Documentation ¶
Overview ¶
Package v1beta1 contains the HyperShift API.
The HyperShift API enables creating and managing lightweight, flexible, heterogeneous OpenShift clusters at scale.
HyperShift clusters are deployed in a topology which isolates the "control plane" (e.g. etcd, the API server, controller manager, etc.) from the "data plane" (e.g. worker nodes and their kubelets, and the infrastructure on which they run). This enables "hosted control plane as a service" use cases.
+kubebuilder:object:generate=true +groupName=hypershift.openshift.io
Package v1alpha1 contains API Schema definitions for the hypershift.openshift.io v1alpha1 API group +kubebuilder:object:generate=true +groupName=hypershift.openshift.io
Index ¶
- Constants
- Variables
- type AESCBCSpec
- type APIEndpoint
- type APIServerNetworking
- type AWSCloudProviderConfig
- type AWSEndpointAccessType
- type AWSEndpointService
- type AWSEndpointServiceList
- type AWSEndpointServiceSpec
- type AWSEndpointServiceStatus
- type AWSKMSAuthSpec
- type AWSKMSKeyEntry
- type AWSKMSSpec
- type AWSNodePoolPlatform
- type AWSPlatformSpec
- type AWSPlatformStatus
- type AWSResourceReference
- type AWSResourceTag
- type AWSRoleCredentials
- type AWSRolesRef
- type AWSServiceEndpoint
- type AgentNodePoolPlatform
- type AgentPlatformSpec
- type AvailabilityPolicy
- type AzureNodePoolPlatform
- type AzurePlatformSpec
- type CIDRBlock
- type ClusterAutoscaling
- type ClusterConfiguration
- func (c *ClusterConfiguration) GetAPIServer() *configv1.APIServerSpec
- func (c *ClusterConfiguration) GetAuthentication() *configv1.AuthenticationSpec
- func (c *ClusterConfiguration) GetFeatureGate() *configv1.FeatureGateSpec
- func (c *ClusterConfiguration) GetImage() *configv1.ImageSpec
- func (c *ClusterConfiguration) GetIngress() *configv1.IngressSpec
- func (c *ClusterConfiguration) GetNetwork() *configv1.NetworkSpec
- func (c *ClusterConfiguration) GetOAuth() *configv1.OAuthSpec
- func (c *ClusterConfiguration) GetProxy() *configv1.ProxySpec
- func (c *ClusterConfiguration) GetScheduler() *configv1.SchedulerSpec
- type ClusterNetworkEntry
- type ClusterNetworking
- type ClusterVersionStatus
- type ConditionType
- type DNSSpec
- type EtcdManagementType
- type EtcdSpec
- type EtcdTLSConfig
- type Filter
- type HostedCluster
- type HostedClusterList
- type HostedClusterSpec
- type HostedClusterStatus
- type HostedControlPlane
- type HostedControlPlaneList
- type HostedControlPlaneSpec
- type HostedControlPlaneStatus
- type IBMCloudKMSAuthSpec
- type IBMCloudKMSAuthType
- type IBMCloudKMSKeyEntry
- type IBMCloudKMSManagedAuthSpec
- type IBMCloudKMSSpec
- type IBMCloudKMSUnmanagedAuthSpec
- type IBMCloudPlatformSpec
- type ImageContentSource
- type InPlaceUpgrade
- type KMSProvider
- type KMSSpec
- type KubeconfigSecretRef
- type KubevirtCompute
- type KubevirtDiskImage
- type KubevirtNodePoolPlatform
- type KubevirtPersistentVolume
- type KubevirtPlatformCredentials
- type KubevirtPlatformSpec
- type KubevirtRootVolume
- type KubevirtVolume
- type KubevirtVolumeType
- type LoadBalancerPublishingStrategy
- type MachineNetworkEntry
- type ManagedEtcdSpec
- type ManagedEtcdStorageSpec
- type ManagedEtcdStorageType
- type NetworkType
- type NodePool
- type NodePoolAutoScaling
- type NodePoolCondition
- type NodePoolList
- type NodePoolManagement
- type NodePoolPlatform
- type NodePoolSpec
- type NodePoolStatus
- type NodePortPublishingStrategy
- type OLMCatalogPlacement
- type PersistentVolumeAccessMode
- type PersistentVolumeEtcdStorageSpec
- type PlatformSpec
- type PlatformStatus
- type PlatformType
- type PowerVSNodePoolImageDeletePolicy
- type PowerVSNodePoolPlatform
- type PowerVSNodePoolProcType
- type PowerVSNodePoolStorageType
- type PowerVSPlatformSpec
- type PowerVSResourceReference
- type PowerVSVPC
- type PublishingStrategyType
- type Release
- type ReplaceUpgrade
- type RollingUpdate
- type RoutePublishingStrategy
- type SecretEncryptionSpec
- type SecretEncryptionType
- type ServiceNetworkEntry
- type ServicePublishingStrategy
- type ServicePublishingStrategyMapping
- type ServiceType
- type Taint
- type UnmanagedEtcdSpec
- type UpgradeStrategy
- type UpgradeType
- type VSphereDiskType
- type VSphereNodePoolPlatform
- type VSpherePlatformSpec
- type Volume
Constants ¶
const ( // AWSEndpointServiceAvailable indicates whether the AWS Endpoint Service // has been created for the specified NLB in the management VPC AWSEndpointServiceAvailable ConditionType = "AWSEndpointServiceAvailable" // AWSEndpointServiceAvailable indicates whether the AWS Endpoint has been // created in the guest VPC AWSEndpointAvailable ConditionType = "AWSEndpointAvailable" AWSSuccessReason string = "AWSSuccess" AWSErrorReason string = "AWSError" )
The following are reasons for the IgnitionEndpointAvailable condition.
const ( StatusUnknownReason = "StatusUnknown" AsExpectedReason = "AsExpected" NotFoundReason = "NotFound" WaitingForAvailableReason = "waitingForAvailable" SecretNotFoundReason = "SecretNotFound" InfraStatusFailureReason = "InfraStatusFailure" WaitingOnInfrastructureReadyReason = "WaitingOnInfrastructureReady" EtcdQuorumAvailableReason = "QuorumAvailable" EtcdWaitingForQuorumReason = "EtcdWaitingForQuorum" EtcdStatefulSetNotFoundReason = "StatefulSetNotFound" UnmanagedEtcdMisconfiguredReason = "UnmanagedEtcdMisconfigured" UnmanagedEtcdAsExpected = "UnmanagedEtcdAsExpected" FromClusterVersionReason = "FromClusterVersion" InvalidConfigurationReason = "InvalidConfiguration" KubeconfigWaitingForCreateReason = "KubeconfigWaitingForCreate" UnsupportedHostedClusterReason = "UnsupportedHostedCluster" InsufficientClusterCapabilitiesReason = "InsufficientClusterCapabilities" OIDCConfigurationInvalidReason = "OIDCConfigurationInvalid" PlatformCredentialsNotFoundReason = "PlatformCredentialsNotFound" InvalidImageReason = "InvalidImage" InvalidIdentityProvider = "InvalidIdentityProvider" InvalidIAMRoleReason = "InvalidIAMRole" ExternalDNSHostNotReachableReason = "ExternalDNSHostNotReachable" KASLoadBalancerNotReachableReason = "KASLoadBalancerNotReachable" MissingReleaseImagesReason = "MissingReleaseImages" ReconciliationPausedConditionReason = "ReconciliationPaused" ReconciliationInvalidPausedUntilConditionReason = "InvalidPausedUntilValue" )
Reasons.
const ( // AuditWebhookKubeconfigKey is the key name in the AuditWebhook secret that stores audit webhook kubeconfig AuditWebhookKubeconfigKey = "webhook-kubeconfig" DisablePKIReconciliationAnnotation = "hypershift.openshift.io/disable-pki-reconciliation" IdentityProviderOverridesAnnotationPrefix = "idpoverrides.hypershift.openshift.io/" OauthLoginURLOverrideAnnotation = "oauth.hypershift.openshift.io/login-url-override" // KonnectivityServerImageAnnotation is a temporary annotation that allows the specification of the konnectivity server image. // This will be removed when Konnectivity is added to the Openshift release payload KonnectivityServerImageAnnotation = "hypershift.openshift.io/konnectivity-server-image" // KonnectivityAgentImageAnnotation is a temporary annotation that allows the specification of the konnectivity agent image. // This will be removed when Konnectivity is added to the Openshift release payload KonnectivityAgentImageAnnotation = "hypershift.openshift.io/konnectivity-agent-image" // ControlPlaneOperatorImageAnnotation is a annotation that allows the specification of the control plane operator image. // This is used for development and e2e workflows ControlPlaneOperatorImageAnnotation = "hypershift.openshift.io/control-plane-operator-image" // RestartDateAnnotation is a annotation that can be used to trigger a rolling restart of all components managed by hypershift. // it is important in some situations like CA rotation where components need to be fully restarted to pick up new CAs. It's also // important in some recovery situations where a fresh start of the component helps fix symptoms a user might be experiencing. RestartDateAnnotation = "hypershift.openshift.io/restart-date" // ReleaseImageAnnotation is an annotation that can be used to see what release image a given deployment is tied to ReleaseImageAnnotation = "hypershift.openshift.io/release-image" // ClusterAPIManagerImage is an annotation that allows the specification of the cluster api manager image. // This is a temporary workaround necessary for compliance reasons on the IBM Cloud side: // no images can be pulled from registries outside of IBM Cloud's official regional registries ClusterAPIManagerImage = "hypershift.openshift.io/capi-manager-image" // ClusterAutoscalerImage is an annotation that allows the specification of the cluster autoscaler image. // This is a temporary workaround necessary for compliance reasons on the IBM Cloud side: // no images can be pulled from registries outside of IBM Cloud's official regional registries ClusterAutoscalerImage = "hypershift.openshift.io/cluster-autoscaler-image" // AWSKMSProviderImage is an annotation that allows the specification of the AWS kms provider image. // Upstream code located at: https://github.com/kubernetes-sigs/aws-encryption-provider AWSKMSProviderImage = "hypershift.openshift.io/aws-kms-provider-image" // IBMCloudKMSProviderImage is an annotation that allows the specification of the IBM Cloud kms provider image. IBMCloudKMSProviderImage = "hypershift.openshift.io/ibmcloud-kms-provider-image" // PortierisImageAnnotation is an annotation that allows the specification of the portieries component // (performs container image verification). PortierisImageAnnotation = "hypershift.openshift.io/portieris-image" // Configure ingress controller with endpoint publishing strategy as Private. // This overrides any opinionated strategy set by platform in ReconcileDefaultIngressController. // It's used by IBM cloud to support ingress endpoint publishing strategy scope // NOTE: We'll expose this in the API if the use case gets generalised. PrivateIngressControllerAnnotation = "hypershift.openshift.io/private-ingress-controller" // ClusterAPIProviderAWSImage overrides the CAPI AWS provider image to use for // a HostedControlPlane. ClusterAPIProviderAWSImage = "hypershift.openshift.io/capi-provider-aws-image" // ClusterAPIKubeVirtProviderImage overrides the CAPI KubeVirt provider image to use for // a HostedControlPlane. ClusterAPIKubeVirtProviderImage = "hypershift.openshift.io/capi-provider-kubevirt-image" // ClusterAPIAgentProviderImage overrides the CAPI Agent provider image to use for // a HostedControlPlane. ClusterAPIAgentProviderImage = "hypershift.openshift.io/capi-provider-agent-image" // ClusterAPIAzureProviderImage overrides the CAPI Azure provider image to use for // a HostedControlPlane. ClusterAPIAzureProviderImage = "hypershift.openshift.io/capi-provider-azure-image" // ClusterAPIPowerVSProviderImage overrides the CAPI PowerVS provider image to use for // a HostedControlPlane. ClusterAPIPowerVSProviderImage = "hypershift.openshift.io/capi-provider-powervs-image" // ClusterAPIVSphereProviderImage overrides the CAPI VSphere provider image to use for // a HostedControlPlane. ClusterAPIVSphereProviderImage = "hypershift.openshift.io/capi-provider-vsphere-image" // AESCBCKeySecretKey defines the Kubernetes secret key name that contains the aescbc encryption key // in the AESCBC secret encryption strategy AESCBCKeySecretKey = "key" // IBMCloudIAMAPIKeySecretKey defines the Kubernetes secret key name that contains // the customer IBMCloud apikey in the unmanaged authentication strategy for IBMCloud KMS secret encryption IBMCloudIAMAPIKeySecretKey = "iam_apikey" // AWSCredentialsFileSecretKey defines the Kubernetes secret key name that contains // the customer AWS credentials in the unmanaged authentication strategy for AWS KMS secret encryption AWSCredentialsFileSecretKey = "credentials" // ControlPlaneComponent identifies a resource as belonging to a hosted control plane. ControlPlaneComponent = "hypershift.openshift.io/control-plane-component" // OperatorComponent identifies a component as belonging to the operator. OperatorComponent = "hypershift.openshift.io/operator-component" // MachineApproverImage is an annotation that allows the specification of the machine approver image. // This is a temporary workaround necessary for compliance reasons on the IBM Cloud side: // no images can be pulled from registries outside of IBM Cloud's official regional registries MachineApproverImage = "hypershift.openshift.io/machine-approver-image" // ExternalDNSHostnameAnnotation is the annotation external-dns uses to register DNS name for different HCP services. ExternalDNSHostnameAnnotation = "external-dns.alpha.kubernetes.io/hostname" // ForceUpgradeToAnnotation is the annotation that forces HostedCluster upgrade even if the underlying ClusterVersion // is reporting it is not Upgradeable. The annotation value must be set to the release image being forced. ForceUpgradeToAnnotation = "hypershift.openshift.io/force-upgrade-to" // ServiceAccountSigningKeySecretKey is the name of the secret key that should contain the service account signing // key if specified. ServiceAccountSigningKeySecretKey = "key" // DisableProfilingAnnotation is the annotation that allows disabling profiling for control plane components. // Any components specified in this list will have profiling disabled. Profiling is disabled by default for etcd and konnectivity. // Components this annotation can apply to: kube-scheduler, kube-controller-manager, kube-apiserver. DisableProfilingAnnotation = "hypershift.openshift.io/disable-profiling" // CleanupCloudResourcesAnnotation is an annotation that indicates whether a guest cluster's resources should be // removed when deleting the corresponding HostedCluster. If set to "true", resources created on the cloud provider during the life // of the cluster will be removed, including image registry storage, ingress dns records, load balancers, and persistent storage. CleanupCloudResourcesAnnotation = "hypershift.openshift.io/cleanup-cloud-resources" // ResourceRequestOverrideAnnotationPrefix is a prefix for an annotation to override resource requests for a particular deployment/container // in a hosted control plane. The format of the annotation is: // resource-request-override.hypershift.openshift.io/[deployment-name].[container-name]: [resource-type-1]=[value1],[resource-type-2]=[value2],... // For example, to override the memory and cpu request for the Kubernetes APIServer: // resource-request-override.hypershift.openshift.io/kube-apiserver.kube-apiserver: memory=3Gi,cpu=2000m ResourceRequestOverrideAnnotationPrefix = "resource-request-override.hypershift.openshift.io" // LimitedSupportLabel is a label that can be used by consumers to indicate // a cluster is somehow out of regular support policy. // https://docs.openshift.com/rosa/rosa_architecture/rosa_policy_service_definition/rosa-service-definition.html#rosa-limited-support_rosa-service-definition. LimitedSupportLabel = "hypershift.openshift.io/limited-support" // SilenceClusterAlertsLabel is a label that can be used by consumers to indicate // alerts from a cluster can be silenced or ignored SilenceClusterAlertsLabel = "hypershift.openshift.io/silence-cluster-alerts" // KubeVirtInfraCredentialsSecretName is a name of the secret in the hosted control plane namespace containing the kubeconfig // of an external infrastructure cluster for kubevirt provider KubeVirtInfraCredentialsSecretName = "kubevirt-infra-credentials" // InfraIDLabel is a label that indicates the hosted cluster's infra id // that the resource is associated with. InfraIDLabel = "hypershift.openshift.io/infra-id" // NodePoolNameLabel is a label that indicates the name of the node pool // a resource is associated with NodePoolNameLabel = "hypershift.openshift.io/nodepool-name" // RouteVisibilityLabel is a label that can be used by external-dns to filter routes // it should not consider for name registration RouteVisibilityLabel = "hypershift.openshift.io/route-visibility" // RouteVisibilityPrivate is a value for RouteVisibilityLabel that will result // in the labeled route being ignored by external-dns RouteVisibilityPrivate = "private" )
