a warning will be generated in the API response. + This field is required. + enum: + - Deny + - Warn + type: string + required: + - action + type: object + objectSchemaValidation: + description: |- + objectSchemaValidation ensures that matching resources conform to + compatibilitySchema. If not specified, admission of matching resources + will not be validated. + This field is optional. + properties: + action: + description: |- + action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). + Valid options are Deny and Warn. + When set to Deny, incompatible Objects will be rejected and not admitted to the cluster. + When set to Warn, incompatible Objects will be allowed but a warning will be generated in the API response. + This field is required. + enum: + - Deny + - Warn + type: string + matchConditions: + description: |- + matchConditions defines the matchConditions field of the resulting ValidatingWebhookConfiguration. + When present, must contain between 1 and 64 match conditions. + When not specified, the webhook will match all requests according to its other selectors. + items: + description: MatchCondition represents a condition which must + by fulfilled for a request to be sent to a webhook. + properties: + expression: + description: |- + Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. + CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables: + + 'object' - The object from the incoming request. The value is null for DELETE requests. + 'oldObject' - The existing object. The value is null for CREATE requests. + 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). + 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request. + See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz + 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the + request resource. + Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ + + Required. + type: string + name: + description: |- + Name is an identifier for this match condition, used for strategic merging of MatchConditions, + as well as providing an identifier for logging purposes. A good name should be descriptive of + the associated expression. + Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and + must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or + '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an + optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName') + + Required. + type: string + required: + - expression + - name + type: object + maxItems: 64 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + namespaceSelector: + description: |- + namespaceSelector defines a label selector for namespaces. If defined, + only objects in a namespace with matching labels will be subject to + validation. When not specified, objects for validation will not be + filtered by namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + x-kubernetes-validations: + - message: must have at least one of matchLabels or matchExpressions + when specified + rule: size(self.matchLabels) > 0 || size(self.matchExpressions) + > 0 + objectSelector: + description: |- + objectSelector defines a label selector for objects. If defined, only + objects with matching labels will be subject to validation. When not + specified, objects for validation will not be filtered by label. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + x-kubernetes-validations: + - message: must have at least one of matchLabels or matchExpressions + when specified + rule: size(self.matchLabels) > 0 || size(self.matchExpressions) + > 0 + required: + - action + type: object + required: + - compatibilitySchema + type: object + status: + description: status is the most recently observed status of the Compatibility + Requirement. + minProperties: 1 + properties: + conditions: + description: |- + conditions is a list of conditions and their status. + Known condition types are Progressing, Admitted, and Compatible. + + The Progressing condition indicates if reconciliation of a CompatibilityRequirement is still + progressing or has finished. + + The Admitted condition indicates if the validating webhook has been configured. + + The Compatible condition indicates if the observed CRD is compatible with the requirement. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + crdName: + description: |- + crdName is the name of the target CRD. The target CRD is not required to + exist, as we may legitimately place requirements on it before it is + created. The observed CRD is given in status.observedCRD, which will be + empty if no CRD is observed. + When present, must be between 1 and 253 characters and conform to RFC 1123 subdomain format: + lowercase alphanumeric characters, '-' or '.', starting and ending with alphanumeric characters. + When not specified, the requirement applies to any CRD name discovered from the compatibility schema. + This field is optional. Once set, the value cannot be changed and must always remain set. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: a lowercase RFC 1123 subdomain must consist of lower case + alphanumeric characters, '-' or '.', and must start and end with + an alphanumeric character. + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + observedCRD: + description: |- + observedCRD documents the uid and generation of the CRD object when the current status was written. + This field will be omitted if the target CRD does not exist or could not be retrieved. + properties: + generation: + description: |- + generation is the observed generation of the CRD. + Must be a positive integer (minimum value of 1). + format: int64 + minimum: 1 + type: integer + uid: + description: |- + uid is the uid of the observed CRD. + Must be a valid UUID consisting of lowercase hexadecimal digits in 5 hyphenated blocks (8-4-4-4-12 format). + Length must be between 1 and 36 characters. + format: uuid + maxLength: 36 + minLength: 1 + type: string + required: + - generation + - uid + type: object + x-kubernetes-validations: + - message: generation may only increase on the same CRD + rule: oldSelf.uid != self.uid || self.generation >= oldSelf.generation + type: object + x-kubernetes-validations: + - message: crdName cannot be changed once set + rule: '!has(oldSelf.crdName) || has(self.crdName) && oldSelf.crdName + == self.crdName' + required: + - metadata + - spec + type: object + served: true + storage: false + subresources: + status: {} diff --git a/apiextensions/v1/zz_generated.crd-manifests/doc.go b/apiextensions/v1/zz_generated.crd-manifests/doc.go new file mode 100644 index 00000000000..480a824458a --- /dev/null +++ b/apiextensions/v1/zz_generated.crd-manifests/doc.go @@ -0,0 +1 @@ +package apiextensions_v1_crdmanifests diff --git a/apiextensions/v1/zz_generated.deepcopy.go b/apiextensions/v1/zz_generated.deepcopy.go new file mode 100644 index 00000000000..d8875d1e10e --- /dev/null +++ b/apiextensions/v1/zz_generated.deepcopy.go @@ -0,0 +1,254 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +// Code generated by codegen. DO NOT EDIT. + +package v1 + +import ( + admissionregistrationv1 "k8s.io/api/admissionregistration/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *APIExcludedField) DeepCopyInto(out *APIExcludedField) { + *out = *in + if in.Versions != nil { + in, out := &in.Versions, &out.Versions + *out = make([]APIVersionString, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIExcludedField. +func (in *APIExcludedField) DeepCopy() *APIExcludedField { + if in == nil { + return nil + } + out := new(APIExcludedField) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *APIVersions) DeepCopyInto(out *APIVersions) { + *out = *in + if in.AdditionalVersions != nil { + in, out := &in.AdditionalVersions, &out.AdditionalVersions + *out = make([]APIVersionString, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIVersions. +func (in *APIVersions) DeepCopy() *APIVersions { + if in == nil { + return nil + } + out := new(APIVersions) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CRDData) DeepCopyInto(out *CRDData) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CRDData. +func (in *CRDData) DeepCopy() *CRDData { + if in == nil { + return nil + } + out := new(CRDData) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CompatibilityRequirement) DeepCopyInto(out *CompatibilityRequirement) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CompatibilityRequirement. +func (in *CompatibilityRequirement) DeepCopy() *CompatibilityRequirement { + if in == nil { + return nil + } + out := new(CompatibilityRequirement) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CompatibilityRequirement) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CompatibilityRequirementList) DeepCopyInto(out *CompatibilityRequirementList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]CompatibilityRequirement, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CompatibilityRequirementList. +func (in *CompatibilityRequirementList) DeepCopy() *CompatibilityRequirementList { + if in == nil { + return nil + } + out := new(CompatibilityRequirementList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CompatibilityRequirementList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CompatibilityRequirementSpec) DeepCopyInto(out *CompatibilityRequirementSpec) { + *out = *in + in.CompatibilitySchema.DeepCopyInto(&out.CompatibilitySchema) + out.CustomResourceDefinitionSchemaValidation = in.CustomResourceDefinitionSchemaValidation + in.ObjectSchemaValidation.DeepCopyInto(&out.ObjectSchemaValidation) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CompatibilityRequirementSpec. +func (in *CompatibilityRequirementSpec) DeepCopy() *CompatibilityRequirementSpec { + if in == nil { + return nil + } + out := new(CompatibilityRequirementSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CompatibilityRequirementStatus) DeepCopyInto(out *CompatibilityRequirementStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + out.ObservedCRD = in.ObservedCRD + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CompatibilityRequirementStatus. +func (in *CompatibilityRequirementStatus) DeepCopy() *CompatibilityRequirementStatus { + if in == nil { + return nil + } + out := new(CompatibilityRequirementStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CompatibilitySchema) DeepCopyInto(out *CompatibilitySchema) { + *out = *in + out.CustomResourceDefinition = in.CustomResourceDefinition + in.RequiredVersions.DeepCopyInto(&out.RequiredVersions) + if in.ExcludedFields != nil { + in, out := &in.ExcludedFields, &out.ExcludedFields + *out = make([]APIExcludedField, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CompatibilitySchema. +func (in *CompatibilitySchema) DeepCopy() *CompatibilitySchema { + if in == nil { + return nil + } + out := new(CompatibilitySchema) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomResourceDefinitionSchemaValidation) DeepCopyInto(out *CustomResourceDefinitionSchemaValidation) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomResourceDefinitionSchemaValidation. +func (in *CustomResourceDefinitionSchemaValidation) DeepCopy() *CustomResourceDefinitionSchemaValidation { + if in == nil { + return nil + } + out := new(CustomResourceDefinitionSchemaValidation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ObjectSchemaValidation) DeepCopyInto(out *ObjectSchemaValidation) { + *out = *in + in.NamespaceSelector.DeepCopyInto(&out.NamespaceSelector) + in.ObjectSelector.DeepCopyInto(&out.ObjectSelector) + if in.MatchConditions != nil { + in, out := &in.MatchConditions, &out.MatchConditions + *out = make([]admissionregistrationv1.MatchCondition, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectSchemaValidation. +func (in *ObjectSchemaValidation) DeepCopy() *ObjectSchemaValidation { + if in == nil { + return nil + } + out := new(ObjectSchemaValidation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ObservedCRD) DeepCopyInto(out *ObservedCRD) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObservedCRD. +func (in *ObservedCRD) DeepCopy() *ObservedCRD { + if in == nil { + return nil + } + out := new(ObservedCRD) + in.DeepCopyInto(out) + return out +} diff --git a/apiextensions/v1/zz_generated.featuregated-crd-manifests.yaml b/apiextensions/v1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 00000000000..d9a8e36dd50 --- /dev/null +++ b/apiextensions/v1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,24 @@ +compatibilityrequirements.apiextensions.openshift.io: + Annotations: + release.openshift.io/feature-gate: CRDCompatibilityRequirementOperator + ApprovedPRNumber: https://github.com/openshift/api/pull/2479 + CRDName: compatibilityrequirements.apiextensions.openshift.io + Capability: "" + Category: "" + FeatureGates: + - CRDCompatibilityRequirementOperator + FilenameOperatorName: crd-compatibility-checker + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_20" + GroupName: apiextensions.openshift.io + HasStatus: true + KindName: CompatibilityRequirement + Labels: {} + PluralName: compatibilityrequirements + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: + - CRDCompatibilityRequirementOperator + Version: v1 + diff --git a/apiextensions/v1/zz_generated.featuregated-crd-manifests/compatibilityrequirements.apiextensions.openshift.io/CRDCompatibilityRequirementOperator.yaml b/apiextensions/v1/zz_generated.featuregated-crd-manifests/compatibilityrequirements.apiextensions.openshift.io/CRDCompatibilityRequirementOperator.yaml new file mode 100644 index 00000000000..248d0c0e558 --- /dev/null +++ b/apiextensions/v1/zz_generated.featuregated-crd-manifests/compatibilityrequirements.apiextensions.openshift.io/CRDCompatibilityRequirementOperator.yaml @@ -0,0 +1,544 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/2479 + api.openshift.io/filename-cvo-runlevel: "0000_20" + api.openshift.io/filename-operator: crd-compatibility-checker + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/CRDCompatibilityRequirementOperator: "true" + release.openshift.io/feature-gate: CRDCompatibilityRequirementOperator + name: compatibilityrequirements.apiextensions.openshift.io +spec: + group: apiextensions.openshift.io + names: + kind: CompatibilityRequirement + listKind: CompatibilityRequirementList + plural: compatibilityrequirements + singular: compatibilityrequirement + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + CompatibilityRequirement expresses a set of requirements on a target CRD. + It is used to ensure compatibility between different actors using the same + CRD. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Compatibility Requirement. + properties: + compatibilitySchema: + description: |- + compatibilitySchema defines the schema used by + customResourceDefinitionSchemaValidation and objectSchemaValidation. + This field is required. + properties: + customResourceDefinition: + description: |- + customResourceDefinition contains the complete definition of the CRD for schema and object validation purposes. + This field is required. + properties: + data: + description: |- + data contains the complete definition of the CRD. This field must be in + the format specified by the type field. It may not be longer than 1572864 + characters. + This field is required. + maxLength: 1572864 + minLength: 1 + type: string + type: + description: |- + type indicates the type of the CRD data. The only supported type is "YAML". + This field is required. + enum: + - YAML + type: string + required: + - data + - type + type: object + excludedFields: + description: |- + excludedFields is a set of fields in the schema which will not be validated by + crdSchemaValidation or objectSchemaValidation. + The list may contain at most 64 fields. + Each path in the list must be unique. + When not specified, all fields in the schema will be validated. + items: + description: |- + APIExcludedField describes a field in the schema which will not be validated by + crdSchemaValidation or objectSchemaValidation. + properties: + path: + description: |- + path is the path to the field in the schema. + Paths are dot-separated field names (e.g., "fieldA.fieldB.fieldC") representing nested object fields. + If part of the path is a slice (e.g., "status.conditions") the remaining path is applied to all items in the slice + (e.g., "status.conditions.lastTransitionTimestamp"). + Each field name must be a valid Kubernetes CRD field name: start with a letter, contain only + letters, digits, and underscores, and be between 1 and 63 characters in length. + A path may contain at most 16 fields. + maxLength: 1023 + minLength: 1 + type: string + x-kubernetes-validations: + - message: There may be at most 16 fields in the path. + rule: self.split('.').size() <= 16 + - message: path must be dot-separated field names, each + starting with a letter and containing only letters, + digits, and underscores not exceeding 63 characters. + There may be at most 16 fields in the path. + rule: self.split('.', 16).all(f, f.matches('^[a-zA-Z][a-zA-Z0-9_]{0,62}$')) + versions: + description: |- + versions are the API versions the field is excluded from. + When not specified, the field is excluded from all versions. + + Each item must be at most 63 characters in length, and must must + consist of only lowercase alphanumeric characters and hyphens, and must + start with an alphabetic character and end with an alphanumeric + character. + At most 32 versions may be specified. + items: + description: APIVersionString is a string representing + a kubernetes API version. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: It must contain only lower-case alphanumeric + characters and hyphens and must start with an alphabetic + character and end with an alphanumeric character + rule: '!format.dns1035Label().validate(self).hasValue()' + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - path + - versions + type: object + maxItems: 64 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: each path in the list must be unique. + rule: self.all(x, self.exists_one(y, y.path == x.path)) + requiredVersions: + description: |- + requiredVersions specifies a subset of the CRD's API versions which will be asserted for compatibility. + This field is required. + properties: + additionalVersions: + description: |- + additionalVersions specifies a set api versions to require in addition to + the default selection. It is explicitly permitted to specify a version in + additionalVersions which was also selected by the default selection. The + selections will be merged and deduplicated. + + Each item must be at most 63 characters in length, and must must consist + of only lowercase alphanumeric characters and hyphens, and must start + with an alphabetic character and end with an alphanumeric character.// with an alphabetic character and end with an alphanumeric character. + At most 32 additional versions may be specified. + items: + description: APIVersionString is a string representing a + kubernetes API version. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: It must contain only lower-case alphanumeric + characters and hyphens and must start with an alphabetic + character and end with an alphanumeric character + rule: '!format.dns1035Label().validate(self).hasValue()' + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-type: set + defaultSelection: + description: |- + defaultSelection specifies a method for automatically selecting a set of + versions to require. + + Valid options are StorageOnly and AllServed. + When set to StorageOnly, only the storage version is selected for + compatibility assessment. + When set to AllServed, all served versions are selected for compatibility + assessment. + + This field is required. + enum: + - StorageOnly + - AllServed + type: string + required: + - defaultSelection + type: object + x-kubernetes-validations: + - message: additionalVersions may not be defined when defaultSelection + is 'AllServed' + rule: self.defaultSelection != 'AllServed' || !has(self.additionalVersions) + required: + - customResourceDefinition + - requiredVersions + type: object + customResourceDefinitionSchemaValidation: + description: |- + customResourceDefinitionSchemaValidation ensures that updates to the + installed CRD are compatible with this compatibility requirement. If not + specified, admission of the target CRD will not be validated. + This field is optional. + properties: + action: + description: |- + action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). + Valid options are Deny and Warn. + When set to Deny, incompatible CRDs will be rejected and not admitted to the cluster. + When set to Warn, incompatible CRDs will be allowed but a warning will be generated in the API response. + This field is required. + enum: + - Deny + - Warn + type: string + required: + - action + type: object + objectSchemaValidation: + description: |- + objectSchemaValidation ensures that matching resources conform to + compatibilitySchema. If not specified, admission of matching resources + will not be validated. + This field is optional. + properties: + action: + description: |- + action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). + Valid options are Deny and Warn. + When set to Deny, incompatible Objects will be rejected and not admitted to the cluster. + When set to Warn, incompatible Objects will be allowed but a warning will be generated in the API response. + This field is required. + enum: + - Deny + - Warn + type: string + matchConditions: + description: |- + matchConditions defines the matchConditions field of the resulting ValidatingWebhookConfiguration. + When present, must contain between 1 and 64 match conditions. + When not specified, the webhook will match all requests according to its other selectors. + items: + description: MatchCondition represents a condition which must + by fulfilled for a request to be sent to a webhook. + properties: + expression: + description: |- + Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. + CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables: + + 'object' - The object from the incoming request. The value is null for DELETE requests. + 'oldObject' - The existing object. The value is null for CREATE requests. + 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). + 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request. + See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz + 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the + request resource. + Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ + + Required. + type: string + name: + description: |- + Name is an identifier for this match condition, used for strategic merging of MatchConditions, + as well as providing an identifier for logging purposes. A good name should be descriptive of + the associated expression. + Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and + must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or + '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an + optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName') + + Required. + type: string + required: + - expression + - name + type: object + maxItems: 64 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + namespaceSelector: + description: |- + namespaceSelector defines a label selector for namespaces. If defined, + only objects in a namespace with matching labels will be subject to + validation. When not specified, objects for validation will not be + filtered by namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + x-kubernetes-validations: + - message: must have at least one of matchLabels or matchExpressions + when specified + rule: size(self.matchLabels) > 0 || size(self.matchExpressions) + > 0 + objectSelector: + description: |- + objectSelector defines a label selector for objects. If defined, only + objects with matching labels will be subject to validation. When not + specified, objects for validation will not be filtered by label. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + x-kubernetes-validations: + - message: must have at least one of matchLabels or matchExpressions + when specified + rule: size(self.matchLabels) > 0 || size(self.matchExpressions) + > 0 + required: + - action + type: object + required: + - compatibilitySchema + type: object + status: + description: status is the most recently observed status of the Compatibility + Requirement. + minProperties: 1 + properties: + conditions: + description: |- + conditions is a list of conditions and their status. + Known condition types are Progressing, Admitted, and Compatible. + + The Progressing condition indicates if reconciliation of a CompatibilityRequirement is still + progressing or has finished. + + The Admitted condition indicates if the validating webhook has been configured. + + The Compatible condition indicates if the observed CRD is compatible with the requirement. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + crdName: + description: |- + crdName is the name of the target CRD. The target CRD is not required to + exist, as we may legitimately place requirements on it before it is + created. The observed CRD is given in status.observedCRD, which will be + empty if no CRD is observed. + When present, must be between 1 and 253 characters and conform to RFC 1123 subdomain format: + lowercase alphanumeric characters, '-' or '.', starting and ending with alphanumeric characters. + When not specified, the requirement applies to any CRD name discovered from the compatibility schema. + This field is optional. Once set, the value cannot be changed and must always remain set. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: a lowercase RFC 1123 subdomain must consist of lower case + alphanumeric characters, '-' or '.', and must start and end with + an alphanumeric character. + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + observedCRD: + description: |- + observedCRD documents the uid and generation of the CRD object when the current status was written. + This field will be omitted if the target CRD does not exist or could not be retrieved. + properties: + generation: + description: |- + generation is the observed generation of the CRD. + Must be a positive integer (minimum value of 1). + format: int64 + minimum: 1 + type: integer + uid: + description: |- + uid is the uid of the observed CRD. + Must be a valid UUID consisting of lowercase hexadecimal digits in 5 hyphenated blocks (8-4-4-4-12 format). + Length must be between 1 and 36 characters. + format: uuid + maxLength: 36 + minLength: 1 + type: string + required: + - generation + - uid + type: object + x-kubernetes-validations: + - message: generation may only increase on the same CRD + rule: oldSelf.uid != self.uid || self.generation >= oldSelf.generation + type: object + x-kubernetes-validations: + - message: crdName cannot be changed once set + rule: '!has(oldSelf.crdName) || has(self.crdName) && oldSelf.crdName + == self.crdName' + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/apiextensions/v1/zz_generated.model_name.go b/apiextensions/v1/zz_generated.model_name.go new file mode 100644 index 00000000000..13d9de15931 --- /dev/null +++ b/apiextensions/v1/zz_generated.model_name.go @@ -0,0 +1,61 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +// Code generated by codegen. DO NOT EDIT. + +package v1 + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in APIExcludedField) OpenAPIModelName() string { + return "com.github.openshift.api.apiextensions.v1.APIExcludedField" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in APIVersions) OpenAPIModelName() string { + return "com.github.openshift.api.apiextensions.v1.APIVersions" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CRDData) OpenAPIModelName() string { + return "com.github.openshift.api.apiextensions.v1.CRDData" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CompatibilityRequirement) OpenAPIModelName() string { + return "com.github.openshift.api.apiextensions.v1.CompatibilityRequirement" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CompatibilityRequirementList) OpenAPIModelName() string { + return "com.github.openshift.api.apiextensions.v1.CompatibilityRequirementList" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CompatibilityRequirementSpec) OpenAPIModelName() string { + return "com.github.openshift.api.apiextensions.v1.CompatibilityRequirementSpec" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CompatibilityRequirementStatus) OpenAPIModelName() string { + return "com.github.openshift.api.apiextensions.v1.CompatibilityRequirementStatus" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CompatibilitySchema) OpenAPIModelName() string { + return "com.github.openshift.api.apiextensions.v1.CompatibilitySchema" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in CustomResourceDefinitionSchemaValidation) OpenAPIModelName() string { + return "com.github.openshift.api.apiextensions.v1.CustomResourceDefinitionSchemaValidation" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ObjectSchemaValidation) OpenAPIModelName() string { + return "com.github.openshift.api.apiextensions.v1.ObjectSchemaValidation" +} + +// OpenAPIModelName returns the OpenAPI model name for this type. +func (in ObservedCRD) OpenAPIModelName() string { + return "com.github.openshift.api.apiextensions.v1.ObservedCRD" +} diff --git a/apiextensions/v1/zz_generated.swagger_doc_generated.go b/apiextensions/v1/zz_generated.swagger_doc_generated.go new file mode 100644 index 00000000000..bafabd0ec21 --- /dev/null +++ b/apiextensions/v1/zz_generated.swagger_doc_generated.go @@ -0,0 +1,129 @@ +package v1 + +// This file contains a collection of methods that can be used from go-restful to +// generate Swagger API documentation for its models. Please read this PR for more +// information on the implementation: https://github.com/emicklei/go-restful/pull/215 +// +// TODOs are ignored from the parser (e.g. TODO(andronat):... || TODO:...) if and only if +// they are on one line! For multiple line or blocks that you want to ignore use ---. +// Any context after a --- is ignored. +// +// Those methods can be generated by using hack/update-swagger-docs.sh + +// AUTO-GENERATED FUNCTIONS START HERE +var map_APIExcludedField = map[string]string{ + "": "APIExcludedField describes a field in the schema which will not be validated by crdSchemaValidation or objectSchemaValidation.", + "path": "path is the path to the field in the schema. Paths are dot-separated field names (e.g., \"fieldA.fieldB.fieldC\") representing nested object fields. If part of the path is a slice (e.g., \"status.conditions\") the remaining path is applied to all items in the slice (e.g., \"status.conditions.lastTransitionTimestamp\"). Each field name must be a valid Kubernetes CRD field name: start with a letter, contain only letters, digits, and underscores, and be between 1 and 63 characters in length. A path may contain at most 16 fields.", + "versions": "versions are the API versions the field is excluded from. When not specified, the field is excluded from all versions.\n\nEach item must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character. At most 32 versions may be specified.", +} + +func (APIExcludedField) SwaggerDoc() map[string]string { + return map_APIExcludedField +} + +var map_APIVersions = map[string]string{ + "": "APIVersions specifies a set of API versions of a CRD.", + "defaultSelection": "defaultSelection specifies a method for automatically selecting a set of versions to require.\n\nValid options are StorageOnly and AllServed. When set to StorageOnly, only the storage version is selected for compatibility assessment. When set to AllServed, all served versions are selected for compatibility assessment.\n\nThis field is required.", + "additionalVersions": "additionalVersions specifies a set api versions to require in addition to the default selection. It is explicitly permitted to specify a version in additionalVersions which was also selected by the default selection. The selections will be merged and deduplicated.\n\nEach item must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character.// with an alphabetic character and end with an alphanumeric character. At most 32 additional versions may be specified.", +} + +func (APIVersions) SwaggerDoc() map[string]string { + return map_APIVersions +} + +var map_CRDData = map[string]string{ + "": "CRDData contains the complete definition of a CRD.", + "type": "type indicates the type of the CRD data. The only supported type is \"YAML\". This field is required.", + "data": "data contains the complete definition of the CRD. This field must be in the format specified by the type field. It may not be longer than 1572864 characters. This field is required.", +} + +func (CRDData) SwaggerDoc() map[string]string { + return map_CRDData +} + +var map_CompatibilityRequirement = map[string]string{ + "": "CompatibilityRequirement expresses a set of requirements on a target CRD. It is used to ensure compatibility between different actors using the same CRD.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec is the specification of the desired behavior of the Compatibility Requirement.", + "status": "status is the most recently observed status of the Compatibility Requirement.", +} + +func (CompatibilityRequirement) SwaggerDoc() map[string]string { + return map_CompatibilityRequirement +} + +var map_CompatibilityRequirementList = map[string]string{ + "": "CompatibilityRequirementList is a collection of CompatibilityRequirements.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "items": "items is a list of CompatibilityRequirements.", +} + +func (CompatibilityRequirementList) SwaggerDoc() map[string]string { + return map_CompatibilityRequirementList +} + +var map_CompatibilityRequirementSpec = map[string]string{ + "": "CompatibilityRequirementSpec is the specification of the desired behavior of the Compatibility Requirement.", + "compatibilitySchema": "compatibilitySchema defines the schema used by customResourceDefinitionSchemaValidation and objectSchemaValidation. This field is required.", + "customResourceDefinitionSchemaValidation": "customResourceDefinitionSchemaValidation ensures that updates to the installed CRD are compatible with this compatibility requirement. If not specified, admission of the target CRD will not be validated. This field is optional.", + "objectSchemaValidation": "objectSchemaValidation ensures that matching resources conform to compatibilitySchema. If not specified, admission of matching resources will not be validated. This field is optional.", +} + +func (CompatibilityRequirementSpec) SwaggerDoc() map[string]string { + return map_CompatibilityRequirementSpec +} + +var map_CompatibilityRequirementStatus = map[string]string{ + "": "CompatibilityRequirementStatus defines the observed status of the Compatibility Requirement.", + "conditions": "conditions is a list of conditions and their status. Known condition types are Progressing, Admitted, and Compatible.\n\nThe Progressing condition indicates if reconciliation of a CompatibilityRequirement is still progressing or has finished.\n\nThe Admitted condition indicates if the validating webhook has been configured.\n\nThe Compatible condition indicates if the observed CRD is compatible with the requirement.", + "observedCRD": "observedCRD documents the uid and generation of the CRD object when the current status was written. This field will be omitted if the target CRD does not exist or could not be retrieved.", + "crdName": "crdName is the name of the target CRD. The target CRD is not required to exist, as we may legitimately place requirements on it before it is created. The observed CRD is given in status.observedCRD, which will be empty if no CRD is observed. When present, must be between 1 and 253 characters and conform to RFC 1123 subdomain format: lowercase alphanumeric characters, '-' or '.', starting and ending with alphanumeric characters. When not specified, the requirement applies to any CRD name discovered from the compatibility schema. This field is optional. Once set, the value cannot be changed and must always remain set.", +} + +func (CompatibilityRequirementStatus) SwaggerDoc() map[string]string { + return map_CompatibilityRequirementStatus +} + +var map_CompatibilitySchema = map[string]string{ + "": "CompatibilitySchema defines the schema used by crdSchemaValidation and objectSchemaValidation.", + "customResourceDefinition": "customResourceDefinition contains the complete definition of the CRD for schema and object validation purposes. This field is required.", + "requiredVersions": "requiredVersions specifies a subset of the CRD's API versions which will be asserted for compatibility. This field is required.", + "excludedFields": "excludedFields is a set of fields in the schema which will not be validated by crdSchemaValidation or objectSchemaValidation. The list may contain at most 64 fields. Each path in the list must be unique. When not specified, all fields in the schema will be validated.", +} + +func (CompatibilitySchema) SwaggerDoc() map[string]string { + return map_CompatibilitySchema +} + +var map_CustomResourceDefinitionSchemaValidation = map[string]string{ + "": "CustomResourceDefinitionSchemaValidation ensures that updates to the installed CRD are compatible with this compatibility requirement.", + "action": "action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). Valid options are Deny and Warn. When set to Deny, incompatible CRDs will be rejected and not admitted to the cluster. When set to Warn, incompatible CRDs will be allowed but a warning will be generated in the API response. This field is required.", +} + +func (CustomResourceDefinitionSchemaValidation) SwaggerDoc() map[string]string { + return map_CustomResourceDefinitionSchemaValidation +} + +var map_ObjectSchemaValidation = map[string]string{ + "": "ObjectSchemaValidation ensures that matching objects conform to the compatibilitySchema.", + "action": "action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). Valid options are Deny and Warn. When set to Deny, incompatible Objects will be rejected and not admitted to the cluster. When set to Warn, incompatible Objects will be allowed but a warning will be generated in the API response. This field is required.", + "namespaceSelector": "namespaceSelector defines a label selector for namespaces. If defined, only objects in a namespace with matching labels will be subject to validation. When not specified, objects for validation will not be filtered by namespace.", + "objectSelector": "objectSelector defines a label selector for objects. If defined, only objects with matching labels will be subject to validation. When not specified, objects for validation will not be filtered by label.", + "matchConditions": "matchConditions defines the matchConditions field of the resulting ValidatingWebhookConfiguration. When present, must contain between 1 and 64 match conditions. When not specified, the webhook will match all requests according to its other selectors.", +} + +func (ObjectSchemaValidation) SwaggerDoc() map[string]string { + return map_ObjectSchemaValidation +} + +var map_ObservedCRD = map[string]string{ + "": "ObservedCRD contains information about the observed target CRD.", + "uid": "uid is the uid of the observed CRD. Must be a valid UUID consisting of lowercase hexadecimal digits in 5 hyphenated blocks (8-4-4-4-12 format). Length must be between 1 and 36 characters.", + "generation": "generation is the observed generation of the CRD. Must be a positive integer (minimum value of 1).", +} + +func (ObservedCRD) SwaggerDoc() map[string]string { + return map_ObservedCRD +} + +// AUTO-GENERATED FUNCTIONS END HERE diff --git a/hack/update-payload-crds.sh b/hack/update-payload-crds.sh index f950404be03..fa7ba9f2383 100755 --- a/hack/update-payload-crds.sh +++ b/hack/update-payload-crds.sh @@ -3,7 +3,7 @@ source "$(dirname "${BASH_SOURCE}")/lib/init.sh" crd_globs="\ - apiextensions/v1alpha1/zz_generated.crd-manifests/*_crd-compatibility-checker_*.crd*yaml\ + apiextensions/v1/zz_generated.crd-manifests/*_crd-compatibility-checker_*.crd*yaml\ authorization/v1/zz_generated.crd-manifests/*_config-operator_*.crd*yaml\ config/v1/zz_generated.crd-manifests/*_config-operator_*.crd*yaml\ machine/v1/zz_generated.crd-manifests/*.crd*yaml\ diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index d81301eaaa6..0cf35a36782 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -6,8 +6,9 @@ package generated_openapi import ( + v1 "github.com/openshift/api/apiextensions/v1" v1alpha1 "github.com/openshift/api/apiextensions/v1alpha1" - v1 "github.com/openshift/api/apiserver/v1" + apiserverv1 "github.com/openshift/api/apiserver/v1" appsv1 "github.com/openshift/api/apps/v1" authorizationv1 "github.com/openshift/api/authorization/v1" buildv1 "github.com/openshift/api/build/v1" @@ -66,6 +67,17 @@ import ( func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition { return map[string]common.OpenAPIDefinition{ + v1.APIExcludedField{}.OpenAPIModelName(): schema_openshift_api_apiextensions_v1_APIExcludedField(ref), + v1.APIVersions{}.OpenAPIModelName(): schema_openshift_api_apiextensions_v1_APIVersions(ref), + v1.CRDData{}.OpenAPIModelName(): schema_openshift_api_apiextensions_v1_CRDData(ref), + v1.CompatibilityRequirement{}.OpenAPIModelName(): schema_openshift_api_apiextensions_v1_CompatibilityRequirement(ref), + v1.CompatibilityRequirementList{}.OpenAPIModelName(): schema_openshift_api_apiextensions_v1_CompatibilityRequirementList(ref), + v1.CompatibilityRequirementSpec{}.OpenAPIModelName(): schema_openshift_api_apiextensions_v1_CompatibilityRequirementSpec(ref), + v1.CompatibilityRequirementStatus{}.OpenAPIModelName(): schema_openshift_api_apiextensions_v1_CompatibilityRequirementStatus(ref), + v1.CompatibilitySchema{}.OpenAPIModelName(): schema_openshift_api_apiextensions_v1_CompatibilitySchema(ref), + v1.CustomResourceDefinitionSchemaValidation{}.OpenAPIModelName(): schema_openshift_api_apiextensions_v1_CustomResourceDefinitionSchemaValidation(ref), + v1.ObjectSchemaValidation{}.OpenAPIModelName(): schema_openshift_api_apiextensions_v1_ObjectSchemaValidation(ref), + v1.ObservedCRD{}.OpenAPIModelName(): schema_openshift_api_apiextensions_v1_ObservedCRD(ref), v1alpha1.APIExcludedField{}.OpenAPIModelName(): schema_openshift_api_apiextensions_v1alpha1_APIExcludedField(ref), v1alpha1.APIVersions{}.OpenAPIModelName(): schema_openshift_api_apiextensions_v1alpha1_APIVersions(ref), v1alpha1.CRDData{}.OpenAPIModelName(): schema_openshift_api_apiextensions_v1alpha1_CRDData(ref), @@ -77,14 +89,14 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA v1alpha1.CustomResourceDefinitionSchemaValidation{}.OpenAPIModelName(): schema_openshift_api_apiextensions_v1alpha1_CustomResourceDefinitionSchemaValidation(ref), v1alpha1.ObjectSchemaValidation{}.OpenAPIModelName(): schema_openshift_api_apiextensions_v1alpha1_ObjectSchemaValidation(ref), v1alpha1.ObservedCRD{}.OpenAPIModelName(): schema_openshift_api_apiextensions_v1alpha1_ObservedCRD(ref), - v1.APIRequestCount{}.OpenAPIModelName(): schema_openshift_api_apiserver_v1_APIRequestCount(ref), - v1.APIRequestCountList{}.OpenAPIModelName(): schema_openshift_api_apiserver_v1_APIRequestCountList(ref), - v1.APIRequestCountSpec{}.OpenAPIModelName(): schema_openshift_api_apiserver_v1_APIRequestCountSpec(ref), - v1.APIRequestCountStatus{}.OpenAPIModelName(): schema_openshift_api_apiserver_v1_APIRequestCountStatus(ref), - v1.PerNodeAPIRequestLog{}.OpenAPIModelName(): schema_openshift_api_apiserver_v1_PerNodeAPIRequestLog(ref), - v1.PerResourceAPIRequestLog{}.OpenAPIModelName(): schema_openshift_api_apiserver_v1_PerResourceAPIRequestLog(ref), - v1.PerUserAPIRequestCount{}.OpenAPIModelName(): schema_openshift_api_apiserver_v1_PerUserAPIRequestCount(ref), - v1.PerVerbAPIRequestCount{}.OpenAPIModelName(): schema_openshift_api_apiserver_v1_PerVerbAPIRequestCount(ref), + apiserverv1.APIRequestCount{}.OpenAPIModelName(): schema_openshift_api_apiserver_v1_APIRequestCount(ref), + apiserverv1.APIRequestCountList{}.OpenAPIModelName(): schema_openshift_api_apiserver_v1_APIRequestCountList(ref), + apiserverv1.APIRequestCountSpec{}.OpenAPIModelName(): schema_openshift_api_apiserver_v1_APIRequestCountSpec(ref), + apiserverv1.APIRequestCountStatus{}.OpenAPIModelName(): schema_openshift_api_apiserver_v1_APIRequestCountStatus(ref), + apiserverv1.PerNodeAPIRequestLog{}.OpenAPIModelName(): schema_openshift_api_apiserver_v1_PerNodeAPIRequestLog(ref), + apiserverv1.PerResourceAPIRequestLog{}.OpenAPIModelName(): schema_openshift_api_apiserver_v1_PerResourceAPIRequestLog(ref), + apiserverv1.PerUserAPIRequestCount{}.OpenAPIModelName(): schema_openshift_api_apiserver_v1_PerUserAPIRequestCount(ref), + apiserverv1.PerVerbAPIRequestCount{}.OpenAPIModelName(): schema_openshift_api_apiserver_v1_PerVerbAPIRequestCount(ref), appsv1.CustomDeploymentStrategyParams{}.OpenAPIModelName(): schema_openshift_api_apps_v1_CustomDeploymentStrategyParams(ref), appsv1.DeploymentCause{}.OpenAPIModelName(): schema_openshift_api_apps_v1_DeploymentCause(ref), appsv1.DeploymentCauseImageTrigger{}.OpenAPIModelName(): schema_openshift_api_apps_v1_DeploymentCauseImageTrigger(ref), @@ -1832,6 +1844,464 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA } } +func schema_openshift_api_apiextensions_v1_APIExcludedField(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "APIExcludedField describes a field in the schema which will not be validated by crdSchemaValidation or objectSchemaValidation.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "path": { + SchemaProps: spec.SchemaProps{ + Description: "path is the path to the field in the schema. Paths are dot-separated field names (e.g., \"fieldA.fieldB.fieldC\") representing nested object fields. If part of the path is a slice (e.g., \"status.conditions\") the remaining path is applied to all items in the slice (e.g., \"status.conditions.lastTransitionTimestamp\"). Each field name must be a valid Kubernetes CRD field name: start with a letter, contain only letters, digits, and underscores, and be between 1 and 63 characters in length. A path may contain at most 16 fields.", + Type: []string{"string"}, + Format: "", + }, + }, + "versions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "set", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "versions are the API versions the field is excluded from. When not specified, the field is excluded from all versions.\n\nEach item must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character. At most 32 versions may be specified.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, + Required: []string{"path", "versions"}, + }, + }, + } +} + +func schema_openshift_api_apiextensions_v1_APIVersions(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "APIVersions specifies a set of API versions of a CRD.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "defaultSelection": { + SchemaProps: spec.SchemaProps{ + Description: "defaultSelection specifies a method for automatically selecting a set of versions to require.\n\nValid options are StorageOnly and AllServed. When set to StorageOnly, only the storage version is selected for compatibility assessment. When set to AllServed, all served versions are selected for compatibility assessment.\n\nThis field is required.", + Type: []string{"string"}, + Format: "", + }, + }, + "additionalVersions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "set", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "additionalVersions specifies a set api versions to require in addition to the default selection. It is explicitly permitted to specify a version in additionalVersions which was also selected by the default selection. The selections will be merged and deduplicated.\n\nEach item must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character.// with an alphabetic character and end with an alphanumeric character. At most 32 additional versions may be specified.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, + Required: []string{"defaultSelection"}, + }, + }, + } +} + +func schema_openshift_api_apiextensions_v1_CRDData(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "CRDData contains the complete definition of a CRD.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { + SchemaProps: spec.SchemaProps{ + Description: "type indicates the type of the CRD data. The only supported type is \"YAML\". This field is required.", + Type: []string{"string"}, + Format: "", + }, + }, + "data": { + SchemaProps: spec.SchemaProps{ + Description: "data contains the complete definition of the CRD. This field must be in the format specified by the type field. It may not be longer than 1572864 characters. This field is required.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"type", "data"}, + }, + }, + } +} + +func schema_openshift_api_apiextensions_v1_CompatibilityRequirement(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "CompatibilityRequirement expresses a set of requirements on a target CRD. It is used to ensure compatibility between different actors using the same CRD.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Description: "spec is the specification of the desired behavior of the Compatibility Requirement.", + Default: map[string]interface{}{}, + Ref: ref(v1.CompatibilityRequirementSpec{}.OpenAPIModelName()), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "status is the most recently observed status of the Compatibility Requirement.", + Default: map[string]interface{}{}, + Ref: ref(v1.CompatibilityRequirementStatus{}.OpenAPIModelName()), + }, + }, + }, + Required: []string{"metadata", "spec"}, + }, + }, + Dependencies: []string{ + v1.CompatibilityRequirementSpec{}.OpenAPIModelName(), v1.CompatibilityRequirementStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_apiextensions_v1_CompatibilityRequirementList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "CompatibilityRequirementList is a collection of CompatibilityRequirements.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Description: "items is a list of CompatibilityRequirements.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(v1.CompatibilityRequirement{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + v1.CompatibilityRequirement{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_apiextensions_v1_CompatibilityRequirementSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "CompatibilityRequirementSpec is the specification of the desired behavior of the Compatibility Requirement.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "compatibilitySchema": { + SchemaProps: spec.SchemaProps{ + Description: "compatibilitySchema defines the schema used by customResourceDefinitionSchemaValidation and objectSchemaValidation. This field is required.", + Default: map[string]interface{}{}, + Ref: ref(v1.CompatibilitySchema{}.OpenAPIModelName()), + }, + }, + "customResourceDefinitionSchemaValidation": { + SchemaProps: spec.SchemaProps{ + Description: "customResourceDefinitionSchemaValidation ensures that updates to the installed CRD are compatible with this compatibility requirement. If not specified, admission of the target CRD will not be validated. This field is optional.", + Default: map[string]interface{}{}, + Ref: ref(v1.CustomResourceDefinitionSchemaValidation{}.OpenAPIModelName()), + }, + }, + "objectSchemaValidation": { + SchemaProps: spec.SchemaProps{ + Description: "objectSchemaValidation ensures that matching resources conform to compatibilitySchema. If not specified, admission of matching resources will not be validated. This field is optional.", + Default: map[string]interface{}{}, + Ref: ref(v1.ObjectSchemaValidation{}.OpenAPIModelName()), + }, + }, + }, + Required: []string{"compatibilitySchema"}, + }, + }, + Dependencies: []string{ + v1.CompatibilitySchema{}.OpenAPIModelName(), v1.CustomResourceDefinitionSchemaValidation{}.OpenAPIModelName(), v1.ObjectSchemaValidation{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_apiextensions_v1_CompatibilityRequirementStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "CompatibilityRequirementStatus defines the observed status of the Compatibility Requirement.