const ( // NodePoolValidGeneratedPayloadConditionType signals if the ignition sever generated an ignition payload successfully for Nodes in that pool. // A failure here often means a software bug or a non-stable cluster. NodePoolValidGeneratedPayloadConditionType = "ValidGeneratedPayload" // NodePoolValidPlatformImageType signals if an OS image e.g. an AMI was found successfully based on the consumer input e.g. releaseImage. // If the image is direct user input then this condition is meaningless. // A failure here is unlikely to resolve without the changing user input. NodePoolValidPlatformImageType = "ValidPlatformImage" // NodePoolValidReleaseImageConditionType signals if the input in nodePool.spec.release.image is valid. // A failure here is unlikely to resolve without the changing user input. NodePoolValidReleaseImageConditionType = "ValidReleaseImage" // NodePoolValidMachineConfigConditionType signals if the content within nodePool.spec.config is valid. // A failure here is unlikely to resolve without the changing user input. NodePoolValidMachineConfigConditionType = "ValidMachineConfig" // NodePoolValidTuningConfigConditionType signals if the content within nodePool.spec.tuningConfig is valid. // A failure here is unlikely to resolve without the changing user input. NodePoolValidTuningConfigConditionType = "ValidTuningConfig" // NodePoolUpdateManagementEnabledConditionType signals if the nodePool.spec.management input is valid. // A failure here is unlikely to resolve without the changing user input. NodePoolUpdateManagementEnabledConditionType = "UpdateManagementEnabled" // NodePoolAutoscalingEnabledConditionType signals if nodePool.spec.replicas and nodePool.spec.AutoScaling input is valid. // A failure here is unlikely to resolve without the changing user input. NodePoolAutoscalingEnabledConditionType = "AutoscalingEnabled" // NodePoolAutorepairEnabledConditionType signals if MachineHealthChecks resources were created successfully. // A failure here often means a software bug or a non-stable cluster. NodePoolAutorepairEnabledConditionType = "AutorepairEnabled" // NodePoolUpdatingVersionConditionType signals if a version update is currently happening in NodePool. NodePoolUpdatingVersionConditionType = "UpdatingVersion" // NodePoolUpdatingConfigConditionType signals if a config update is currently happening in NodePool. NodePoolUpdatingConfigConditionType = "UpdatingConfig" // NodePoolReadyConditionType bubbles up CAPI MachineDeployment/MachineSet Ready condition. // This is true when all replicas are ready Nodes. // When this is false for too long, NodePoolAllMachinesReadyConditionType and NodePoolAllNodesHealthyConditionType might provide more context. NodePoolReadyConditionType = "Ready" // NodePoolAllMachinesReadyConditionType bubbles up and aggregates CAPI Machine Ready condition. // It signals when the infrastructure for a Machine resource was created successfully. // https://github.com/kubernetes-sigs/cluster-api/blob/main/api/v1beta1/condition_consts.go // A failure here may require external user intervention to resolve. E.g. hitting quotas on the cloud provider. NodePoolAllMachinesReadyConditionType = "AllMachinesReady" // NodePoolAllNodesHealthyConditionType bubbles up and aggregates CAPI NodeHealthy condition. // It signals when the Node for a Machine resource is healthy. // https://github.com/kubernetes-sigs/cluster-api/blob/main/api/v1beta1/condition_consts.go // A failure here often means a software bug or a non-stable cluster. NodePoolAllNodesHealthyConditionType = "AllNodesHealthy" // NodePoolReconciliationActiveConditionType signals the state of nodePool.spec.pausedUntil. NodePoolReconciliationActiveConditionType = "ReconciliationActive" // NodePoolReachedIgnitionEndpoint signals if at least an instance was able to reach the ignition endpoint to get the payload. // When this is false for too long it may require external user intervention to resolve. E.g. Enable AWS security groups to enable networking access. NodePoolReachedIgnitionEndpoint = "ReachedIgnitionEndpoint" // NodePoolAWSSecurityGroupAvailableConditionType signals whether the NodePool has an available security group to use. // If the security group is specified for the NodePool, this condition is always true. If no security group is specified // for the NodePool, the status of this condition depends on the availability of the default security group in the HostedCluster. NodePoolAWSSecurityGroupAvailableConditionType = "AWSSecurityGroupAvailable" )
Conditions
const ( NodePoolValidationFailedReason = "ValidationFailed" NodePoolInplaceUpgradeFailedReason = "InplaceUpgradeFailed" NodePoolNotFoundReason = "NotFound" NodePoolFailedToGetReason = "FailedToGet" IgnitionEndpointMissingReason = "IgnitionEndpointMissing" IgnitionCACertMissingReason = "IgnitionCACertMissing" IgnitionNotReached = "ignitionNotReached" DefaultAWSSecurityGroupNotReadyReason = "DefaultSGNotReady" )
Reasons
const ( // NodePoolLabel is used to label Nodes. NodePoolLabel = "hypershift.openshift.io/nodePool" // IgnitionServerTokenExpirationTimestampAnnotation holds the time that a ignition token expires and should be // removed from the cluster. IgnitionServerTokenExpirationTimestampAnnotation = "hypershift.openshift.io/ignition-token-expiration-timestamp" )
const ( // UpgradeTypeReplace is a strategy which replaces nodes using surge node // capacity. UpgradeTypeReplace = UpgradeType("Replace") // UpgradeTypeInPlace is a strategy which replaces nodes in-place with no // additional node capacity requirements. UpgradeTypeInPlace = UpgradeType("InPlace") )
const ( // UpgradeStrategyRollingUpdate means use a rolling update for nodes. UpgradeStrategyRollingUpdate = UpgradeStrategy("RollingUpdate") // UpgradeStrategyOnDelete replaces old nodes when the deletion of the // associated node instances are completed. UpgradeStrategyOnDelete = UpgradeStrategy("OnDelete") )
const ( // PowerVSNodePoolDedicatedProcType defines dedicated processor type PowerVSNodePoolDedicatedProcType = PowerVSNodePoolProcType("dedicated") PowerVSNodePoolSharedProcType = PowerVSNodePoolProcType("shared") // PowerVSNodePoolCappedProcType defines capped processor type PowerVSNodePoolCappedProcType = PowerVSNodePoolProcType("capped") )
const (
// AllIsWellMessage is standard message.
AllIsWellMessage = "All is well"
)
Messages.
Variables ¶
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: "hypershift.openshift.io", Version: "v1beta1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
var (
DefaultPersistentVolumeEtcdStorageSize resource.Quantity = resource.MustParse("8Gi")
)
Functions ¶
This section is empty.
Types ¶
type AESCBCSpec ¶
type AESCBCSpec struct { // ActiveKey defines the active key used to encrypt new secrets ActiveKey corev1.LocalObjectReference `json:"activeKey"` // BackupKey defines the old key during the rotation process so previously created // secrets can continue to be decrypted until they are all re-encrypted with the active key. // +optional BackupKey *corev1.LocalObjectReference `json:"backupKey,omitempty"` }
AESCBCSpec defines metadata about the AESCBC secret encryption strategy
type APIEndpoint ¶
type APIServerNetworking ¶
type APIServerNetworking struct { // AdvertiseAddress is the address that nodes will use to talk to the API // server. This is an address associated with the loopback adapter of each // node. If not specified, 172.20.0.1 is used. AdvertiseAddress *string `json:"advertiseAddress,omitempty"` // Port is the port at which the APIServer is exposed inside a node. Other // pods using host networking cannot listen on this port. If not specified, // 6443 is used. Port *int32 `json:"port,omitempty"` // AllowedCIDRBlocks is an allow list of CIDR blocks that can access the APIServer // If not specified, traffic is allowed from all addresses. // This depends on underlying support by the cloud provider for Service LoadBalancerSourceRanges AllowedCIDRBlocks []CIDRBlock `json:"allowedCIDRBlocks,omitempty"` }
APIServerNetworking specifies how the APIServer is exposed inside a cluster node.
type AWSCloudProviderConfig ¶
type AWSCloudProviderConfig struct { // Subnet is the subnet to use for control plane cloud resources. // // +optional Subnet *AWSResourceReference `json:"subnet,omitempty"` // Zone is the availability zone where control plane cloud resources are // created. // // +optional Zone string `json:"zone,omitempty"` // VPC is the VPC to use for control plane cloud resources. VPC string `json:"vpc"` }
AWSCloudProviderConfig specifies AWS networking configuration.
type AWSEndpointAccessType ¶
type AWSEndpointAccessType string
AWSEndpointAccessType specifies the publishing scope of cluster endpoints.
const ( // Public endpoint access allows public API server access and public node // communication with the control plane. Public AWSEndpointAccessType = "Public" // PublicAndPrivate endpoint access allows public API server access and // private node communication with the control plane. PublicAndPrivate AWSEndpointAccessType = "PublicAndPrivate" // Private endpoint access allows only private API server access and private // node communication with the control plane. Private AWSEndpointAccessType = "Private" )
type AWSEndpointService ¶
type AWSEndpointService struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec AWSEndpointServiceSpec `json:"spec,omitempty"` Status AWSEndpointServiceStatus `json:"status,omitempty"` }
+kubebuilder:object:root=true +kubebuilder:resource:path=awsendpointservices,scope=Namespaced +kubebuilder:storageversion +kubebuilder:subresource:status AWSEndpointService specifies a request for an Endpoint Service in AWS
func (*AWSEndpointService) Hub ¶
func (*AWSEndpointService) Hub()
type AWSEndpointServiceList ¶
type AWSEndpointServiceList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []AWSEndpointService `json:"items"` }
+kubebuilder:object:root=true AWSEndpointServiceList contains a list of AWSEndpointService
type AWSEndpointServiceSpec ¶
type AWSEndpointServiceSpec struct { // The name of the NLB for which an Endpoint Service should be configured NetworkLoadBalancerName string `json:"networkLoadBalancerName"` // SubnetIDs is the list of subnet IDs to which guest nodes can attach // +optional SubnetIDs []string `json:"subnetIDs,omitempty"` // Tags to apply to the EndpointService // +optional ResourceTags []AWSResourceTag `json:"resourceTags,omitempty"` }
AWSEndpointServiceSpec defines the desired state of AWSEndpointService
type AWSEndpointServiceStatus ¶
type AWSEndpointServiceStatus struct { // EndpointServiceName is the name of the Endpoint Service created in the // management VPC // +optional EndpointServiceName string `json:"endpointServiceName,omitempty"` // EndpointID is the ID of the Endpoint created in the guest VPC // +optional EndpointID string `json:"endpointID,omitempty"` // DNSName are the names for the records created in the hypershift private zone // +optional DNSNames []string `json:"dnsNames,omitempty"` // DNSZoneID is ID for the hypershift private zone // +optional DNSZoneID string `json:"dnsZoneID,omitempty"` // Conditions contains details for the current state of the Endpoint Service // request If there is an error processing the request e.g. the NLB doesn't // exist, then the Available condition will be false, reason AWSErrorReason, // and the error reported in the message. // // Current condition types are: "Available" // +optional Conditions []metav1.Condition `json:"conditions,omitempty"` }
AWSEndpointServiceStatus defines the observed state of AWSEndpointService
type AWSKMSAuthSpec ¶
type AWSKMSAuthSpec struct { // The referenced role must have a trust relationship that allows it to be assumed via web identity. // https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html. // Example: // { // "Version": "2012-10-17", // "Statement": [ // { // "Effect": "Allow", // "Principal": { // "Federated": "{{ .ProviderARN }}" // }, // "Action": "sts:AssumeRoleWithWebIdentity", // "Condition": { // "StringEquals": { // "{{ .ProviderName }}:sub": {{ .ServiceAccounts }} // } // } // } // ] // } // // AWSKMSARN is an ARN value referencing a role appropriate for managing the auth via the AWS KMS key. // // The following is an example of a valid policy document: // // { // "Version": "2012-10-17", // "Statement": [ // { // "Effect": "Allow", // "Action": [ // "kms:Encrypt", // "kms:Decrypt", // "kms:ReEncrypt*", // "kms:GenerateDataKey*", // "kms:DescribeKey" // ], // "Resource": %q // } // ] // } AWSKMSRoleARN string `json:"awsKms"` }
AWSKMSAuthSpec defines metadata about the management of credentials used to interact and encrypt data via AWS KMS key.
type AWSKMSKeyEntry ¶
type AWSKMSKeyEntry struct { // ARN is the Amazon Resource Name for the encryption key // +kubebuilder:validation:Pattern=`^arn:` ARN string `json:"arn"` }
AWSKMSKeyEntry defines metadata to locate the encryption key in AWS
type AWSKMSSpec ¶
type AWSKMSSpec struct { // Region contains the AWS region Region string `json:"region"` // ActiveKey defines the active key used to encrypt new secrets ActiveKey AWSKMSKeyEntry `json:"activeKey"` // BackupKey defines the old key during the rotation process so previously created // secrets can continue to be decrypted until they are all re-encrypted with the active key. // +optional BackupKey *AWSKMSKeyEntry `json:"backupKey,omitempty"` // Auth defines metadata about the management of credentials used to interact with AWS KMS Auth AWSKMSAuthSpec `json:"auth"` }
AWSKMSSpec defines metadata about the configuration of the AWS KMS Secret Encryption provider
type AWSNodePoolPlatform ¶
type AWSNodePoolPlatform struct { // InstanceType is an ec2 instance type for node instances (e.g. m5.large). InstanceType string `json:"instanceType"` // InstanceProfile is the AWS EC2 instance profile, which is a container for an IAM role that the EC2 instance uses. InstanceProfile string `json:"instanceProfile,omitempty"` // Subnet is the subnet to use for node instances. // // +optional Subnet *AWSResourceReference `json:"subnet,omitempty"` // AMI is the image id to use for node instances. If unspecified, the default // is chosen based on the NodePool release payload image. // // +optional AMI string `json:"ami,omitempty"` // SecurityGroups is an optional set of security groups to associate with node // instances. // // +optional SecurityGroups []AWSResourceReference `json:"securityGroups,omitempty"` // RootVolume specifies configuration for the root volume of node instances. // // +optional RootVolume *Volume `json:"rootVolume,omitempty"` // ResourceTags is an optional list of additional tags to apply to AWS node // instances. // // These will be merged with HostedCluster scoped tags, and HostedCluster tags // take precedence in case of conflicts. // // See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for // information on tagging AWS resources. AWS supports a maximum of 50 tags per // resource. OpenShift reserves 25 tags for its use, leaving 25 tags available // for the user. // // +kubebuilder:validation:MaxItems=25 // +optional ResourceTags []AWSResourceTag `json:"resourceTags,omitempty"` }
AWSNodePoolPlatform specifies the configuration of a NodePool when operating on AWS.
type AWSPlatformSpec ¶
type AWSPlatformSpec struct { // Region is the AWS region in which the cluster resides. This configures the // OCP control plane cloud integrations, and is used by NodePool to resolve // the correct boot AMI for a given release. // // +immutable Region string `json:"region"` // CloudProviderConfig specifies AWS networking configuration for the control // plane. // This is mainly used for cloud provider controller config: // https://github.com/kubernetes/kubernetes/blob/f5be5052e3d0808abb904aebd3218fe4a5c2dd82/staging/src/k8s.io/legacy-cloud-providers/aws/aws.go#L1347-L1364 // TODO(dan): should this be named AWSNetworkConfig? // // +optional // +immutable CloudProviderConfig *AWSCloudProviderConfig `json:"cloudProviderConfig,omitempty"` // ServiceEndpoints specifies optional custom endpoints which will override // the default service endpoint of specific AWS Services. // // There must be only one ServiceEndpoint for a given service name. // // +optional // +immutable ServiceEndpoints []AWSServiceEndpoint `json:"serviceEndpoints,omitempty"` // RolesRef contains references to various AWS IAM roles required to enable // integrations such as OIDC. // // +immutable RolesRef AWSRolesRef `json:"rolesRef"` // ResourceTags is a list of additional tags to apply to AWS resources created // for the cluster. See // https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for // information on tagging AWS resources. AWS supports a maximum of 50 tags per // resource. OpenShift reserves 25 tags for its use, leaving 25 tags available // for the user. // // +kubebuilder:validation:MaxItems=25 // +optional ResourceTags []AWSResourceTag `json:"resourceTags,omitempty"` // EndpointAccess specifies the publishing scope of cluster endpoints. The // default is Public. // // +kubebuilder:validation:Enum=Public;PublicAndPrivate;Private // +kubebuilder:default=Public // +optional EndpointAccess AWSEndpointAccessType `json:"endpointAccess,omitempty"` // AdditionalAllowedPrincipals specifies a list of additional allowed principal ARNs // to be added to the hosted control plane's VPC Endpoint Service to enable additional // VPC Endpoint connection requests to be automatically accepted. // See https://docs.aws.amazon.com/vpc/latest/privatelink/configure-endpoint-service.html // for more details around VPC Endpoint Service allowed principals. // // +optional AdditionalAllowedPrincipals []string `json:"additionalAllowedPrincipals,omitempty"` }
AWSPlatformSpec specifies configuration for clusters running on Amazon Web Services.
type AWSPlatformStatus ¶
type AWSPlatformStatus struct { // DefaultWorkerSecurityGroupID is the ID of a security group created by // the control plane operator. It is used for NodePools that don't specify a // security group. // +optional DefaultWorkerSecurityGroupID string `json:"defaultWorkerSecurityGroupID,omitempty"` }
AWSPlatformStatus contains status specific to the AWS platform
type AWSResourceReference ¶
type AWSResourceReference struct { // ID of resource // +optional ID *string `json:"id,omitempty"` // Filters is a set of key/value pairs used to identify a resource // They are applied according to the rules defined by the AWS API: // https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html // +optional Filters []Filter `json:"filters,omitempty"` }
AWSResourceReference is a reference to a specific AWS resource by ID or filters. Only one of ID or Filters may be specified. Specifying more than one will result in a validation error.
type AWSResourceTag ¶
type AWSResourceTag struct { // Key is the key of the tag. // // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=128 // +kubebuilder:validation:Pattern=`^[0-9A-Za-z_.:/=+-@]+$` Key string `json:"key"` // Value is the value of the tag. // // Some AWS service do not support empty values. Since tags are added to // resources in many services, the length of the tag value must meet the // requirements of all services. // // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=256 // +kubebuilder:validation:Pattern=`^[0-9A-Za-z_.:/=+-@]+$` Value string `json:"value"` }
AWSResourceTag is a tag to apply to AWS resources created for the cluster.
type AWSRoleCredentials ¶
type AWSRolesRef ¶
type AWSRolesRef struct { // The referenced role must have a trust relationship that allows it to be assumed via web identity. // https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html. // Example: // { // "Version": "2012-10-17", // "Statement": [ // { // "Effect": "Allow", // "Principal": { // "Federated": "{{ .ProviderARN }}" // }, // "Action": "sts:AssumeRoleWithWebIdentity", // "Condition": { // "StringEquals": { // "{{ .ProviderName }}:sub": {{ .ServiceAccounts }} // } // } // } // ] // } // // IngressARN is an ARN value referencing a role appropriate for the Ingress Operator. // // The following is an example of a valid policy document: // // { // "Version": "2012-10-17", // "Statement": [ // { // "Effect": "Allow", // "Action": [ // "elasticloadbalancing:DescribeLoadBalancers", // "tag:GetResources", // "route53:ListHostedZones" // ], // "Resource": "*" // }, // { // "Effect": "Allow", // "Action": [ // "route53:ChangeResourceRecordSets" // ], // "Resource": [ // "arn:aws:route53:::PUBLIC_ZONE_ID", // "arn:aws:route53:::PRIVATE_ZONE_ID" // ] // } // ] // } IngressARN string `json:"ingressARN"` // ImageRegistryARN is an ARN value referencing a role appropriate for the Image Registry Operator. // // The following is an example of a valid policy document: // // { // "Version": "2012-10-17", // "Statement": [ // { // "Effect": "Allow", // "Action": [ // "s3:CreateBucket", // "s3:DeleteBucket", // "s3:PutBucketTagging", // "s3:GetBucketTagging", // "s3:PutBucketPublicAccessBlock", // "s3:GetBucketPublicAccessBlock", // "s3:PutEncryptionConfiguration", // "s3:GetEncryptionConfiguration", // "s3:PutLifecycleConfiguration", // "s3:GetLifecycleConfiguration", // "s3:GetBucketLocation", // "s3:ListBucket", // "s3:GetObject", // "s3:PutObject", // "s3:DeleteObject", // "s3:ListBucketMultipartUploads", // "s3:AbortMultipartUpload", // "s3:ListMultipartUploadParts" // ], // "Resource": "*" // } // ] // } ImageRegistryARN string `json:"imageRegistryARN"` // StorageARN is an ARN value referencing a role appropriate for the Storage Operator. // // The following is an example of a valid policy document: // // { // "Version": "2012-10-17", // "Statement": [ // { // "Effect": "Allow", // "Action": [ // "ec2:AttachVolume", // "ec2:CreateSnapshot", // "ec2:CreateTags", // "ec2:CreateVolume", // "ec2:DeleteSnapshot", // "ec2:DeleteTags", // "ec2:DeleteVolume", // "ec2:DescribeInstances", // "ec2:DescribeSnapshots", // "ec2:DescribeTags", // "ec2:DescribeVolumes", // "ec2:DescribeVolumesModifications", // "ec2:DetachVolume", // "ec2:ModifyVolume" // ], // "Resource": "*" // } // ] // } StorageARN string `json:"storageARN"` // NetworkARN is an ARN value referencing a role appropriate for the Network Operator. // // The following is an example of a valid policy document: // // { // "Version": "2012-10-17", // "Statement": [ // { // "Effect": "Allow", // "Action": [ // "ec2:DescribeInstances", // "ec2:DescribeInstanceStatus", // "ec2:DescribeInstanceTypes", // "ec2:UnassignPrivateIpAddresses", // "ec2:AssignPrivateIpAddresses", // "ec2:UnassignIpv6Addresses", // "ec2:AssignIpv6Addresses", // "ec2:DescribeSubnets", // "ec2:DescribeNetworkInterfaces" // ], // "Resource": "*" // } // ] // } NetworkARN string `json:"networkARN"` // KubeCloudControllerARN is an ARN value referencing a role appropriate for the KCM/KCC. // Source: https://cloud-provider-aws.sigs.k8s.io/prerequisites/#iam-policies // // The following is an example of a valid policy document: // // { // "Version": "2012-10-17", // "Statement": [ // { // "Action": [ // "autoscaling:DescribeAutoScalingGroups", // "autoscaling:DescribeLaunchConfigurations", // "autoscaling:DescribeTags", // "ec2:DescribeAvailabilityZones", // "ec2:DescribeInstances", // "ec2:DescribeImages", // "ec2:DescribeRegions", // "ec2:DescribeRouteTables", // "ec2:DescribeSecurityGroups", // "ec2:DescribeSubnets", // "ec2:DescribeVolumes", // "ec2:CreateSecurityGroup", // "ec2:CreateTags", // "ec2:CreateVolume", // "ec2:ModifyInstanceAttribute", // "ec2:ModifyVolume", // "ec2:AttachVolume", // "ec2:AuthorizeSecurityGroupIngress", // "ec2:CreateRoute", // "ec2:DeleteRoute", // "ec2:DeleteSecurityGroup", // "ec2:DeleteVolume", // "ec2:DetachVolume", // "ec2:RevokeSecurityGroupIngress", // "ec2:DescribeVpcs", // "elasticloadbalancing:AddTags", // "elasticloadbalancing:AttachLoadBalancerToSubnets", // "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", // "elasticloadbalancing:CreateLoadBalancer", // "elasticloadbalancing:CreateLoadBalancerPolicy", // "elasticloadbalancing:CreateLoadBalancerListeners", // "elasticloadbalancing:ConfigureHealthCheck", // "elasticloadbalancing:DeleteLoadBalancer", // "elasticloadbalancing:DeleteLoadBalancerListeners", // "elasticloadbalancing:DescribeLoadBalancers", // "elasticloadbalancing:DescribeLoadBalancerAttributes", // "elasticloadbalancing:DetachLoadBalancerFromSubnets", // "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", // "elasticloadbalancing:ModifyLoadBalancerAttributes", // "elasticloadbalancing:RegisterInstancesWithLoadBalancer", // "elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer", // "elasticloadbalancing:AddTags", // "elasticloadbalancing:CreateListener", // "elasticloadbalancing:CreateTargetGroup", // "elasticloadbalancing:DeleteListener", // "elasticloadbalancing:DeleteTargetGroup", // "elasticloadbalancing:DeregisterTargets", // "elasticloadbalancing:DescribeListeners", // "elasticloadbalancing:DescribeLoadBalancerPolicies", // "elasticloadbalancing:DescribeTargetGroups", // "elasticloadbalancing:DescribeTargetHealth", // "elasticloadbalancing:ModifyListener", // "elasticloadbalancing:ModifyTargetGroup", // "elasticloadbalancing:RegisterTargets", // "elasticloadbalancing:SetLoadBalancerPoliciesOfListener", // "iam:CreateServiceLinkedRole", // "kms:DescribeKey" // ], // "Resource": [ // "*" // ], // "Effect": "Allow" // } // ] // } // +immutable KubeCloudControllerARN string `json:"kubeCloudControllerARN"` // NodePoolManagementARN is an ARN value referencing a role appropriate for the CAPI Controller. // // The following is an example of a valid policy document: // // { // "Version": "2012-10-17", // "Statement": [ // { // "Action": [ // "ec2:AssociateRouteTable", // "ec2:AttachInternetGateway", // "ec2:AuthorizeSecurityGroupIngress", // "ec2:CreateInternetGateway", // "ec2:CreateNatGateway", // "ec2:CreateRoute", // "ec2:CreateRouteTable", // "ec2:CreateSecurityGroup", // "ec2:CreateSubnet", // "ec2:CreateTags", // "ec2:DeleteInternetGateway", // "ec2:DeleteNatGateway", // "ec2:DeleteRouteTable", // "ec2:DeleteSecurityGroup", // "ec2:DeleteSubnet", // "ec2:DeleteTags", // "ec2:DescribeAccountAttributes", // "ec2:DescribeAddresses", // "ec2:DescribeAvailabilityZones", // "ec2:DescribeImages", // "ec2:DescribeInstances", // "ec2:DescribeInternetGateways", // "ec2:DescribeNatGateways", // "ec2:DescribeNetworkInterfaces", // "ec2:DescribeNetworkInterfaceAttribute", // "ec2:DescribeRouteTables", // "ec2:DescribeSecurityGroups", // "ec2:DescribeSubnets", // "ec2:DescribeVpcs", // "ec2:DescribeVpcAttribute", // "ec2:DescribeVolumes", // "ec2:DetachInternetGateway", // "ec2:DisassociateRouteTable", // "ec2:DisassociateAddress", // "ec2:ModifyInstanceAttribute", // "ec2:ModifyNetworkInterfaceAttribute", // "ec2:ModifySubnetAttribute", // "ec2:RevokeSecurityGroupIngress", // "ec2:RunInstances", // "ec2:TerminateInstances", // "tag:GetResources", // "ec2:CreateLaunchTemplate", // "ec2:CreateLaunchTemplateVersion", // "ec2:DescribeLaunchTemplates", // "ec2:DescribeLaunchTemplateVersions", // "ec2:DeleteLaunchTemplate", // "ec2:DeleteLaunchTemplateVersions" // ], // "Resource": [ // "*" // ], // "Effect": "Allow" // }, // { // "Condition": { // "StringLike": { // "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com" // } // }, // "Action": [ // "iam:CreateServiceLinkedRole" // ], // "Resource": [ // "arn:*:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing" // ], // "Effect": "Allow" // }, // { // "Action": [ // "iam:PassRole" // ], // "Resource": [ // "arn:*:iam::*:role/*-worker-role" // ], // "Effect": "Allow" // }, // { // "Effect": "Allow", // "Action": [ // "kms:Decrypt", // "kms:ReEncrypt", // "kms:GenerateDataKeyWithoutPlainText", // "kms:DescribeKey" // ], // "Resource": "*" // }, // { // "Effect": "Allow", // "Action": [ // "kms:CreateGrant" // ], // "Resource": "*", // "Condition": { // "Bool": { // "kms:GrantIsForAWSResource": true // } // } // } // ] // } // // +immutable NodePoolManagementARN string `json:"nodePoolManagementARN"` // ControlPlaneOperatorARN is an ARN value referencing a role appropriate for the Control Plane Operator. // // The following is an example of a valid policy document: // // { // "Version": "2012-10-17", // "Statement": [ // { // "Effect": "Allow", // "Action": [ // "ec2:CreateVpcEndpoint", // "ec2:DescribeVpcEndpoints", // "ec2:ModifyVpcEndpoint", // "ec2:DeleteVpcEndpoints", // "ec2:CreateTags", // "route53:ListHostedZones", // "ec2:CreateSecurityGroup", // "ec2:AuthorizeSecurityGroupIngress", // "ec2:AuthorizeSecurityGroupEgress", // "ec2:DeleteSecurityGroup", // "ec2:RevokeSecurityGroupIngress", // "ec2:RevokeSecurityGroupEgress", // "ec2:DescribeSecurityGroups", // "ec2:DescribeVpcs", // ], // "Resource": "*" // }, // { // "Effect": "Allow", // "Action": [ // "route53:ChangeResourceRecordSets", // "route53:ListResourceRecordSets" // ], // "Resource": "arn:aws:route53:::%s" // } // ] // } // +immutable ControlPlaneOperatorARN string `json:"controlPlaneOperatorARN"` }
AWSRolesRef contains references to various AWS IAM roles required for operators to make calls against the AWS API.