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "conditions is a list of conditions and their status. Known condition types are Progressing, Admitted, and Compatible.\n\nThe Progressing condition indicates if reconciliation of a CompatibilityRequirement is still progressing or has finished.\n\nThe Admitted condition indicates if the validating webhook has been configured.\n\nThe Compatible condition indicates if the observed CRD is compatible with the requirement.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(metav1.Condition{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + "observedCRD": { + SchemaProps: spec.SchemaProps{ + Description: "observedCRD documents the uid and generation of the CRD object when the current status was written. This field will be omitted if the target CRD does not exist or could not be retrieved.", + Default: map[string]interface{}{}, + Ref: ref(v1.ObservedCRD{}.OpenAPIModelName()), + }, + }, + "crdName": { + SchemaProps: spec.SchemaProps{ + Description: "crdName is the name of the target CRD. The target CRD is not required to exist, as we may legitimately place requirements on it before it is created. The observed CRD is given in status.observedCRD, which will be empty if no CRD is observed. When present, must be between 1 and 253 characters and conform to RFC 1123 subdomain format: lowercase alphanumeric characters, '-' or '.', starting and ending with alphanumeric characters. When not specified, the requirement applies to any CRD name discovered from the compatibility schema. This field is optional. Once set, the value cannot be changed and must always remain set.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + Dependencies: []string{ + v1.ObservedCRD{}.OpenAPIModelName(), metav1.Condition{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_apiextensions_v1_CompatibilitySchema(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "CompatibilitySchema defines the schema used by crdSchemaValidation and objectSchemaValidation.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "customResourceDefinition": { + SchemaProps: spec.SchemaProps{ + Description: "customResourceDefinition contains the complete definition of the CRD for schema and object validation purposes. This field is required.", + Default: map[string]interface{}{}, + Ref: ref(v1.CRDData{}.OpenAPIModelName()), + }, + }, + "requiredVersions": { + SchemaProps: spec.SchemaProps{ + Description: "requiredVersions specifies a subset of the CRD's API versions which will be asserted for compatibility. This field is required.", + Default: map[string]interface{}{}, + Ref: ref(v1.APIVersions{}.OpenAPIModelName()), + }, + }, + "excludedFields": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "excludedFields is a set of fields in the schema which will not be validated by crdSchemaValidation or objectSchemaValidation. The list may contain at most 64 fields. Each path in the list must be unique. When not specified, all fields in the schema will be validated.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(v1.APIExcludedField{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + }, + Required: []string{"customResourceDefinition", "requiredVersions"}, + }, + }, + Dependencies: []string{ + v1.APIExcludedField{}.OpenAPIModelName(), v1.APIVersions{}.OpenAPIModelName(), v1.CRDData{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_apiextensions_v1_CustomResourceDefinitionSchemaValidation(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "CustomResourceDefinitionSchemaValidation ensures that updates to the installed CRD are compatible with this compatibility requirement.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "action": { + SchemaProps: spec.SchemaProps{ + Description: "action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). Valid options are Deny and Warn. When set to Deny, incompatible CRDs will be rejected and not admitted to the cluster. When set to Warn, incompatible CRDs will be allowed but a warning will be generated in the API response. This field is required.\n\nPossible enum values:\n - `\"Deny\"` means that incompatible CRDs will be rejected.\n - `\"Warn\"` means that incompatible CRDs will be allowed but a warning will be generated.", + Type: []string{"string"}, + Format: "", + Enum: []interface{}{"Deny", "Warn"}, + }, + }, + }, + Required: []string{"action"}, + }, + }, + } +} + +func schema_openshift_api_apiextensions_v1_ObjectSchemaValidation(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ObjectSchemaValidation ensures that matching objects conform to the compatibilitySchema.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "action": { + SchemaProps: spec.SchemaProps{ + Description: "action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). Valid options are Deny and Warn. When set to Deny, incompatible Objects will be rejected and not admitted to the cluster. When set to Warn, incompatible Objects will be allowed but a warning will be generated in the API response. This field is required.\n\nPossible enum values:\n - `\"Deny\"` means that incompatible CRDs will be rejected.\n - `\"Warn\"` means that incompatible CRDs will be allowed but a warning will be generated.", + Type: []string{"string"}, + Format: "", + Enum: []interface{}{"Deny", "Warn"}, + }, + }, + "namespaceSelector": { + SchemaProps: spec.SchemaProps{ + Description: "namespaceSelector defines a label selector for namespaces. If defined, only objects in a namespace with matching labels will be subject to validation. When not specified, objects for validation will not be filtered by namespace.", + Default: map[string]interface{}{}, + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + }, + }, + "objectSelector": { + SchemaProps: spec.SchemaProps{ + Description: "objectSelector defines a label selector for objects. If defined, only objects with matching labels will be subject to validation. When not specified, objects for validation will not be filtered by label.", + Default: map[string]interface{}{}, + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + }, + }, + "matchConditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "matchConditions defines the matchConditions field of the resulting ValidatingWebhookConfiguration. When present, must contain between 1 and 64 match conditions. When not specified, the webhook will match all requests according to its other selectors.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(admissionregistrationv1.MatchCondition{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + }, + Required: []string{"action"}, + }, + }, + Dependencies: []string{ + admissionregistrationv1.MatchCondition{}.OpenAPIModelName(), metav1.LabelSelector{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_apiextensions_v1_ObservedCRD(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ObservedCRD contains information about the observed target CRD.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "uid": { + SchemaProps: spec.SchemaProps{ + Description: "uid is the uid of the observed CRD. Must be a valid UUID consisting of lowercase hexadecimal digits in 5 hyphenated blocks (8-4-4-4-12 format). Length must be between 1 and 36 characters.", + Type: []string{"string"}, + Format: "", + }, + }, + "generation": { + SchemaProps: spec.SchemaProps{ + Description: "generation is the observed generation of the CRD. Must be a positive integer (minimum value of 1).", + Type: []string{"integer"}, + Format: "int64", + }, + }, + }, + Required: []string{"uid", "generation"}, + }, + }, + } +} + func schema_openshift_api_apiextensions_v1alpha1_APIExcludedField(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -2322,14 +2792,14 @@ func schema_openshift_api_apiserver_v1_APIRequestCount(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "spec defines the characteristics of the resource.", Default: map[string]interface{}{}, - Ref: ref(v1.APIRequestCountSpec{}.OpenAPIModelName()), + Ref: ref(apiserverv1.APIRequestCountSpec{}.OpenAPIModelName()), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "status contains the observed state of the resource.", Default: map[string]interface{}{}, - Ref: ref(v1.APIRequestCountStatus{}.OpenAPIModelName()), + Ref: ref(apiserverv1.APIRequestCountStatus{}.OpenAPIModelName()), }, }, }, @@ -2337,7 +2807,7 @@ func schema_openshift_api_apiserver_v1_APIRequestCount(ref common.ReferenceCallb }, }, Dependencies: []string{ - v1.APIRequestCountSpec{}.OpenAPIModelName(), v1.APIRequestCountStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + apiserverv1.APIRequestCountSpec{}.OpenAPIModelName(), apiserverv1.APIRequestCountStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -2376,7 +2846,7 @@ func schema_openshift_api_apiserver_v1_APIRequestCountList(ref common.ReferenceC Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(v1.APIRequestCount{}.OpenAPIModelName()), + Ref: ref(apiserverv1.APIRequestCount{}.OpenAPIModelName()), }, }, }, @@ -2387,7 +2857,7 @@ func schema_openshift_api_apiserver_v1_APIRequestCountList(ref common.ReferenceC }, }, Dependencies: []string{ - v1.APIRequestCount{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + apiserverv1.APIRequestCount{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -2458,7 +2928,7 @@ func schema_openshift_api_apiserver_v1_APIRequestCountStatus(ref common.Referenc SchemaProps: spec.SchemaProps{ Description: "currentHour contains request history for the current hour. This is porcelain to make the API easier to read by humans seeing if they addressed a problem. This field is reset on the hour.", Default: map[string]interface{}{}, - Ref: ref(v1.PerResourceAPIRequestLog{}.OpenAPIModelName()), + Ref: ref(apiserverv1.PerResourceAPIRequestLog{}.OpenAPIModelName()), }, }, "last24h": { @@ -2469,7 +2939,7 @@ func schema_openshift_api_apiserver_v1_APIRequestCountStatus(ref common.Referenc Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(v1.PerResourceAPIRequestLog{}.OpenAPIModelName()), + Ref: ref(apiserverv1.PerResourceAPIRequestLog{}.OpenAPIModelName()), }, }, }, @@ -2480,7 +2950,7 @@ func schema_openshift_api_apiserver_v1_APIRequestCountStatus(ref common.Referenc }, }, Dependencies: []string{ - v1.PerResourceAPIRequestLog{}.OpenAPIModelName(), metav1.Condition{}.OpenAPIModelName()}, + apiserverv1.PerResourceAPIRequestLog{}.OpenAPIModelName(), metav1.Condition{}.OpenAPIModelName()}, } } @@ -2515,7 +2985,7 @@ func schema_openshift_api_apiserver_v1_PerNodeAPIRequestLog(ref common.Reference Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(v1.PerUserAPIRequestCount{}.OpenAPIModelName()), + Ref: ref(apiserverv1.PerUserAPIRequestCount{}.OpenAPIModelName()), }, }, }, @@ -2526,7 +2996,7 @@ func schema_openshift_api_apiserver_v1_PerNodeAPIRequestLog(ref common.Reference }, }, Dependencies: []string{ - v1.PerUserAPIRequestCount{}.OpenAPIModelName()}, + apiserverv1.PerUserAPIRequestCount{}.OpenAPIModelName()}, } } @@ -2545,7 +3015,7 @@ func schema_openshift_api_apiserver_v1_PerResourceAPIRequestLog(ref common.Refer Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(v1.PerNodeAPIRequestLog{}.OpenAPIModelName()), + Ref: ref(apiserverv1.PerNodeAPIRequestLog{}.OpenAPIModelName()), }, }, }, @@ -2564,7 +3034,7 @@ func schema_openshift_api_apiserver_v1_PerResourceAPIRequestLog(ref common.Refer }, }, Dependencies: []string{ - v1.PerNodeAPIRequestLog{}.OpenAPIModelName()}, + apiserverv1.PerNodeAPIRequestLog{}.OpenAPIModelName()}, } } @@ -2607,7 +3077,7 @@ func schema_openshift_api_apiserver_v1_PerUserAPIRequestCount(ref common.Referen Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(v1.PerVerbAPIRequestCount{}.OpenAPIModelName()), + Ref: ref(apiserverv1.PerVerbAPIRequestCount{}.OpenAPIModelName()), }, }, }, @@ -2618,7 +3088,7 @@ func schema_openshift_api_apiserver_v1_PerUserAPIRequestCount(ref common.Referen }, }, Dependencies: []string{ - v1.PerVerbAPIRequestCount{}.OpenAPIModelName()}, + apiserverv1.PerVerbAPIRequestCount{}.OpenAPIModelName()}, } } diff --git a/openapi/openapi.json b/openapi/openapi.json index b3a2453c2de..24882f81732 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -6,6 +6,284 @@ }, "paths": null, "definitions": { + "com.github.openshift.api.apiextensions.v1.APIExcludedField": { + "description": "APIExcludedField describes a field in the schema which will not be validated by crdSchemaValidation or objectSchemaValidation.", + "type": "object", + "required": [ + "path", + "versions" + ], + "properties": { + "path": { + "description": "path is the path to the field in the schema. Paths are dot-separated field names (e.g., \"fieldA.fieldB.fieldC\") representing nested object fields. If part of the path is a slice (e.g., \"status.conditions\") the remaining path is applied to all items in the slice (e.g., \"status.conditions.lastTransitionTimestamp\"). Each field name must be a valid Kubernetes CRD field name: start with a letter, contain only letters, digits, and underscores, and be between 1 and 63 characters in length. A path may contain at most 16 fields.", + "type": "string" + }, + "versions": { + "description": "versions are the API versions the field is excluded from. When not specified, the field is excluded from all versions.