type AWSServiceEndpoint ¶
type AWSServiceEndpoint struct { // Name is the name of the AWS service. // This must be provided and cannot be empty. Name string `json:"name"` // URL is fully qualified URI with scheme https, that overrides the default generated // endpoint for a client. // This must be provided and cannot be empty. // // +kubebuilder:validation:Pattern=`^https://` URL string `json:"url"` }
AWSServiceEndpoint stores the configuration for services to override existing defaults of AWS Services.
type AgentNodePoolPlatform ¶
type AgentNodePoolPlatform struct { // AgentLabelSelector contains labels that must be set on an Agent in order to // be selected for a Machine. // +optional AgentLabelSelector *metav1.LabelSelector `json:"agentLabelSelector,omitempty"` }
AgentNodePoolPlatform specifies the configuration of a NodePool when operating on the Agent platform.
type AgentPlatformSpec ¶
type AgentPlatformSpec struct { // AgentNamespace is the namespace where to search for Agents for this cluster AgentNamespace string `json:"agentNamespace"` }
AgentPlatformSpec specifies configuration for agent-based installations.
type AvailabilityPolicy ¶
type AvailabilityPolicy string
AvailabilityPolicy specifies a high level availability policy for components.
const ( // HighlyAvailable means components should be resilient to problems across // fault boundaries as defined by the component to which the policy is // attached. This usually means running critical workloads with 3 replicas and // with little or no toleration of disruption of the component. HighlyAvailable AvailabilityPolicy = "HighlyAvailable" // SingleReplica means components are not expected to be resilient to problems // across most fault boundaries associated with high availability. This // usually means running critical workloads with just 1 replica and with // toleration of full disruption of the component. SingleReplica AvailabilityPolicy = "SingleReplica" )
type AzureNodePoolPlatform ¶
type AzureNodePoolPlatform struct { VMSize string `json:"vmsize"` // ImageID is the id of the image to boot from. If unset, the default image at the location below will be used: // subscription/$subscriptionID/resourceGroups/$resourceGroupName/providers/Microsoft.Compute/images/rhcos.x86_64.vhd // +optional ImageID string `json:"imageID,omitempty"` // +kubebuilder:default:=120 // +kubebuilder:validation:Minimum=16 // +optional DiskSizeGB int32 `json:"diskSizeGB,omitempty"` // DiskStorageAccountType is the disk storage account type to use. Valid values are: // * Standard_LRS: HDD // * StandardSSD_LRS: Standard SSD // * Premium_LRS: Premium SDD // * UltraSSD_LRS: Ultra SDD // // Defaults to Premium_LRS. For more details, visit the Azure documentation: // https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison // // +kubebuilder:default:=Premium_LRS // +kubebuilder:validation:Enum=Standard_LRS;StandardSSD_LRS;Premium_LRS;UltraSSD_LRS // +optional DiskStorageAccountType string `json:"diskStorageAccountType,omitempty"` // AvailabilityZone of the nodepool. Must not be specified for clusters // in a location that does not support AvailabilityZone. // +optional AvailabilityZone string `json:"availabilityZone,omitempty"` }
type AzurePlatformSpec ¶
type AzurePlatformSpec struct { Credentials corev1.LocalObjectReference `json:"credentials"` Location string `json:"location"` ResourceGroupName string `json:"resourceGroup"` VnetName string `json:"vnetName"` VnetID string `json:"vnetID"` SubnetName string `json:"subnetName"` SubscriptionID string `json:"subscriptionID"` MachineIdentityID string `json:"machineIdentityID"` SecurityGroupName string `json:"securityGroupName"` }
type CIDRBlock ¶
type CIDRBlock string
+kubebuilder:validation:Pattern:=`^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$`
type ClusterAutoscaling ¶
type ClusterAutoscaling struct { // MaxNodesTotal is the maximum allowable number of nodes across all NodePools // for a HostedCluster. The autoscaler will not grow the cluster beyond this // number. // // +kubebuilder:validation:Minimum=0 MaxNodesTotal *int32 `json:"maxNodesTotal,omitempty"` // MaxPodGracePeriod is the maximum seconds to wait for graceful pod // termination before scaling down a NodePool. The default is 600 seconds. // // +kubebuilder:validation:Minimum=0 MaxPodGracePeriod *int32 `json:"maxPodGracePeriod,omitempty"` // MaxNodeProvisionTime is the maximum time to wait for node provisioning // before considering the provisioning to be unsuccessful, expressed as a Go // duration string. The default is 15 minutes. // // +kubebuilder:validation:Pattern=^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ MaxNodeProvisionTime string `json:"maxNodeProvisionTime,omitempty"` // PodPriorityThreshold enables users to schedule "best-effort" pods, which // shouldn't trigger autoscaler actions, but only run when there are spare // resources available. The default is -10. // // See the following for more details: // https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#how-does-cluster-autoscaler-work-with-pod-priority-and-preemption // // +optional PodPriorityThreshold *int32 `json:"podPriorityThreshold,omitempty"` }
ClusterAutoscaling specifies auto-scaling behavior that applies to all NodePools associated with a control plane.
type ClusterConfiguration ¶
type ClusterConfiguration struct { // APIServer holds configuration (like serving certificates, client CA and CORS domains) // shared by all API servers in the system, among them especially kube-apiserver // and openshift-apiserver. // +optional APIServer *configv1.APIServerSpec `json:"apiServer,omitempty"` // Authentication specifies cluster-wide settings for authentication (like OAuth and // webhook token authenticators). // +optional Authentication *configv1.AuthenticationSpec `json:"authentication,omitempty"` // FeatureGate holds cluster-wide information about feature gates. // +optional FeatureGate *configv1.FeatureGateSpec `json:"featureGate,omitempty"` // Image governs policies related to imagestream imports and runtime configuration // for external registries. It allows cluster admins to configure which registries // OpenShift is allowed to import images from, extra CA trust bundles for external // registries, and policies to block or allow registry hostnames. // When exposing OpenShift's image registry to the public, this also lets cluster // admins specify the external hostname. // +optional Image *configv1.ImageSpec `json:"image,omitempty"` // Ingress holds cluster-wide information about ingress, including the default ingress domain // used for routes. // +optional Ingress *configv1.IngressSpec `json:"ingress,omitempty"` // Network holds cluster-wide information about the network. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. // Please view network.spec for an explanation on what applies when configuring this resource. // TODO (csrwng): Add validation here to exclude changes that conflict with networking settings in the HostedCluster.Spec.Networking field. // +optional Network *configv1.NetworkSpec `json:"network,omitempty"` // OAuth holds cluster-wide information about OAuth. // It is used to configure the integrated OAuth server. // This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth. // +optional OAuth *configv1.OAuthSpec `json:"oauth,omitempty"` // Scheduler holds cluster-wide config information to run the Kubernetes Scheduler // and influence its placement decisions. The canonical name for this config is `cluster`. // +optional Scheduler *configv1.SchedulerSpec `json:"scheduler,omitempty"` // Proxy holds cluster-wide information on how to configure default proxies for the cluster. // +optional Proxy *configv1.ProxySpec `json:"proxy,omitempty"` }
ClusterConfiguration specifies configuration for individual OCP components in the cluster, represented as embedded resources that correspond to the openshift configuration API.
The API for individual configuration items is at: https://docs.openshift.com/container-platform/4.7/rest_api/config_apis/config-apis-index.html
func (*ClusterConfiguration) GetAPIServer ¶
func (c *ClusterConfiguration) GetAPIServer() *configv1.APIServerSpec
func (*ClusterConfiguration) GetAuthentication ¶
func (c *ClusterConfiguration) GetAuthentication() *configv1.AuthenticationSpec
func (*ClusterConfiguration) GetFeatureGate ¶
func (c *ClusterConfiguration) GetFeatureGate() *configv1.FeatureGateSpec
func (*ClusterConfiguration) GetImage ¶
func (c *ClusterConfiguration) GetImage() *configv1.ImageSpec
func (*ClusterConfiguration) GetIngress ¶
func (c *ClusterConfiguration) GetIngress() *configv1.IngressSpec
func (*ClusterConfiguration) GetNetwork ¶
func (c *ClusterConfiguration) GetNetwork() *configv1.NetworkSpec
func (*ClusterConfiguration) GetOAuth ¶
func (c *ClusterConfiguration) GetOAuth() *configv1.OAuthSpec
func (*ClusterConfiguration) GetProxy ¶
func (c *ClusterConfiguration) GetProxy() *configv1.ProxySpec
func (*ClusterConfiguration) GetScheduler ¶
func (c *ClusterConfiguration) GetScheduler() *configv1.SchedulerSpec
type ClusterNetworkEntry ¶
type ClusterNetworkEntry struct { // CIDR is the IP block address pool. CIDR ipnet.IPNet `json:"cidr"` // HostPrefix is the prefix size to allocate to each node from the CIDR. // For example, 24 would allocate 2^8=256 adresses to each node. If this // field is not used by the plugin, it can be left unset. // +optional HostPrefix int32 `json:"hostPrefix,omitempty"` }
ClusterNetworkEntry is a single IP address block for pod IP blocks. IP blocks are allocated with size 2^HostSubnetLength.
type ClusterNetworking ¶
type ClusterNetworking struct { // MachineNetwork is the list of IP address pools for machines. // // +immutable // +optional MachineNetwork []MachineNetworkEntry `json:"machineNetwork,omitempty"` // ClusterNetwork is the list of IP address pools for pods. // // +immutable ClusterNetwork []ClusterNetworkEntry `json:"clusterNetwork"` // ServiceNetwork is the list of IP address pools for services. // NOTE: currently only one entry is supported. // // +optional ServiceNetwork []ServiceNetworkEntry `json:"serviceNetwork"` // NetworkType specifies the SDN provider used for cluster networking. // // +kubebuilder:default:="OVNKubernetes" // +immutable NetworkType NetworkType `json:"networkType"` // APIServer contains advanced network settings for the API server that affect // how the APIServer is exposed inside a cluster node. // // +immutable APIServer *APIServerNetworking `json:"apiServer,omitempty"` }
ClusterNetworking specifies network configuration for a cluster.
type ClusterVersionStatus ¶
type ClusterVersionStatus struct { // desired is the version that the cluster is reconciling towards. // If the cluster is not yet fully initialized desired will be set // with the information available, which may be an image or a tag. Desired configv1.Release `json:"desired"` // history contains a list of the most recent versions applied to the cluster. // This value may be empty during cluster startup, and then will be updated // when a new update is being applied. The newest update is first in the // list and it is ordered by recency. Updates in the history have state // Completed if the rollout completed - if an update was failing or halfway // applied the state will be Partial. Only a limited amount of update history // is preserved. // // +optional History []configv1.UpdateHistory `json:"history,omitempty"` // observedGeneration reports which version of the spec is being synced. // If this value is not equal to metadata.generation, then the desired // and conditions fields may represent a previous version. ObservedGeneration int64 `json:"observedGeneration"` // availableUpdates contains updates recommended for this // cluster. Updates which appear in conditionalUpdates but not in // availableUpdates may expose this cluster to known issues. This list // may be empty if no updates are recommended, if the update service // is unavailable, or if an invalid channel has been specified. // +nullable // +kubebuilder:validation:Required // +required AvailableUpdates []configv1.Release `json:"availableUpdates"` // conditionalUpdates contains the list of updates that may be // recommended for this cluster if it meets specific required // conditions. Consumers interested in the set of updates that are // actually recommended for this cluster should use // availableUpdates. This list may be empty if no updates are // recommended, if the update service is unavailable, or if an empty // or invalid channel has been specified. // +listType=atomic // +optional ConditionalUpdates []configv1.ConditionalUpdate `json:"conditionalUpdates,omitempty"` }
ClusterVersionStatus reports the status of the cluster versioning, including any upgrades that are in progress. The current field will be set to whichever version the cluster is reconciling to, and the conditions array will report whether the update succeeded, is in progress, or is failing. +k8s:deepcopy-gen=true
type ConditionType ¶
type ConditionType string
const ( HostedControlPlaneAvailable ConditionType = "Available" HostedControlPlaneDegraded ConditionType = "Degraded" EtcdSnapshotRestored ConditionType = "EtcdSnapshotRestored" CVOScaledDown ConditionType = "CVOScaledDown" )
const ( // HostedClusterAvailable indicates whether the HostedCluster has a healthy // control plane. // When this is false for too long and there's no clear indication in the "Reason", please check the remaining more granular conditions. HostedClusterAvailable ConditionType = "Available" // HostedClusterProgressing indicates whether the HostedCluster is attempting // an initial deployment or upgrade. // When this is false for too long and there's no clear indication in the "Reason", please check the remaining more granular conditions. HostedClusterProgressing ConditionType = "Progressing" // HostedClusterDegraded indicates whether the HostedCluster is encountering // an error that may require user intervention to resolve. HostedClusterDegraded ConditionType = "Degraded" // InfrastructureReady bubbles up the same condition from HCP. It signals if the infrastructure for a control plane to be operational, // e.g. load balancers were created successfully. // A failure here may require external user intervention to resolve. E.g. hitting quotas on the cloud provider. InfrastructureReady ConditionType = "InfrastructureReady" // KubeAPIServerAvailable bubbles up the same condition from HCP. It signals if the kube API server is available. // A failure here often means a software bug or a non-stable cluster. KubeAPIServerAvailable ConditionType = "KubeAPIServerAvailable" // EtcdAvailable bubbles up the same condition from HCP. It signals if etcd is available. // A failure here often means a software bug or a non-stable cluster. EtcdAvailable ConditionType = "EtcdAvailable" // ValidHostedControlPlaneConfiguration bubbles up the same condition from HCP. It signals if the hostedControlPlane input is valid and // supported by the underlying management cluster. // A failure here is unlikely to resolve without the changing user input. ValidHostedControlPlaneConfiguration ConditionType = "ValidHostedControlPlaneConfiguration" // CloudResourcesDestroyed bubbles up the same condition from HCP. It signals if the cloud provider infrastructure created by Kubernetes // in the consumer cloud provider account was destroyed. // A failure here may require external user intervention to resolve. E.g. cloud provider perms were corrupted. E.g. the guest cluster was broken // and kube resource deletion that affects cloud infra like service type load balancer can't succeed. CloudResourcesDestroyed ConditionType = "CloudResourcesDestroyed" // ExternalDNSReachable bubbles up the same condition from HCP. It signals if the configured external DNS is reachable. // A failure here requires external user intervention to resolve. E.g. changing the external DNS domain or making sure the domain is created // and registered correctly. ExternalDNSReachable ConditionType = "ExternalDNSReachable" // ValidReleaseInfo bubbles up the same condition from HCP. It indicates if the release contains all the images used by hypershift // and reports missing images if any. ValidReleaseInfo ConditionType = "ValidReleaseInfo" // ClusterVersionSucceeding indicates the current status of the desired release // version of the HostedCluster as indicated by the Failing condition in the // underlying cluster's ClusterVersion. ClusterVersionSucceeding ConditionType = "ClusterVersionSucceeding" // ClusterVersionUpgradeable indicates the Upgradeable condition in the // underlying cluster's ClusterVersion. ClusterVersionUpgradeable ConditionType = "ClusterVersionUpgradeable" // ClusterVersionFailing bubbles up Failing from the CVO. ClusterVersionFailing ConditionType = "ClusterVersionFailing" // ClusterVersionProgressing bubbles up configv1.OperatorProgressing from the CVO. ClusterVersionProgressing ConditionType = "ClusterVersionProgressing" // ClusterVersionAvailable bubbles up Failing configv1.OperatorAvailable from the CVO. ClusterVersionAvailable ConditionType = "ClusterVersionAvailable" // ClusterVersionReleaseAccepted bubbles up Failing ReleaseAccepted from the CVO. ClusterVersionReleaseAccepted ConditionType = "ClusterVersionReleaseAccepted" // UnmanagedEtcdAvailable indicates whether a user-managed etcd cluster is // healthy. UnmanagedEtcdAvailable ConditionType = "UnmanagedEtcdAvailable" // IgnitionEndpointAvailable indicates whether the ignition server for the // HostedCluster is available to handle ignition requests. // A failure here often means a software bug or a non-stable cluster. IgnitionEndpointAvailable ConditionType = "IgnitionEndpointAvailable" // IgnitionServerValidReleaseInfo indicates if the release contains all the images used by the local ignition provider // and reports missing images if any. IgnitionServerValidReleaseInfo ConditionType = "IgnitionServerValidReleaseInfo" // ValidHostedClusterConfiguration signals if the hostedCluster input is valid and // supported by the underlying management cluster. // A failure here is unlikely to resolve without the changing user input. ValidHostedClusterConfiguration ConditionType = "ValidConfiguration" // SupportedHostedCluster indicates whether a HostedCluster is supported by // the current configuration of the hypershift-operator. // e.g. If HostedCluster requests endpointAcess Private but the hypershift-operator // is running on a management cluster outside AWS or is not configured with AWS // credentials, the HostedCluster is not supported. // A failure here is unlikely to resolve without the changing user input. SupportedHostedCluster ConditionType = "SupportedHostedCluster" // ValidOIDCConfiguration indicates if an AWS cluster's OIDC condition is // detected as invalid. // A failure here may require external user intervention to resolve. E.g. oidc was deleted out of band. ValidOIDCConfiguration ConditionType = "ValidOIDCConfiguration" // ValidReleaseImage indicates if the release image set in the spec is valid // for the HostedCluster. For example, this can be set false if the // HostedCluster itself attempts an unsupported version before 4.9 or an // unsupported upgrade e.g y-stream upgrade before 4.11. // A failure here is unlikely to resolve without the changing user input. ValidReleaseImage ConditionType = "ValidReleaseImage" // ValidAWSIdentityProvider indicates if the Identity Provider referenced // in the cloud credentials is healthy. E.g. for AWS the idp ARN is referenced in the iam roles. // "Version": "2012-10-17", // "Statement": [ // { // "Effect": "Allow", // "Principal": { // "Federated": "{{ .ProviderARN }}" // }, // "Action": "sts:AssumeRoleWithWebIdentity", // "Condition": { // "StringEquals": { // "{{ .ProviderName }}:sub": {{ .ServiceAccounts }} // } // } // } // ] // // A failure here may require external user intervention to resolve. ValidAWSIdentityProvider ConditionType = "ValidAWSIdentityProvider" // ValidAWSKMSConfig indicates whether the AWS KMS role and encryption key are valid and operational // A failure here indicates that the role or the key are invalid, or the role doesn't have access to use the key. ValidAWSKMSConfig ConditionType = "ValidAWSKMSConfig" // AWSDefaultSecurityGroupCreated indicates whether the default security group // for AWS workers has been created. // A failure here indicates that NodePools without a security group will be // blocked from creating machines. AWSDefaultSecurityGroupCreated ConditionType = "AWSDefaultSecurityGroupCreated" // PlatformCredentialsFound indicates that credentials required for the // desired platform are valid. // A failure here is unlikely to resolve without the changing user input. PlatformCredentialsFound ConditionType = "PlatformCredentialsFound" // ReconciliationActive indicates if reconciliation of the HostedCluster is // active or paused hostedCluster.spec.pausedUntil. ReconciliationActive ConditionType = "ReconciliationActive" // ReconciliationSucceeded indicates if the HostedCluster reconciliation // succeeded. // A failure here often means a software bug or a non-stable cluster. ReconciliationSucceeded ConditionType = "ReconciliationSucceeded" )
Conditions.
type DNSSpec ¶
type DNSSpec struct { // BaseDomain is the base domain of the cluster. // // +immutable BaseDomain string `json:"baseDomain"` // BaseDomainPrefix is the base domain prefix of the cluster. // defaults to clusterName if not set. Set it to "" if you don't want a prefix to be prepended to BaseDomain. // // +optional // +immutable BaseDomainPrefix *string `json:"baseDomainPrefix,omitempty"` // PublicZoneID is the Hosted Zone ID where all the DNS records that are // publicly accessible to the internet exist. // // +optional // +immutable PublicZoneID string `json:"publicZoneID,omitempty"` // PrivateZoneID is the Hosted Zone ID where all the DNS records that are only // available internally to the cluster exist. // // +optional // +immutable PrivateZoneID string `json:"privateZoneID,omitempty"` }
DNSSpec specifies the DNS configuration in the cluster.
type EtcdManagementType ¶
type EtcdManagementType string
EtcdManagementType is a enum specifying the strategy for managing the cluster's etcd instance +kubebuilder:validation:Enum=Managed;Unmanaged
const ( // Managed means HyperShift should provision and operator the etcd cluster // automatically. Managed EtcdManagementType = "Managed" // Unmanaged means HyperShift will not provision or manage the etcd cluster, // and the user is responsible for doing so. Unmanaged EtcdManagementType = "Unmanaged" )
type EtcdSpec ¶
type EtcdSpec struct { // ManagementType defines how the etcd cluster is managed. // // +unionDiscriminator // +immutable ManagementType EtcdManagementType `json:"managementType"` // Managed specifies the behavior of an etcd cluster managed by HyperShift. // // +optional // +immutable Managed *ManagedEtcdSpec `json:"managed,omitempty"` // Unmanaged specifies configuration which enables the control plane to // integrate with an eternally managed etcd cluster. // // +optional // +immutable Unmanaged *UnmanagedEtcdSpec `json:"unmanaged,omitempty"` }
EtcdSpec specifies configuration for a control plane etcd cluster.
type EtcdTLSConfig ¶
type EtcdTLSConfig struct { // ClientSecret refers to a secret for client mTLS authentication with the etcd cluster. It // may have the following key/value pairs: // // etcd-client-ca.crt: Certificate Authority value // etcd-client.crt: Client certificate value // etcd-client.key: Client certificate key value ClientSecret corev1.LocalObjectReference `json:"clientSecret"` }
EtcdTLSConfig specifies TLS configuration for HTTPS etcd client endpoints.
type Filter ¶
type Filter struct { // Name of the filter. Filter names are case-sensitive. Name string `json:"name"` // Values includes one or more filter values. Filter values are case-sensitive. Values []string `json:"values"` }
Filter is a filter used to identify an AWS resource
type HostedCluster ¶
type HostedCluster struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Spec is the desired behavior of the HostedCluster. Spec HostedClusterSpec `json:"spec,omitempty"` // Status is the latest observed status of the HostedCluster. Status HostedClusterStatus `json:"status,omitempty"` }
HostedCluster is the primary representation of a HyperShift cluster and encapsulates the control plane and common data plane configuration. Creating a HostedCluster results in a fully functional OpenShift control plane with no attached nodes. To support workloads (e.g. pods), a HostedCluster may have one or more associated NodePool resources.