\n\nEach item must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character. At most 32 versions may be specified.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" + } + } + }, + "com.github.openshift.api.apiextensions.v1.APIVersions": { + "description": "APIVersions specifies a set of API versions of a CRD.", + "type": "object", + "required": [ + "defaultSelection" + ], + "properties": { + "additionalVersions": { + "description": "additionalVersions specifies a set api versions to require in addition to the default selection. It is explicitly permitted to specify a version in additionalVersions which was also selected by the default selection. The selections will be merged and deduplicated.\n\nEach item must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character.// with an alphabetic character and end with an alphanumeric character. At most 32 additional versions may be specified.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" + }, + "defaultSelection": { + "description": "defaultSelection specifies a method for automatically selecting a set of versions to require.\n\nValid options are StorageOnly and AllServed. When set to StorageOnly, only the storage version is selected for compatibility assessment. When set to AllServed, all served versions are selected for compatibility assessment.\n\nThis field is required.", + "type": "string" + } + } + }, + "com.github.openshift.api.apiextensions.v1.CRDData": { + "description": "CRDData contains the complete definition of a CRD.", + "type": "object", + "required": [ + "type", + "data" + ], + "properties": { + "data": { + "description": "data contains the complete definition of the CRD. This field must be in the format specified by the type field. It may not be longer than 1572864 characters. This field is required.", + "type": "string" + }, + "type": { + "description": "type indicates the type of the CRD data. The only supported type is \"YAML\". This field is required.", + "type": "string" + } + } + }, + "com.github.openshift.api.apiextensions.v1.CompatibilityRequirement": { + "description": "CompatibilityRequirement expresses a set of requirements on a target CRD. It is used to ensure compatibility between different actors using the same CRD.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "metadata", + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec is the specification of the desired behavior of the Compatibility Requirement.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1.CompatibilityRequirementSpec" + }, + "status": { + "description": "status is the most recently observed status of the Compatibility Requirement.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1.CompatibilityRequirementStatus" + } + } + }, + "com.github.openshift.api.apiextensions.v1.CompatibilityRequirementList": { + "description": "CompatibilityRequirementList is a collection of CompatibilityRequirements.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is a list of CompatibilityRequirements.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1.CompatibilityRequirement" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + } + }, + "com.github.openshift.api.apiextensions.v1.CompatibilityRequirementSpec": { + "description": "CompatibilityRequirementSpec is the specification of the desired behavior of the Compatibility Requirement.", + "type": "object", + "required": [ + "compatibilitySchema" + ], + "properties": { + "compatibilitySchema": { + "description": "compatibilitySchema defines the schema used by customResourceDefinitionSchemaValidation and objectSchemaValidation. This field is required.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1.CompatibilitySchema" + }, + "customResourceDefinitionSchemaValidation": { + "description": "customResourceDefinitionSchemaValidation ensures that updates to the installed CRD are compatible with this compatibility requirement. If not specified, admission of the target CRD will not be validated. This field is optional.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1.CustomResourceDefinitionSchemaValidation" + }, + "objectSchemaValidation": { + "description": "objectSchemaValidation ensures that matching resources conform to compatibilitySchema. If not specified, admission of matching resources will not be validated. This field is optional.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1.ObjectSchemaValidation" + } + } + }, + "com.github.openshift.api.apiextensions.v1.CompatibilityRequirementStatus": { + "description": "CompatibilityRequirementStatus defines the observed status of the Compatibility Requirement.", + "type": "object", + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status. Known condition types are Progressing, Admitted, and Compatible.\n\nThe Progressing condition indicates if reconciliation of a CompatibilityRequirement is still progressing or has finished.\n\nThe Admitted condition indicates if the validating webhook has been configured.\n\nThe Compatible condition indicates if the observed CRD is compatible with the requirement.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "crdName": { + "description": "crdName is the name of the target CRD. The target CRD is not required to exist, as we may legitimately place requirements on it before it is created. The observed CRD is given in status.observedCRD, which will be empty if no CRD is observed. When present, must be between 1 and 253 characters and conform to RFC 1123 subdomain format: lowercase alphanumeric characters, '-' or '.', starting and ending with alphanumeric characters. When not specified, the requirement applies to any CRD name discovered from the compatibility schema. This field is optional. Once set, the value cannot be changed and must always remain set.", + "type": "string" + }, + "observedCRD": { + "description": "observedCRD documents the uid and generation of the CRD object when the current status was written. This field will be omitted if the target CRD does not exist or could not be retrieved.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1.ObservedCRD" + } + } + }, + "com.github.openshift.api.apiextensions.v1.CompatibilitySchema": { + "description": "CompatibilitySchema defines the schema used by crdSchemaValidation and objectSchemaValidation.", + "type": "object", + "required": [ + "customResourceDefinition", + "requiredVersions" + ], + "properties": { + "customResourceDefinition": { + "description": "customResourceDefinition contains the complete definition of the CRD for schema and object validation purposes. This field is required.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1.CRDData" + }, + "excludedFields": { + "description": "excludedFields is a set of fields in the schema which will not be validated by crdSchemaValidation or objectSchemaValidation. The list may contain at most 64 fields. Each path in the list must be unique. When not specified, all fields in the schema will be validated.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1.APIExcludedField" + }, + "x-kubernetes-list-type": "atomic" + }, + "requiredVersions": { + "description": "requiredVersions specifies a subset of the CRD's API versions which will be asserted for compatibility. This field is required.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1.APIVersions" + } + } + }, + "com.github.openshift.api.apiextensions.v1.CustomResourceDefinitionSchemaValidation": { + "description": "CustomResourceDefinitionSchemaValidation ensures that updates to the installed CRD are compatible with this compatibility requirement.", + "type": "object", + "required": [ + "action" + ], + "properties": { + "action": { + "description": "action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). Valid options are Deny and Warn. When set to Deny, incompatible CRDs will be rejected and not admitted to the cluster. When set to Warn, incompatible CRDs will be allowed but a warning will be generated in the API response. This field is required.\n\nPossible enum values:\n - `\"Deny\"` means that incompatible CRDs will be rejected.\n - `\"Warn\"` means that incompatible CRDs will be allowed but a warning will be generated.", + "type": "string", + "enum": [ + "Deny", + "Warn" + ] + } + } + }, + "com.github.openshift.api.apiextensions.v1.ObjectSchemaValidation": { + "description": "ObjectSchemaValidation ensures that matching objects conform to the compatibilitySchema.", + "type": "object", + "required": [ + "action" + ], + "properties": { + "action": { + "description": "action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). Valid options are Deny and Warn. When set to Deny, incompatible Objects will be rejected and not admitted to the cluster. When set to Warn, incompatible Objects will be allowed but a warning will be generated in the API response. This field is required.\n\nPossible enum values:\n - `\"Deny\"` means that incompatible CRDs will be rejected.\n - `\"Warn\"` means that incompatible CRDs will be allowed but a warning will be generated.", + "type": "string", + "enum": [ + "Deny", + "Warn" + ] + }, + "matchConditions": { + "description": "matchConditions defines the matchConditions field of the resulting ValidatingWebhookConfiguration. When present, must contain between 1 and 64 match conditions. When not specified, the webhook will match all requests according to its other selectors.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.MatchCondition" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "namespaceSelector": { + "description": "namespaceSelector defines a label selector for namespaces. If defined, only objects in a namespace with matching labels will be subject to validation. When not specified, objects for validation will not be filtered by namespace.", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "objectSelector": { + "description": "objectSelector defines a label selector for objects. If defined, only objects with matching labels will be subject to validation. When not specified, objects for validation will not be filtered by label.", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + } + } + }, + "com.github.openshift.api.apiextensions.v1.ObservedCRD": { + "description": "ObservedCRD contains information about the observed target CRD.", + "type": "object", + "required": [ + "uid", + "generation" + ], + "properties": { + "generation": { + "description": "generation is the observed generation of the CRD. Must be a positive integer (minimum value of 1).", + "type": "integer", + "format": "int64" + }, + "uid": { + "description": "uid is the uid of the observed CRD. Must be a valid UUID consisting of lowercase hexadecimal digits in 5 hyphenated blocks (8-4-4-4-12 format). Length must be between 1 and 36 characters.", + "type": "string" + } + } + }, "com.github.openshift.api.apiextensions.v1alpha1.APIExcludedField": { "description": "APIExcludedField describes a field in the schema which will not be validated by crdSchemaValidation or objectSchemaValidation.", "type": "object", @@ -5271,6 +5549,100 @@ } } }, + "com.github.openshift.api.config.v1.CRIOCredentialProviderConfig": { + "description": "CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is \"cluster\". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec defines the desired configuration of the CRI-O Credential Provider. This field is required and must be provided when creating the resource.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.CRIOCredentialProviderConfigSpec" + }, + "status": { + "description": "status represents the current state of the CRIOCredentialProviderConfig. When omitted or nil, it indicates that the status has not yet been set by the controller. The controller will populate this field with validation conditions and operational state.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.CRIOCredentialProviderConfigStatus" + } + } + }, + "com.github.openshift.api.config.v1.CRIOCredentialProviderConfigList": { + "description": "CRIOCredentialProviderConfigList contains a list of CRIOCredentialProviderConfig resources\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "metadata", + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.CRIOCredentialProviderConfig" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + } + }, + "com.github.openshift.api.config.v1.CRIOCredentialProviderConfigSpec": { + "description": "CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider.", + "type": "object", + "properties": { + "matchImages": { + "description": "matchImages is a list of string patterns used to determine whether the CRI-O credential provider should be invoked for a given image. This list is passed to the kubelet CredentialProviderConfig, and if any pattern matches the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling that image or its mirrors. Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider. Conflicts between the existing platform specific provider image match configuration and this list will be handled by the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those from the CRIOCredentialProviderConfig when both match the same image. To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml). You can check the resource's Status conditions to see if any entries were ignored due to exact matches with known built-in provider patterns.\n\nThis field is optional, the items of the list must contain between 1 and 50 entries. The list is treated as a set, so duplicate entries are not allowed.\n\nFor more details, see: https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/ https://github.com/cri-o/crio-credential-provider#architecture\n\nEach entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters. Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io', and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net'). A global wildcard '*' (matching any domain) is not allowed. Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path. For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not. Each wildcard matches only a single domain label, so '*.io' does **not** match '*.k8s.io'.\n\nA match exists between an image and a matchImage when all of the below are true: Both contain the same number of domain parts and each part matches. The URL path of an matchImages must be a prefix of the target image URL path. If the matchImages contains a port, then the port must match in the image as well.\n\nExample values of matchImages: - 123456789.dkr.ecr.us-east-1.amazonaws.com - *.azurecr.io - gcr.io - *.*.registry.io - registry.io:8080/path", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" + } + } + }, + "com.github.openshift.api.config.v1.CRIOCredentialProviderConfigStatus": { + "description": "CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig", + "type": "object", + "properties": { + "conditions": { + "description": "conditions represent the latest available observations of the configuration state. When omitted, it indicates that no conditions have been reported yet. The maximum number of conditions is 16. Conditions are stored as a map keyed by condition type, ensuring uniqueness.\n\nExpected condition types include: \"Validated\": indicates whether the matchImages configuration is valid", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + } + } + }, "com.github.openshift.api.config.v1.CertInfo": { "description": "CertInfo relates a certificate with a private key", "type": "object", @@ -8418,7 +8790,7 @@ "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapFileReference" }, "controlPlaneTopology": { - "description": "controlPlaneTopology expresses the desired topology configuration for control nodes. The 'HighlyAvailable' mode represents a \"normal\", 3 control node cluster. The 'SingleReplica' mode represents configuration where there is a single control node. If left blank, no change is required and no transitions will be triggered.", + "description": "controlPlaneTopology expresses the desired topology configuration for control nodes.\n\nWhen status.controlPlaneTopology is 'SingleReplica' and spec.controlPlaneTopology is set to 'HighlyAvailable', a transition will be triggered to reconfigure the cluster from SingleReplica to HighlyAvailable.\n\nWhen left blank or status.controlPlaneTopology and spec.controlPlaneTopology are the same value, no changes are required and no transitions will be triggered.\n\nThis value may be set to match status.controlPlaneTopology regardless of the current value.", "type": "string" }, "platformSpec": { @@ -30498,6 +30870,14 @@ }, "x-kubernetes-list-type": "atomic" }, + "protocol": { + "description": "protocol specifies whether the Network Load Balancer uses PROXY protocol to forward connections to the IngressController.\n\nWhen set to \"TCP\", the NLB uses AWS's native client IP preservation. This may cause hairpin connection failures for internal load balancers when connections are made from pods to router pods on the same node.\n\nWhen set to \"PROXY\", the NLB disables native client IP preservation and uses PROXY protocol v2. The IngressController enables PROXY protocol on HAProxy so that it can parse PROXY protocol headers to obtain the original client IP. This avoids hairpin connection failures.\n\nThe following values are valid for this field:\n\n* \"TCP\". * \"PROXY\".\n\nWhen omitted, this means the user has no opinion and the value is left to the platform to choose a reasonable default, which is subject to change over time. The current default is \"PROXY\".\n\nNote that changing this field may cause brief connection failures during the transition as the NLB attribute change and router rollout occur independently.\n\n\nPossible enum values:\n - `\"PROXY\"` instructs the NLB to forward connections using PROXY protocol v2.\n - `\"TCP\"` instructs the NLB to forward connections using TCP without PROXY protocol.", + "type": "string", + "enum": [ + "PROXY", + "TCP" + ] + }, "subnets": { "description": "subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10.\n\nIn order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values.\n\nWhen omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.", "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSSubnets" @@ -30903,7 +31283,7 @@ "$ref": "#/definitions/com.github.openshift.api.operator.v1.AzureCSIDriverConfigSpec" }, "driverType": { - "description": "driverType indicates type of CSI driver for which the driverConfig is being applied to. Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. Consumers should treat unknown values as a NO-OP.", + "description": "driverType indicates type of CSI driver for which the driverConfig is being applied to. Valid values are: AWS, Azure, GCP, IBMCloud, vSphere, SecretsStore and omitted. Consumers should treat unknown values as a NO-OP.", "type": "string", "default": "" }, @@ -30915,6 +31295,11 @@ "description": "ibmcloud is used to configure the IBM Cloud CSI driver.", "$ref": "#/definitions/com.github.openshift.api.operator.v1.IBMCloudCSIDriverConfigSpec" }, + "secretsStore": { + "description": "secretsStore is used to configure the Secrets Store CSI driver.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.SecretsStoreCSIDriverConfigSpec" + }, "vSphere": { "description": "vSphere is used to configure the vsphere CSI driver.", "$ref": "#/definitions/com.github.openshift.api.operator.v1.VSphereCSIDriverConfigSpec" @@ -30928,6 +31313,7 @@ "azure": "Azure", "gcp": "GCP", "ibmcloud": "IBMCloud", + "secretsStore": "SecretsStore", "vSphere": "VSphere" } } @@ -31963,6 +32349,17 @@ } } }, + "com.github.openshift.api.operator.v1.CustomSecretRotation": { + "description": "CustomSecretRotation holds configuration for custom secret rotation behavior.", + "type": "object", + "properties": { + "rotationPollIntervalSeconds": { + "description": "rotationPollIntervalSeconds is the minimum time in seconds between secret rotation attempts. The driver skips provider calls if less than this interval has elapsed since the last successful rotation. Must be at least 1 second and no more than 31560000 seconds (~1 year). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "type": "integer", + "format": "int32" + } + } + }, "com.github.openshift.api.operator.v1.DNS": { "description": "DNS manages the CoreDNS component to provide a name resolution service for pods and services in the cluster.\n\nThis supports the DNS-based service discovery specification: https://github.com/kubernetes/dns/blob/master/docs/specification.md\n\nMore details: https://kubernetes.io/docs/tasks/administer-cluster/coredns\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", @@ -34908,6 +35305,24 @@ } } }, + "com.github.openshift.api.operator.v1.ManagedTokenRequests": { + "description": "ManagedTokenRequests holds the configuration for operator-managed service account token requests.", + "type": "object", + "properties": { + "audiences": { + "description": "audiences specifies service account token audiences that kubelet will provide to the CSI driver during NodePublishVolume calls. These tokens enable workload identity federation (WIF) with cloud providers such as AWS, Azure, and GCP. When empty, the operator clears all tokenRequests from the CSIDriver object.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.SecretsStoreTokenRequest" + }, + "x-kubernetes-list-map-keys": [ + "audience" + ], + "x-kubernetes-list-type": "map" + } + } + }, "com.github.openshift.api.operator.v1.MyOperatorResource": { "description": "MyOperatorResource is an example operator configuration type\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", @@ -36627,6 +37042,92 @@ } } }, + "com.github.openshift.api.operator.v1.SecretsStoreCSIDriverConfigSpec": { + "description": "SecretsStoreCSIDriverConfigSpec defines properties that can be configured for the Secrets Store CSI driver.", + "type": "object", + "properties": { + "secretRotation": { + "description": "secretRotation controls automatic secret rotation behavior. When omitted, secret rotation is enabled with a default poll interval of 2 minutes.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.SecretsStoreSecretRotation" + }, + "tokenRequests": { + "description": "tokenRequests controls service account token configuration for workload identity federation (WIF) with cloud providers. When omitted, the operator preserves any existing tokenRequests already configured on the CSIDriver object without modification.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.SecretsStoreTokenRequests" + } + } + }, + "com.github.openshift.api.operator.v1.SecretsStoreSecretRotation": { + "description": "SecretsStoreSecretRotation configures the automatic secret rotation behavior for the Secrets Store CSI driver.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "custom": { + "description": "custom holds the custom rotation configuration. Only valid when type is \"Custom\".", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.CustomSecretRotation" + }, + "type": { + "description": "type determines the secret rotation behavior. When \"None\", secret rotation is disabled and secrets are only fetched at initial pod mount time. When \"Custom\", secret rotation is enabled with the configuration specified in the custom field.", + "type": "string" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "custom": "Custom" + } + } + ] + }, + "com.github.openshift.api.operator.v1.SecretsStoreTokenRequest": { + "description": "SecretsStoreTokenRequest specifies a service account token audience configuration for workload identity federation (WIF) with the Secrets Store CSI driver.", + "type": "object", + "required": [ + "audience" + ], + "properties": { + "audience": { + "description": "audience is the intended audience of the service account token. An empty string means the issued token will use the kube-apiserver's default APIAudiences.", + "type": "string" + }, + "expirationSeconds": { + "description": "expirationSeconds is the requested duration of validity of the service account token. The token issuer may return a token with a different validity duration. When omitted, the token expiration is determined by the kube-apiserver. Must be at least 600 seconds (10 minutes) and no more than 315360000 seconds (~10 years).", + "type": "integer", + "format": "int32" + } + } + }, + "com.github.openshift.api.operator.v1.SecretsStoreTokenRequests": { + "description": "SecretsStoreTokenRequests configures how service account tokens are provided to the Secrets Store CSI driver for workload identity federation.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "managed": { + "description": "managed holds configuration for operator-managed tokenRequests. Only valid when type is \"Managed\".", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ManagedTokenRequests" + }, + "type": { + "description": "type determines how the operator manages tokenRequests on the CSIDriver object. When \"Unmanaged\", existing tokenRequests on the CSIDriver are preserved and the managed field is not used. When \"Managed\", the operator sets tokenRequests from the audiences specified in the managed field, replacing any previously configured values. Once set to \"Managed\", type cannot be reverted back to \"Unmanaged\".", + "type": "string" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "managed": "Managed" + } + } + ] + }, "com.github.openshift.api.operator.v1.Server": { "description": "Server defines the schema for a server that runs per instance of CoreDNS.", "type": "object", diff --git a/payload-manifests/crds/0000_20_crd-compatibility-checker_01_compatibilityrequirements.crd.yaml b/payload-manifests/crds/0000_20_crd-compatibility-checker_01_compatibilityrequirements.crd.yaml index 65283027f51..2e0218565cd 100644 --- a/payload-manifests/crds/0000_20_crd-compatibility-checker_01_compatibilityrequirements.crd.yaml +++ b/payload-manifests/crds/0000_20_crd-compatibility-checker_01_compatibilityrequirements.crd.yaml @@ -17,6 +17,530 @@ spec: singular: compatibilityrequirement scope: Cluster versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + CompatibilityRequirement expresses a set of requirements on a target CRD. + It is used to ensure compatibility between different actors using the same + CRD. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Compatibility Requirement. + properties: + compatibilitySchema: + description: |- + compatibilitySchema defines the schema used by + customResourceDefinitionSchemaValidation and objectSchemaValidation. + This field is required. + properties: + customResourceDefinition: + description: |- + customResourceDefinition contains the complete definition of the CRD for schema and object validation purposes. + This field is required. + properties: + data: + description: |- + data contains the complete definition of the CRD. This field must be in + the format specified by the type field. It may not be longer than 1572864 + characters. + This field is required. + maxLength: 1572864 + minLength: 1 + type: string + type: + description: |- + type indicates the type of the CRD data. The only supported type is "YAML". + This field is required. + enum: + - YAML + type: string + required: + - data + - type + type: object + excludedFields: + description: |- + excludedFields is a set of fields in the schema which will not be validated by + crdSchemaValidation or objectSchemaValidation. + The list may contain at most 64 fields. + Each path in the list must be unique. + When not specified, all fields in the schema will be validated. + items: + description: |- + APIExcludedField describes a field in the schema which will not be validated by + crdSchemaValidation or objectSchemaValidation. + properties: + path: + description: |- + path is the path to the field in the schema. + Paths are dot-separated field names (e.g., "fieldA.fieldB.fieldC") representing nested object fields. + If part of the path is a slice (e.g., "status.conditions") the remaining path is applied to all items in the slice + (e.g., "status.conditions.lastTransitionTimestamp"). + Each field name must be a valid Kubernetes CRD field name: start with a letter, contain only + letters, digits, and underscores, and be between 1 and 63 characters in length. + A path may contain at most 16 fields. + maxLength: 1023 + minLength: 1 + type: string + x-kubernetes-validations: + - message: There may be at most 16 fields in the path. + rule: self.split('.').size() <= 16 + - message: path must be dot-separated field names, each + starting with a letter and containing only letters, + digits, and underscores not exceeding 63 characters. + There may be at most 16 fields in the path. + rule: self.split('.', 16).all(f, f.matches('^[a-zA-Z][a-zA-Z0-9_]{0,62}$')) + versions: + description: |- + versions are the API versions the field is excluded from. + When not specified, the field is excluded from all versions. + + Each item must be at most 63 characters in length, and must must + consist of only lowercase alphanumeric characters and hyphens, and must + start with an alphabetic character and end with an alphanumeric + character. + At most 32 versions may be specified. + items: + description: APIVersionString is a string representing + a kubernetes API version. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: It must contain only lower-case alphanumeric + characters and hyphens and must start with an alphabetic + character and end with an alphanumeric character + rule: '!format.dns1035Label().validate(self).hasValue()' + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-type: set + required: + - path + - versions + type: object + maxItems: 64 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: each path in the list must be unique. + rule: self.all(x, self.exists_one(y, y.path == x.path)) + requiredVersions: + description: |- + requiredVersions specifies a subset of the CRD's API versions which will be asserted for compatibility. + This field is required. + properties: + additionalVersions: + description: |- + additionalVersions specifies a set api versions to require in addition to + the default selection. It is explicitly permitted to specify a version in + additionalVersions which was also selected by the default selection. The + selections will be merged and deduplicated. + + Each item must be at most 63 characters in length, and must must consist + of only lowercase alphanumeric characters and hyphens, and must start + with an alphabetic character and end with an alphanumeric character.// with an alphabetic character and end with an alphanumeric character. + At most 32 additional versions may be specified. + items: + description: APIVersionString is a string representing a + kubernetes API version. + maxLength: 63 + minLength: 1 + type: string + x-kubernetes-validations: + - message: It must contain only lower-case alphanumeric + characters and hyphens and must start with an alphabetic + character and end with an alphanumeric character + rule: '!format.dns1035Label().validate(self).hasValue()' + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-type: set + defaultSelection: + description: |- + defaultSelection specifies a method for automatically selecting a set of + versions to require. + + Valid options are StorageOnly and AllServed. + When set to StorageOnly, only the storage version is selected for + compatibility assessment. + When set to AllServed, all served versions are selected for compatibility + assessment. + + This field is required. + enum: + - StorageOnly + - AllServed + type: string + required: + - defaultSelection + type: object + x-kubernetes-validations: + - message: additionalVersions may not be defined when defaultSelection + is 'AllServed' + rule: self.defaultSelection != 'AllServed' || !has(self.additionalVersions) + required: + - customResourceDefinition + - requiredVersions + type: object + customResourceDefinitionSchemaValidation: + description: |- + customResourceDefinitionSchemaValidation ensures that updates to the + installed CRD are compatible with this compatibility requirement. If not + specified, admission of the target CRD will not be validated. + This field is optional. + properties: + action: + description: |- + action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). + Valid options are Deny and Warn. + When set to Deny, incompatible CRDs will be rejected and not admitted to the cluster. + When set to Warn, incompatible CRDs will be allowed but a warning will be generated in the API response. + This field is required. + enum: + - Deny + - Warn + type: string + required: + - action + type: object + objectSchemaValidation: + description: |- + objectSchemaValidation ensures that matching resources conform to + compatibilitySchema. If not specified, admission of matching resources + will not be validated. + This field is optional. + properties: + action: + description: |- + action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). + Valid options are Deny and Warn. + When set to Deny, incompatible Objects will be rejected and not admitted to the cluster. + When set to Warn, incompatible Objects will be allowed but a warning will be generated in the API response. + This field is required. + enum: + - Deny + - Warn + type: string + matchConditions: + description: |- + matchConditions defines the matchConditions field of the resulting ValidatingWebhookConfiguration. + When present, must contain between 1 and 64 match conditions. + When not specified, the webhook will match all requests according to its other selectors. + items: + description: MatchCondition represents a condition which must + by fulfilled for a request to be sent to a webhook. + properties: + expression: + description: |- + Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. + CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables: + + 'object' - The object from the incoming request. The value is null for DELETE requests. + 'oldObject' - The existing object. The value is null for CREATE requests. + 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). + 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request. + See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz + 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the + request resource. + Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ + + Required. + type: string + name: + description: |- + Name is an identifier for this match condition, used for strategic merging of MatchConditions, + as well as providing an identifier for logging purposes. A good name should be descriptive of + the associated expression. + Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and + must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or + '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an + optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName') + + Required. + type: string + required: + - expression + - name + type: object + maxItems: 64 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + namespaceSelector: + description: |- + namespaceSelector defines a label selector for namespaces. If defined, + only objects in a namespace with matching labels will be subject to + validation. When not specified, objects for validation will not be + filtered by namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + x-kubernetes-validations: + - message: must have at least one of matchLabels or matchExpressions + when specified + rule: size(self.matchLabels) > 0 || size(self.matchExpressions) + > 0 + objectSelector: + description: |- + objectSelector defines a label selector for objects. If defined, only + objects with matching labels will be subject to validation. When not + specified, objects for validation will not be filtered by label. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + x-kubernetes-validations: + - message: must have at least one of matchLabels or matchExpressions + when specified + rule: size(self.matchLabels) > 0 || size(self.matchExpressions) + > 0 + required: + - action + type: object + required: + - compatibilitySchema + type: object + status: + description: status is the most recently observed status of the Compatibility + Requirement. + minProperties: 1 + properties: + conditions: + description: |- + conditions is a list of conditions and their status. + Known condition types are Progressing, Admitted, and Compatible. + + The Progressing condition indicates if reconciliation of a CompatibilityRequirement is still + progressing or has finished. + + The Admitted condition indicates if the validating webhook has been configured. + + The Compatible condition indicates if the observed CRD is compatible with the requirement. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + crdName: + description: |- + crdName is the name of the target CRD. The target CRD is not required to + exist, as we may legitimately place requirements on it before it is + created. The observed CRD is given in status.observedCRD, which will be + empty if no CRD is observed. + When present, must be between 1 and 253 characters and conform to RFC 1123 subdomain format: + lowercase alphanumeric characters, '-' or '.', starting and ending with alphanumeric characters. + When not specified, the requirement applies to any CRD name discovered from the compatibility schema. + This field is optional. Once set, the value cannot be changed and must always remain set. + maxLength: 253 + minLength: 1 + type: string + x-kubernetes-validations: + - message: a lowercase RFC 1123 subdomain must consist of lower case + alphanumeric characters, '-' or '.', and must start and end with + an alphanumeric character. + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + observedCRD: + description: |- + observedCRD documents the uid and generation of the CRD object when the current status was written. + This field will be omitted if the target CRD does not exist or could not be retrieved. + properties: + generation: + description: |- + generation is the observed generation of the CRD. + Must be a positive integer (minimum value of 1). + format: int64 + minimum: 1 + type: integer + uid: + description: |- + uid is the uid of the observed CRD. + Must be a valid UUID consisting of lowercase hexadecimal digits in 5 hyphenated blocks (8-4-4-4-12 format). + Length must be between 1 and 36 characters. + format: uuid + maxLength: 36 + minLength: 1 + type: string + required: + - generation + - uid + type: object + x-kubernetes-validations: + - message: generation may only increase on the same CRD + rule: oldSelf.uid != self.uid || self.generation >= oldSelf.generation + type: object + x-kubernetes-validations: + - message: crdName cannot be changed once set + rule: '!has(oldSelf.crdName) || has(self.crdName) && oldSelf.crdName + == self.crdName' + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} - name: v1alpha1 schema: openAPIV3Schema: @@ -538,6 +1062,6 @@ spec: - spec type: object served: true - storage: true + storage: false subresources: status: {}