+kubebuilder:object:root=true +kubebuilder:resource:path=hostedclusters,shortName=hc;hcs,scope=Namespaced +kubebuilder:storageversion +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Version",type="string",JSONPath=".status.version.history[?(@.state==\"Completed\")].version",description="Version" +kubebuilder:printcolumn:name="KubeConfig",type="string",JSONPath=".status.kubeconfig.name",description="KubeConfig Secret" +kubebuilder:printcolumn:name="Progress",type="string",JSONPath=".status.version.history[?(@.state!=\"\")].state",description="Progress" +kubebuilder:printcolumn:name="Available",type="string",JSONPath=".status.conditions[?(@.type==\"Available\")].status",description="Available" +kubebuilder:printcolumn:name="Progressing",type="string",JSONPath=".status.conditions[?(@.type==\"Progressing\")].status",description="Progressing" +kubebuilder:printcolumn:name="Message",type="string",JSONPath=".status.conditions[?(@.type==\"Available\")].message",description="Message"
func (*HostedCluster) Hub ¶
func (*HostedCluster) Hub()
Declare the types in this version as the Hub
type HostedClusterList ¶
type HostedClusterList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []HostedCluster `json:"items"` }
+kubebuilder:object:root=true HostedClusterList contains a list of HostedCluster
type HostedClusterSpec ¶
type HostedClusterSpec struct { // Release specifies the desired OCP release payload for the hosted cluster. // // Updating this field will trigger a rollout of the control plane. The // behavior of the rollout will be driven by the ControllerAvailabilityPolicy // and InfrastructureAvailabilityPolicy. Release Release `json:"release"` // ClusterID uniquely identifies this cluster. This is expected to be // an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in // hexadecimal values). // As with a Kubernetes metadata.uid, this ID uniquely identifies this // cluster in space and time. // This value identifies the cluster in metrics pushed to telemetry and // metrics produced by the control plane operators. If a value is not // specified, an ID is generated. After initial creation, the value is // immutable. // +kubebuilder:validation:Pattern:="[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}" // +optional ClusterID string `json:"clusterID,omitempty"` // channel is an identifier for explicitly requesting that a non-default // set of updates be applied to this cluster. The default channel will be // contain stable updates that are appropriate for production clusters. // // +optional Channel string `json:"channel,omitempty"` // InfraID is a globally unique identifier for the cluster. This identifier // will be used to associate various cloud resources with the HostedCluster // and its associated NodePools. // // +optional // +immutable InfraID string `json:"infraID,omitempty"` // Platform specifies the underlying infrastructure provider for the cluster // and is used to configure platform specific behavior. // // +immutable Platform PlatformSpec `json:"platform"` // ControllerAvailabilityPolicy specifies the availability policy applied to // critical control plane components. The default value is SingleReplica. // // +optional // +kubebuilder:default:="SingleReplica" // +immutable ControllerAvailabilityPolicy AvailabilityPolicy `json:"controllerAvailabilityPolicy,omitempty"` // InfrastructureAvailabilityPolicy specifies the availability policy applied // to infrastructure services which run on cluster nodes. The default value is // SingleReplica. // // +optional // +kubebuilder:default:="SingleReplica" // +immutable InfrastructureAvailabilityPolicy AvailabilityPolicy `json:"infrastructureAvailabilityPolicy,omitempty"` // DNS specifies DNS configuration for the cluster. // // +immutable DNS DNSSpec `json:"dns,omitempty"` // Networking specifies network configuration for the cluster. // // +immutable Networking ClusterNetworking `json:"networking"` // Autoscaling specifies auto-scaling behavior that applies to all NodePools // associated with the control plane. // // +optional Autoscaling ClusterAutoscaling `json:"autoscaling,omitempty"` // Etcd specifies configuration for the control plane etcd cluster. The // default ManagementType is Managed. Once set, the ManagementType cannot be // changed. // // +kubebuilder:validation:Optional // +kubebuilder:default={managementType: "Managed", managed: {storage: {type: "PersistentVolume", persistentVolume: {size: "8Gi"}}}} // +immutable Etcd EtcdSpec `json:"etcd"` // Services specifies how individual control plane services are published from // the hosting cluster of the control plane. // // If a given service is not present in this list, it will be exposed publicly // by default. Services []ServicePublishingStrategyMapping `json:"services"` // PullSecret references a pull secret to be injected into the container // runtime of all cluster nodes. The secret must have a key named // ".dockerconfigjson" whose value is the pull secret JSON. // // +immutable PullSecret corev1.LocalObjectReference `json:"pullSecret"` // SSHKey references an SSH key to be injected into all cluster node sshd // servers. The secret must have a single key "id_rsa.pub" whose value is the // public part of an SSH key. // // +immutable SSHKey corev1.LocalObjectReference `json:"sshKey"` // IssuerURL is an OIDC issuer URL which is used as the issuer in all // ServiceAccount tokens generated by the control plane API server. The // default value is kubernetes.default.svc, which only works for in-cluster // validation. // // +kubebuilder:default:="https://kubernetes.default.svc" // +immutable // +optional // +kubebuilder:validation:Format=uri IssuerURL string `json:"issuerURL,omitempty"` // ServiceAccountSigningKey is a reference to a secret containing the private key // used by the service account token issuer. The secret is expected to contain // a single key named "key". If not specified, a service account signing key will // be generated automatically for the cluster. When specifying a service account // signing key, a IssuerURL must also be specified. // // +immutable // +kubebuilder:validation:Optional // +optional ServiceAccountSigningKey *corev1.LocalObjectReference `json:"serviceAccountSigningKey,omitempty"` // Configuration specifies configuration for individual OCP components in the // cluster, represented as embedded resources that correspond to the openshift // configuration API. // // +kubebuilder:validation:Optional // +optional Configuration *ClusterConfiguration `json:"configuration,omitempty"` // AuditWebhook contains metadata for configuring an audit webhook endpoint // for a cluster to process cluster audit events. It references a secret that // contains the webhook information for the audit webhook endpoint. It is a // secret because if the endpoint has mTLS the kubeconfig will contain client // keys. The kubeconfig needs to be stored in the secret with a secret key // name that corresponds to the constant AuditWebhookKubeconfigKey. // // +optional // +immutable AuditWebhook *corev1.LocalObjectReference `json:"auditWebhook,omitempty"` // ImageContentSources specifies image mirrors that can be used by cluster // nodes to pull content. // // +optional // +immutable ImageContentSources []ImageContentSource `json:"imageContentSources,omitempty"` // AdditionalTrustBundle is a reference to a ConfigMap containing a // PEM-encoded X.509 certificate bundle that will be added to the hosted controlplane and nodes // // +optional AdditionalTrustBundle *corev1.LocalObjectReference `json:"additionalTrustBundle,omitempty"` // SecretEncryption specifies a Kubernetes secret encryption strategy for the // control plane. // // +optional SecretEncryption *SecretEncryptionSpec `json:"secretEncryption,omitempty"` // FIPS indicates whether this cluster's nodes will be running in FIPS mode. // If set to true, the control plane's ignition server will be configured to // expect that nodes joining the cluster will be FIPS-enabled. // // +optional // +immutable FIPS bool `json:"fips"` // PausedUntil is a field that can be used to pause reconciliation on a resource. // Either a date can be provided in RFC3339 format or a boolean. If a date is // provided: reconciliation is paused on the resource until that date. If the boolean true is // provided: reconciliation is paused on the resource until the field is removed. // +optional PausedUntil *string `json:"pausedUntil,omitempty"` // OLMCatalogPlacement specifies the placement of OLM catalog components. By default, // this is set to management and OLM catalog components are deployed onto the management // cluster. If set to guest, the OLM catalog components will be deployed onto the guest // cluster. // // +kubebuilder:default=management // +optional // +immutable OLMCatalogPlacement OLMCatalogPlacement `json:"olmCatalogPlacement,omitempty"` // NodeSelector when specified, must be true for the pods managed by the HostedCluster to be scheduled. // // +optional NodeSelector map[string]string `json:"nodeSelector,omitempty"` }
HostedClusterSpec is the desired behavior of a HostedCluster.
type HostedClusterStatus ¶
type HostedClusterStatus struct { // Version is the status of the release version applied to the // HostedCluster. // +optional Version *ClusterVersionStatus `json:"version,omitempty"` // KubeConfig is a reference to the secret containing the default kubeconfig // for the cluster. // +optional KubeConfig *corev1.LocalObjectReference `json:"kubeconfig,omitempty"` // KubeadminPassword is a reference to the secret that contains the initial // kubeadmin user password for the guest cluster. // +optional KubeadminPassword *corev1.LocalObjectReference `json:"kubeadminPassword,omitempty"` // IgnitionEndpoint is the endpoint injected in the ign config userdata. // It exposes the config for instances to become kubernetes nodes. // +optional IgnitionEndpoint string `json:"ignitionEndpoint,omitempty"` // ControlPlaneEndpoint contains the endpoint information by which // external clients can access the control plane. This is populated // after the infrastructure is ready. // +kubebuilder:validation:Optional ControlPlaneEndpoint APIEndpoint `json:"controlPlaneEndpoint,omitempty"` // OAuthCallbackURLTemplate contains a template for the URL to use as a callback // for identity providers. The [identity-provider-name] placeholder must be replaced // with the name of an identity provider defined on the HostedCluster. // This is populated after the infrastructure is ready. // +kubebuilder:validation:Optional OAuthCallbackURLTemplate string `json:"oauthCallbackURLTemplate,omitempty"` // Conditions represents the latest available observations of a control // plane's current state. // +optional Conditions []metav1.Condition `json:"conditions,omitempty"` // Platform contains platform-specific status of the HostedCluster // +optional Platform *PlatformStatus `json:"platform,omitempty"` }
HostedClusterStatus is the latest observed status of a HostedCluster.
type HostedControlPlane ¶
type HostedControlPlane struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec HostedControlPlaneSpec `json:"spec,omitempty"` Status HostedControlPlaneStatus `json:"status,omitempty"` }
HostedControlPlane defines the desired state of HostedControlPlane +kubebuilder:resource:path=hostedcontrolplanes,shortName=hcp;hcps,scope=Namespaced,categories=cluster-api +kubebuilder:storageversion +kubebuilder:subresource:status +kubebuilder:object:root=true
func (*HostedControlPlane) Hub ¶
func (*HostedControlPlane) Hub()
type HostedControlPlaneList ¶
type HostedControlPlaneList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []HostedControlPlane `json:"items"` }
+kubebuilder:object:root=true HostedControlPlaneList contains a list of HostedControlPlanes.
type HostedControlPlaneSpec ¶
type HostedControlPlaneSpec struct { // ReleaseImage is the release image applied to the hosted control plane. ReleaseImage string `json:"releaseImage"` // channel is an identifier for explicitly requesting that a non-default // set of updates be applied to this cluster. The default channel will be // contain stable updates that are appropriate for production clusters. // // +optional Channel string `json:"channel,omitempty"` PullSecret corev1.LocalObjectReference `json:"pullSecret"` // IssuerURL is an OIDC issuer URL which is used as the issuer in all // ServiceAccount tokens generated by the control plane API server. The // default value is kubernetes.default.svc, which only works for in-cluster // validation. IssuerURL string `json:"issuerURL"` // Networking specifies network configuration for the cluster. // Temporarily optional for backward compatibility, required in future releases. // +optional Networking ClusterNetworking `json:"networking,omitempty"` SSHKey corev1.LocalObjectReference `json:"sshKey"` // ClusterID is the unique id that identifies the cluster externally. // Making it optional here allows us to keep compatibility with previous // versions of the control-plane-operator that have no knowledge of this // field. // +optional ClusterID string `json:"clusterID,omitempty"` InfraID string `json:"infraID"` Platform PlatformSpec `json:"platform"` DNS DNSSpec `json:"dns"` // ServiceAccountSigningKey is a reference to a secret containing the private key // used by the service account token issuer. The secret is expected to contain // a single key named "key". If not specified, a service account signing key will // be generated automatically for the cluster. // // +optional ServiceAccountSigningKey *corev1.LocalObjectReference `json:"serviceAccountSigningKey,omitempty"` // ControllerAvailabilityPolicy specifies the availability policy applied to // critical control plane components. The default value is SingleReplica. // // +optional // +kubebuilder:default:="SingleReplica" ControllerAvailabilityPolicy AvailabilityPolicy `json:"controllerAvailabilityPolicy,omitempty"` // InfrastructureAvailabilityPolicy specifies the availability policy applied // to infrastructure services which run on cluster nodes. The default value is // SingleReplica. // // +optional // +kubebuilder:default:="SingleReplica" InfrastructureAvailabilityPolicy AvailabilityPolicy `json:"infrastructureAvailabilityPolicy,omitempty"` // FIPS specifies if the nodes for the cluster will be running in FIPS mode // +optional FIPS bool `json:"fips"` // KubeConfig specifies the name and key for the kubeconfig secret // +optional KubeConfig *KubeconfigSecretRef `json:"kubeconfig,omitempty"` // Services defines metadata about how control plane services are published // in the management cluster. Services []ServicePublishingStrategyMapping `json:"services"` // AuditWebhook contains metadata for configuring an audit webhook // endpoint for a cluster to process cluster audit events. It references // a secret that contains the webhook information for the audit webhook endpoint. // It is a secret because if the endpoint has MTLS the kubeconfig will contain client // keys. This is currently only supported in IBM Cloud. The kubeconfig needs to be stored // in the secret with a secret key name that corresponds to the constant AuditWebhookKubeconfigKey. // +optional AuditWebhook *corev1.LocalObjectReference `json:"auditWebhook,omitempty"` // Etcd contains metadata about the etcd cluster the hypershift managed Openshift control plane components // use to store data. Etcd EtcdSpec `json:"etcd"` // Configuration embeds resources that correspond to the openshift configuration API: // https://docs.openshift.com/container-platform/4.7/rest_api/config_apis/config-apis-index.html // +kubebuilder:validation:Optional Configuration *ClusterConfiguration `json:"configuration,omitempty"` // ImageContentSources lists sources/repositories for the release-image content. // +optional ImageContentSources []ImageContentSource `json:"imageContentSources,omitempty"` // AdditionalTrustBundle references a ConfigMap containing a PEM-encoded X.509 certificate bundle // +optional AdditionalTrustBundle *corev1.LocalObjectReference `json:"additionalTrustBundle,omitempty"` // SecretEncryption contains metadata about the kubernetes secret encryption strategy being used for the // cluster when applicable. // +optional SecretEncryption *SecretEncryptionSpec `json:"secretEncryption,omitempty"` // PausedUntil is a field that can be used to pause reconciliation on a resource. // Either a date can be provided in RFC3339 format or a boolean. If a date is // provided: reconciliation is paused on the resource until that date. If the boolean true is // provided: reconciliation is paused on the resource until the field is removed. // +optional PausedUntil *string `json:"pausedUntil,omitempty"` // OLMCatalogPlacement specifies the placement of OLM catalog components. By default, // this is set to management and OLM catalog components are deployed onto the management // cluster. If set to guest, the OLM catalog components will be deployed onto the guest // cluster. // // +kubebuilder:default=management // +optional // +immutable OLMCatalogPlacement OLMCatalogPlacement `json:"olmCatalogPlacement,omitempty"` // Autoscaling specifies auto-scaling behavior that applies to all NodePools // associated with the control plane. // // +optional Autoscaling ClusterAutoscaling `json:"autoscaling,omitempty"` // NodeSelector when specified, must be true for the pods managed by the HostedCluster to be scheduled. // // +optional NodeSelector map[string]string `json:"nodeSelector,omitempty"` }
HostedControlPlaneSpec defines the desired state of HostedControlPlane
type HostedControlPlaneStatus ¶
type HostedControlPlaneStatus struct { // Ready denotes that the HostedControlPlane API Server is ready to // receive requests // This satisfies CAPI contract https://github.com/kubernetes-sigs/cluster-api/blob/cd3a694deac89d5ebeb888307deaa61487207aa0/controllers/cluster_controller_phases.go#L226-L230 // +kubebuilder:validation:Required // +kubebuilder:default=false Ready bool `json:"ready"` // Initialized denotes whether or not the control plane has // provided a kubeadm-config. // Once this condition is marked true, its value is never changed. See the Ready condition for an indication of // the current readiness of the cluster's control plane. // This satisfies CAPI contract https://github.com/kubernetes-sigs/cluster-api/blob/cd3a694deac89d5ebeb888307deaa61487207aa0/controllers/cluster_controller_phases.go#L238-L252 // +kubebuilder:validation:Required // +kubebuilder:default=false Initialized bool `json:"initialized"` // ExternalManagedControlPlane indicates to cluster-api that the control plane // is managed by an external service. // https://github.com/kubernetes-sigs/cluster-api/blob/65e5385bffd71bf4aad3cf34a537f11b217c7fab/controllers/machine_controller.go#L468 // +kubebuilder:default=true ExternalManagedControlPlane *bool `json:"externalManagedControlPlane,omitempty"` // ControlPlaneEndpoint contains the endpoint information by which // external clients can access the control plane. This is populated // after the infrastructure is ready. // +kubebuilder:validation:Optional ControlPlaneEndpoint APIEndpoint `json:"controlPlaneEndpoint,omitempty"` // OAuthCallbackURLTemplate contains a template for the URL to use as a callback // for identity providers. The [identity-provider-name] placeholder must be replaced // with the name of an identity provider defined on the HostedCluster. // This is populated after the infrastructure is ready. // +kubebuilder:validation:Optional OAuthCallbackURLTemplate string `json:"oauthCallbackURLTemplate,omitempty"` // versionStatus is the status of the release version applied by the // hosted control plane operator. // +optional VersionStatus *ClusterVersionStatus `json:"versionStatus,omitempty"` // Version is the semantic version of the release applied by // the hosted control plane operator // // Deprecated: Use versionStatus.desired.version instead. // +kubebuilder:validation:Optional Version string `json:"version,omitempty"` // ReleaseImage is the release image applied to the hosted control plane. // // Deprecated: Use versionStatus.desired.image instead. // +optional ReleaseImage string `json:"releaseImage,omitempty"` // lastReleaseImageTransitionTime is the time of the last update to the current // releaseImage property. // // Deprecated: Use versionStatus.history[0].startedTime instead. // +kubebuilder:validation:Optional LastReleaseImageTransitionTime *metav1.Time `json:"lastReleaseImageTransitionTime,omitempty"` // KubeConfig is a reference to the secret containing the default kubeconfig // for this control plane. KubeConfig *KubeconfigSecretRef `json:"kubeConfig,omitempty"` // KubeadminPassword is a reference to the secret containing the initial kubeadmin password // for the guest cluster. // +optional KubeadminPassword *corev1.LocalObjectReference `json:"kubeadminPassword,omitempty"` // Condition contains details for one aspect of the current state of the HostedControlPlane. // Current condition types are: "Available" // +optional Conditions []metav1.Condition `json:"conditions,omitempty"` // Platform contains platform-specific status of the HostedCluster // +optional Platform *PlatformStatus `json:"platform,omitempty"` }
HostedControlPlaneStatus defines the observed state of HostedControlPlane
type IBMCloudKMSAuthSpec ¶
type IBMCloudKMSAuthSpec struct { // Type defines the IBM Cloud KMS authentication strategy // +unionDiscriminator Type IBMCloudKMSAuthType `json:"type"` // Unmanaged defines the auth metadata the customer provides to interact with IBM Cloud KMS // +optional Unmanaged *IBMCloudKMSUnmanagedAuthSpec `json:"unmanaged,omitempty"` // Managed defines metadata around the service to service authentication strategy for the IBM Cloud // KMS system (all provider managed). // +optional Managed *IBMCloudKMSManagedAuthSpec `json:"managed,omitempty"` }
IBMCloudKMSAuthSpec defines metadata for how authentication is done with IBM Cloud KMS
type IBMCloudKMSAuthType ¶
type IBMCloudKMSAuthType string
IBMCloudKMSAuthType defines the IBM Cloud KMS authentication strategy +kubebuilder:validation:Enum=Managed;Unmanaged
const ( // IBMCloudKMSManagedAuth defines the KMS authentication strategy where the IKS/ROKS platform uses // service to service auth to call IBM Cloud KMS APIs (no customer credentials requried) IBMCloudKMSManagedAuth IBMCloudKMSAuthType = "Managed" // IBMCloudKMSUnmanagedAuth defines the KMS authentication strategy where a customer supplies IBM Cloud // authentication to interact with IBM Cloud KMS APIs IBMCloudKMSUnmanagedAuth IBMCloudKMSAuthType = "Unmanaged" )
type IBMCloudKMSKeyEntry ¶
type IBMCloudKMSKeyEntry struct { // CRKID is the customer rook key id CRKID string `json:"crkID"` // InstanceID is the id for the key protect instance InstanceID string `json:"instanceID"` // CorrelationID is an identifier used to track all api call usage from hypershift CorrelationID string `json:"correlationID"` // URL is the url to call key protect apis over // +kubebuilder:validation:Pattern=`^https://` URL string `json:"url"` // KeyVersion is a unique number associated with the key. The number increments whenever a new // key is enabled for data encryption. KeyVersion int `json:"keyVersion"` }
IBMCloudKMSKeyEntry defines metadata for an IBM Cloud KMS encryption key
type IBMCloudKMSManagedAuthSpec ¶
type IBMCloudKMSManagedAuthSpec struct { }
IBMCloudKMSManagedAuthSpec defines metadata around the service to service authentication strategy for the IBM Cloud KMS system (all provider managed).
type IBMCloudKMSSpec ¶
type IBMCloudKMSSpec struct { // Region is the IBM Cloud region Region string `json:"region"` // Auth defines metadata for how authentication is done with IBM Cloud KMS Auth IBMCloudKMSAuthSpec `json:"auth"` // KeyList defines the list of keys used for data encryption KeyList []IBMCloudKMSKeyEntry `json:"keyList"` }
IBMCloudKMSSpec defines metadata for the IBM Cloud KMS encryption strategy
type IBMCloudKMSUnmanagedAuthSpec ¶
type IBMCloudKMSUnmanagedAuthSpec struct { // Credentials should reference a secret with a key field of IBMCloudIAMAPIKeySecretKey that contains a apikey to // call IBM Cloud KMS APIs Credentials corev1.LocalObjectReference `json:"credentials"` }
IBMCloudKMSUnmanagedAuthSpec defines the auth metadata the customer provides to interact with IBM Cloud KMS
type IBMCloudPlatformSpec ¶
type IBMCloudPlatformSpec struct { // ProviderType is a specific supported infrastructure provider within IBM Cloud. ProviderType configv1.IBMCloudProviderType `json:"providerType,omitempty"` }
IBMCloudPlatformSpec defines IBMCloud specific settings for components
type ImageContentSource ¶
type ImageContentSource struct { // Source is the repository that users refer to, e.g. in image pull // specifications. // // +immutable Source string `json:"source"` // Mirrors are one or more repositories that may also contain the same images. // // +optional // +immutable Mirrors []string `json:"mirrors,omitempty"` }
ImageContentSource specifies image mirrors that can be used by cluster nodes to pull content. For cluster workloads, if a container image registry host of the pullspec matches Source then one of the Mirrors are substituted as hosts in the pullspec and tried in order to fetch the image.
type InPlaceUpgrade ¶
type InPlaceUpgrade struct { // during the update. // // Value can be an absolute number (ex: 5) or a percentage of desired nodes // (ex: 10%). // // Absolute number is calculated from percentage by rounding down. // // Defaults to 1. // // Example: when this is set to 30%, a max of 30% of the nodes can be made // unschedulable/unavailable immediately when the update starts. Once a set // of nodes is updated, more nodes can be made unschedulable for update, // ensuring that the total number of nodes schedulable at all times during // the update is at least 70% of desired nodes. // // +optional MaxUnavailable *intstr.IntOrString `json:"maxUnavailable,omitempty"` }
InPlaceUpgrade specifies an upgrade strategy which upgrades nodes in-place without any new nodes being created or any old nodes being deleted.
type KMSProvider ¶
type KMSProvider string
KMSProvider defines the supported KMS providers +kubebuilder:validation:Enum=IBMCloud;AWS
const ( IBMCloud KMSProvider = "IBMCloud" AWS KMSProvider = "AWS" )
type KMSSpec ¶
type KMSSpec struct { // Provider defines the KMS provider // +unionDiscriminator Provider KMSProvider `json:"provider"` // IBMCloud defines metadata for the IBM Cloud KMS encryption strategy // +optional IBMCloud *IBMCloudKMSSpec `json:"ibmcloud,omitempty"` // AWS defines metadata about the configuration of the AWS KMS Secret Encryption provider // +optional AWS *AWSKMSSpec `json:"aws,omitempty"` }
KMSSpec defines metadata about the kms secret encryption strategy
type KubeconfigSecretRef ¶
type KubevirtCompute ¶
type KubevirtCompute struct { // Memory represents how much guest memory the VM should have // // +optional // +kubebuilder:default="8Gi" Memory *resource.Quantity `json:"memory"` // Cores represents how many cores the guest VM should have // // +optional // +kubebuilder:default=2 Cores *uint32 `json:"cores"` }
KubevirtCompute contains values associated with the virtual compute hardware requested for the VM.
type KubevirtDiskImage ¶
type KubevirtDiskImage struct { // ContainerDiskImage is a string representing the container image that holds the root disk // // +optional ContainerDiskImage *string `json:"containerDiskImage,omitempty"` }
KubevirtDiskImage contains values representing where the rhcos image is located
type KubevirtNodePoolPlatform ¶
type KubevirtNodePoolPlatform struct { // RootVolume represents values associated with the VM volume that will host rhcos RootVolume *KubevirtRootVolume `json:"rootVolume"` // Compute contains values representing the virtual hardware requested for the VM // // +optional // +kubebuilder:default={memory: "4Gi", cores: 2} Compute *KubevirtCompute `json:"compute"` }
KubevirtNodePoolPlatform specifies the configuration of a NodePool when operating on KubeVirt platform.
type KubevirtPersistentVolume ¶
type KubevirtPersistentVolume struct { // Size is the size of the persistent storage volume // // +optional // +kubebuilder:default="32Gi" Size *resource.Quantity `json:"size"` // StorageClass is the storageClass used for the underlying PVC that hosts the volume // // +optional StorageClass *string `json:"storageClass,omitempty"` // AccessModes is an array that contains the desired Access Modes the root volume should have. // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes // // +optional AccessModes []PersistentVolumeAccessMode `json:"accessModes,omitempty"` }
KubevirtPersistentVolume contains the values involved with provisioning persistent storage for a KubeVirt VM.
type KubevirtPlatformCredentials ¶
type KubevirtPlatformCredentials struct { // InfraKubeConfigSecret is a reference to a secret that contains the kubeconfig for the external infra cluster // that will be used to host the KubeVirt virtual machines for this cluster. // // +immutable // +kubebuilder:validation:Required // +required InfraKubeConfigSecret *KubeconfigSecretRef `json:"infraKubeConfigSecret,omitempty"` // InfraNamespace defines the namespace on the external infra cluster that is used to host the KubeVirt // virtual machines. This namespace must already exist before creating the HostedCluster and the kubeconfig // referenced in the InfraKubeConfigSecret must have access to manage the required resources within this // namespace. // // +immutable // +kubebuilder:validation:Required // +required InfraNamespace string `json:"infraNamespace"` }
type KubevirtPlatformSpec ¶
type KubevirtPlatformSpec struct { // BaseDomainPassthrough toggles whether or not an automatically // generated base domain for the guest cluster should be used that // is a subdomain of the management cluster's *.apps DNS. // // For the KubeVirt platform, the basedomain can be autogenerated using // the *.apps domain of the management/infra hosting cluster // This makes the guest cluster's base domain a subdomain of the // hypershift infra/mgmt cluster's base domain. // // Example: // Infra/Mgmt cluster's DNS // Base: example.com // Cluster: mgmt-cluster.example.com // Apps: *.apps.mgmt-cluster.example.com // KubeVirt Guest cluster's DNS // Base: apps.mgmt-cluster.example.com // Cluster: guest.apps.mgmt-cluster.example.com // Apps: *.apps.guest.apps.mgmt-cluster.example.com // // This is possible using OCP wildcard routes // // +optional // +immutable BaseDomainPassthrough *bool `json:"baseDomainPassthrough,omitempty"` // GenerateID is used to uniquely apply a name suffix to resources associated with // kubevirt infrastructure resources // +kubebuilder:validation:Optional // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Kubevirt GenerateID is immutable once set" // +kubebuilder:validation:MaxLength=11 // +optional GenerateID string `json:"generateID,omitempty"` // Credentials defines the client credentials used when creating KubeVirt virtual machines. // Defining credentials is only necessary when the KubeVirt virtual machines are being placed // on a cluster separate from the one hosting the Hosted Control Plane components. // // The default behavior when Credentials is not defined is for the KubeVirt VMs to be placed on // the same cluster and namespace as the Hosted Control Plane. // +optional Credentials *KubevirtPlatformCredentials `json:"credentials,omitempty"` }
KubevirtPlatformSpec specifies configuration for kubevirt guest cluster installations +kubebuilder:validation:XValidation:rule="!has(oldSelf.generateID) || has(self.generateID)", message="Kubevirt GenerateID is required once set"
type KubevirtRootVolume ¶
type KubevirtRootVolume struct { // Image represents what rhcos image to use for the node pool // // +optional Image *KubevirtDiskImage `json:"diskImage,omitempty"` // KubevirtVolume represents of type of storage to run the image on KubevirtVolume `json:",inline"` }
KubevirtRootVolume represents the volume that the rhcos disk will be stored and run from.
type KubevirtVolume ¶
type KubevirtVolume struct { // Type represents the type of storage to associate with the kubevirt VMs. // // +optional // +unionDiscriminator // +kubebuilder:default=Persistent Type KubevirtVolumeType `json:"type"` // Persistent volume type means the VM's storage is backed by a PVC // VMs that use persistent volumes can survive disruption events like restart and eviction // This is the default type used when no storage type is defined. // // +optional Persistent *KubevirtPersistentVolume `json:"persistent,omitempty"` }
KubevirtVolume represents what kind of storage to use for a KubeVirt VM volume
type KubevirtVolumeType ¶
type KubevirtVolumeType string
KubevirtVolumeType is a specific supported KubeVirt volumes
+kubebuilder:validation:Enum=Persistent
const ( // KubevirtVolumeTypePersistent represents persistent volume for kubevirt VMs KubevirtVolumeTypePersistent KubevirtVolumeType = "Persistent" )
type LoadBalancerPublishingStrategy ¶
type LoadBalancerPublishingStrategy struct { // Hostname is the name of the DNS record that will be created pointing to the LoadBalancer. // +optional Hostname string `json:"hostname,omitempty"` }
LoadBalancerPublishingStrategy specifies setting used to expose a service as a LoadBalancer.
type MachineNetworkEntry ¶
type MachineNetworkEntry struct { // CIDR is the IP block address pool for machines within the cluster. CIDR ipnet.IPNet `json:"cidr"` }
MachineNetworkEntry is a single IP address block for node IP blocks.
type ManagedEtcdSpec ¶
type ManagedEtcdSpec struct { // Storage specifies how etcd data is persisted. Storage ManagedEtcdStorageSpec `json:"storage"` }
ManagedEtcdSpec specifies the behavior of an etcd cluster managed by HyperShift.
type ManagedEtcdStorageSpec ¶
type ManagedEtcdStorageSpec struct { // Type is the kind of persistent storage implementation to use for etcd. // // +immutable // +unionDiscriminator Type ManagedEtcdStorageType `json:"type"` // PersistentVolume is the configuration for PersistentVolume etcd storage. // With this implementation, a PersistentVolume will be allocated for every // etcd member (either 1 or 3 depending on the HostedCluster control plane // availability configuration). // // +optional PersistentVolume *PersistentVolumeEtcdStorageSpec `json:"persistentVolume,omitempty"` // RestoreSnapshotURL allows an optional list of URLs to be provided where // an etcd snapshot can be downloaded, for example a pre-signed URL // referencing a storage service, one URL per replica. // This snapshot will be restored on initial startup, only when the etcd PV // is empty. // // +optional // +immutable RestoreSnapshotURL []string `json:"restoreSnapshotURL"` }
ManagedEtcdStorageSpec describes the storage configuration for etcd data.
type ManagedEtcdStorageType ¶
type ManagedEtcdStorageType string
ManagedEtcdStorageType is a storage type for an etcd cluster.
+kubebuilder:validation:Enum=PersistentVolume
const ( // PersistentVolumeEtcdStorage uses PersistentVolumes for etcd storage. PersistentVolumeEtcdStorage ManagedEtcdStorageType = "PersistentVolume" )
type NetworkType ¶
type NetworkType string
NetworkType specifies the SDN provider used for cluster networking.
+kubebuilder:validation:Enum=OpenShiftSDN;Calico;OVNKubernetes;Other
const ( // OpenShiftSDN specifies OpenShiftSDN as the SDN provider OpenShiftSDN NetworkType = "OpenShiftSDN" // Calico specifies Calico as the SDN provider Calico NetworkType = "Calico" // OVNKubernetes specifies OVN as the SDN provider OVNKubernetes NetworkType = "OVNKubernetes" // Other specifies an undefined SDN provider Other NetworkType = "Other" )
type NodePool ¶
type NodePool struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` // Spec is the desired behavior of the NodePool. Spec NodePoolSpec `json:"spec,omitempty"` // Status is the latest observed status of the NodePool. Status NodePoolStatus `json:"status,omitempty"` }
NodePool is a scalable set of worker nodes attached to a HostedCluster. NodePool machine architectures are uniform within a given pool, and are independent of the control plane’s underlying machine architecture.
+kubebuilder:resource:path=nodepools,shortName=np;nps,scope=Namespaced +kubebuilder:storageversion +kubebuilder:subresource:status +kubebuilder:object:root=true +kubebuilder:subresource:scale:specpath=.spec.replicas,statuspath=.status.replicas +kubebuilder:printcolumn:name="Cluster",type="string",JSONPath=".spec.clusterName",description="Cluster" +kubebuilder:printcolumn:name="Desired Nodes",type="integer",JSONPath=".spec.replicas",description="Desired Nodes" +kubebuilder:printcolumn:name="Current Nodes",type="integer",JSONPath=".status.replicas",description="Available Nodes" +kubebuilder:printcolumn:name="Autoscaling",type="string",JSONPath=".status.conditions[?(@.type==\"AutoscalingEnabled\")].status",description="Autoscaling Enabled" +kubebuilder:printcolumn:name="Autorepair",type="string",JSONPath=".status.conditions[?(@.type==\"AutorepairEnabled\")].status",description="Node Autorepair Enabled" +kubebuilder:printcolumn:name="Version",type="string",JSONPath=".status.version",description="Current version" +kubebuilder:printcolumn:name="UpdatingVersion",type="string",JSONPath=".status.conditions[?(@.type==\"UpdatingVersion\")].status",description="UpdatingVersion in progress" +kubebuilder:printcolumn:name="UpdatingConfig",type="string",JSONPath=".status.conditions[?(@.type==\"UpdatingConfig\")].status",description="UpdatingConfig in progress" +kubebuilder:printcolumn:name="Message",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].message",description="Message"
type NodePoolAutoScaling ¶
type NodePoolAutoScaling struct { // Min is the minimum number of nodes to maintain in the pool. Must be >= 1. // // +kubebuilder:validation:Minimum=1 Min int32 `json:"min"` // Max is the maximum number of nodes allowed in the pool. Must be >= 1. // // +kubebuilder:validation:Minimum=1 Max int32 `json:"max"` }
NodePoolAutoScaling specifies auto-scaling behavior for a NodePool.
type NodePoolCondition ¶
type NodePoolCondition struct { // Type of condition in CamelCase or in foo.example.com/CamelCase. // Many .condition.type values are consistent across resources like Available, but because arbitrary conditions // can be useful (see .node.status.conditions), the ability to deconflict is important. Type string `json:"type"` // Status of the condition, one of True, False, Unknown. Status corev1.ConditionStatus `json:"status"` // Severity provides an explicit classification of Reason code, so the users or machines can immediately // understand the current situation and act accordingly. // The Severity field MUST be set only when Status=False. // +optional Severity string `json:"severity,omitempty"` // Last time the condition transitioned from one status to another. // This should be when the underlying condition changed. If that is not known, then using the time when // the API field changed is acceptable. LastTransitionTime metav1.Time `json:"lastTransitionTime"` // The reason for the condition's last transition in CamelCase. // The specific API may choose whether or not this field is considered a guaranteed API. // This field may not be empty. // +optional Reason string `json:"reason,omitempty"` // A human readable message indicating details about the transition. // This field may be empty. // +optional Message string `json:"message,omitempty"` // +kubebuilder:validation:Minimum=0 ObservedGeneration int64 `json:"observedGeneration,omitempty"` }
We define our own condition type since metav1.Condition has validation for Reason that might be broken by what we bubble up from CAPI. NodePoolCondition defines an observation of NodePool resource operational state.
type NodePoolList ¶
type NodePoolList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []NodePool `json:"items"` }
NodePoolList contains a list of NodePools.
+kubebuilder:object:root=true
type NodePoolManagement ¶
type NodePoolManagement struct { // UpgradeType specifies the type of strategy for handling upgrades. // // +kubebuilder:validation:Enum=Replace;InPlace // +kubebuilder:validation:XValidation:rule="self == oldSelf", message="UpgradeType is immutable" UpgradeType UpgradeType `json:"upgradeType"` // Replace is the configuration for rolling upgrades. // // +kubebuilder:validation:Optional // +kubebuilder:default={strategy: "RollingUpdate", rollingUpdate: {maxSurge: 1, maxUnavailable: 0 }} Replace *ReplaceUpgrade `json:"replace,omitempty"` // InPlace is the configuration for in-place upgrades. // // +kubebuilder:validation:Optional InPlace *InPlaceUpgrade `json:"inPlace,omitempty"` // AutoRepair specifies whether health checks should be enabled for machines // in the NodePool. The default is false. // // +optional AutoRepair bool `json:"autoRepair"` }
NodePoolManagement specifies behavior for managing nodes in a NodePool, such as upgrade strategies and auto-repair behaviors.
type NodePoolPlatform ¶
type NodePoolPlatform struct { // Type specifies the platform name. // // +unionDiscriminator // +kubebuilder:validation:XValidation:rule="self == oldSelf", message="Type is immutable" // +immutable Type PlatformType `json:"type"` // AWS specifies the configuration used when operating on AWS. // // +optional AWS *AWSNodePoolPlatform `json:"aws,omitempty"` // IBMCloud defines IBMCloud specific settings for components IBMCloud *IBMCloudPlatformSpec `json:"ibmcloud,omitempty"` // Kubevirt specifies the configuration used when operating on KubeVirt platform. // // +optional Kubevirt *KubevirtNodePoolPlatform `json:"kubevirt,omitempty"` // Agent specifies the configuration used when using Agent platform. // // +optional Agent *AgentNodePoolPlatform `json:"agent,omitempty"` Azure *AzureNodePoolPlatform `json:"azure,omitempty"` // PowerVS specifies the configuration used when using IBMCloud PowerVS platform. // // +optional PowerVS *PowerVSNodePoolPlatform `json:"powervs,omitempty"` VSphere *VSphereNodePoolPlatform `json:"vsphere,omitempty"` }
NodePoolPlatform specifies the underlying infrastructure provider for the NodePool and is used to configure platform specific behavior.
type NodePoolSpec ¶
type NodePoolSpec struct { // ClusterName is the name of the HostedCluster this NodePool belongs to. // // TODO(dan): Should this be a LocalObjectReference? // // +immutable // +kubebuilder:validation:XValidation:rule="self == oldSelf", message="ClusterName is immutable" ClusterName string `json:"clusterName"` // Release specifies the OCP release used for the NodePool. This informs the // ignition configuration for machines, as well as other platform specific // machine properties (e.g. an AMI on the AWS platform). Release Release `json:"release"` // Platform specifies the underlying infrastructure provider for the NodePool // and is used to configure platform specific behavior. // // +immutable Platform NodePoolPlatform `json:"platform"` // Replicas is the desired number of nodes the pool should maintain. If // unset, the default value is 0. // // +optional Replicas *int32 `json:"replicas,omitempty"` // Management specifies behavior for managing nodes in the pool, such as // upgrade strategies and auto-repair behaviors. Management NodePoolManagement `json:"management"` // Autoscaling specifies auto-scaling behavior for the NodePool. // // +optional AutoScaling *NodePoolAutoScaling `json:"autoScaling,omitempty"` // Config is a list of references to ConfigMaps containing serialized // MachineConfig resources to be injected into the ignition configurations of // nodes in the NodePool. The MachineConfig API schema is defined here: // // https://github.com/openshift/machine-config-operator/blob/18963e4f8fe66e8c513ca4b131620760a414997f/pkg/apis/machineconfiguration.openshift.io/v1/types.go#L185 // // Each ConfigMap must have a single key named "config" whose value is the // JSON or YAML of a serialized Resource for machineconfiguration.openshift.io: // KubeletConfig // ContainerRuntimeConfig // MachineConfig // or // ImageContentSourcePolicy // // +kubebuilder:validation:Optional Config []corev1.LocalObjectReference `json:"config,omitempty"` // NodeDrainTimeout is the total amount of time that the controller will spend on draining a node. // The default value is 0, meaning that the node can be drained without any time limitations. // NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` // TODO (alberto): Today changing this field will trigger a recreate rolling update, which kind of defeats // the purpose of the change. In future we plan to propagate this field in-place. // https://github.com/kubernetes-sigs/cluster-api/issues/5880 // +optional NodeDrainTimeout *metav1.Duration `json:"nodeDrainTimeout,omitempty"` // NodeLabels propagates a list of labels to Nodes, only once on creation. // Valid values are those in https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set // +optional NodeLabels map[string]string `json:"nodeLabels,omitempty"` // Taints if specified, propagates a list of taints to Nodes, only once on creation. // +optional Taints []Taint `json:"taints,omitempty"` // PausedUntil is a field that can be used to pause reconciliation on a resource. // Either a date can be provided in RFC3339 format or a boolean. If a date is // provided: reconciliation is paused on the resource until that date. If the boolean true is // provided: reconciliation is paused on the resource until the field is removed. // +optional PausedUntil *string `json:"pausedUntil,omitempty"` // TuningConfig is a list of references to ConfigMaps containing serialized // Tuned resources to define the tuning configuration to be applied to // nodes in the NodePool. The Tuned API is defined here: // // https://github.com/openshift/cluster-node-tuning-operator/blob/2c76314fb3cc8f12aef4a0dcd67ddc3677d5b54f/pkg/apis/tuned/v1/tuned_types.go // // Each ConfigMap must have a single key named "tuned" whose value is the // JSON or YAML of a serialized Tuned. // +kubebuilder:validation:Optional TuningConfig []corev1.LocalObjectReference `json:"tuningConfig,omitempty"` }
NodePoolSpec is the desired behavior of a NodePool.
type NodePoolStatus ¶
type NodePoolStatus struct { // Replicas is the latest observed number of nodes in the pool. // // +optional Replicas int32 `json:"replicas"` // Version is the semantic version of the latest applied release specified by // the NodePool. // // +kubebuilder:validation:Optional Version string `json:"version,omitempty"` // Conditions represents the latest available observations of the node pool's // current state. // +optional Conditions []NodePoolCondition `json:"conditions,omitempty"` }
NodePoolStatus is the latest observed status of a NodePool.
type NodePortPublishingStrategy ¶
type NodePortPublishingStrategy struct { // Address is the host/ip that the NodePort service is exposed over. Address string `json:"address"` // Port is the port of the NodePort service. If <=0, the port is dynamically // assigned when the service is created. Port int32 `json:"port,omitempty"` }
NodePortPublishingStrategy specifies a NodePort used to expose a service.
type OLMCatalogPlacement ¶
type OLMCatalogPlacement string
OLMCatalogPlacement is an enum specifying the placement of OLM catalog components. +kubebuilder:validation:Enum=management;guest
const ( // ManagementOLMCatalogPlacement indicates OLM catalog components will be placed in // the management cluster. ManagementOLMCatalogPlacement OLMCatalogPlacement = "management" // GuestOLMCatalogPlacement indicates OLM catalog components will be placed in // the guest cluster. GuestOLMCatalogPlacement OLMCatalogPlacement = "guest" )
type PersistentVolumeAccessMode ¶
type PersistentVolumeAccessMode corev1.PersistentVolumeAccessMode
+kubebuilder:validation:Enum=ReadWriteOnce;ReadWriteMany;ReadOnly;ReadWriteOncePod
type PersistentVolumeEtcdStorageSpec ¶
type PersistentVolumeEtcdStorageSpec struct { // StorageClassName is the StorageClass of the data volume for each etcd member. // // See https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1. // // +optional // +immutable StorageClassName *string `json:"storageClassName,omitempty"` // Size is the minimum size of the data volume for each etcd member. // // +optional // +kubebuilder:default="8Gi" Size *resource.Quantity `json:"size,omitempty"` }
PersistentVolumeEtcdStorageSpec is the configuration for PersistentVolume etcd storage.
type PlatformSpec ¶
type PlatformSpec struct { // Type is the type of infrastructure provider for the cluster. // // +unionDiscriminator // +immutable Type PlatformType `json:"type"` // AWS specifies configuration for clusters running on Amazon Web Services. // // +optional // +immutable AWS *AWSPlatformSpec `json:"aws,omitempty"` // Agent specifies configuration for agent-based installations. // // +optional // +immutable Agent *AgentPlatformSpec `json:"agent,omitempty"` // IBMCloud defines IBMCloud specific settings for components IBMCloud *IBMCloudPlatformSpec `json:"ibmcloud,omitempty"` // Azure defines azure specific settings Azure *AzurePlatformSpec `json:"azure,omitempty"` // PowerVS specifies configuration for clusters running on IBMCloud Power VS Service. // This field is immutable. Once set, It can't be changed. // // +optional // +immutable PowerVS *PowerVSPlatformSpec `json:"powervs,omitempty"` // KubeVirt defines KubeVirt specific settings for cluster components. // // +optional // +immutable Kubevirt *KubevirtPlatformSpec `json:"kubevirt,omitempty"` // IBMCloud defines IBMCloud specific settings for components VSphere *VSpherePlatformSpec `json:"vsphere,omitempty"` }
PlatformSpec specifies the underlying infrastructure provider for the cluster and is used to configure platform specific behavior.
type PlatformStatus ¶
type PlatformStatus struct { // +optional AWS *AWSPlatformStatus `json:"aws,omitempty"` }
PlatformStatus contains platform-specific status
type PlatformType ¶
type PlatformType string
PlatformType is a specific supported infrastructure provider.
+kubebuilder:validation:Enum=AWS;None;IBMCloud;Agent;KubeVirt;Azure;PowerVS;VSphere
const ( // AWSPlatform represents Amazon Web Services infrastructure. AWSPlatform PlatformType = "AWS" // NonePlatform represents user supplied (e.g. bare metal) infrastructure. NonePlatform PlatformType = "None" // IBMCloudPlatform represents IBM Cloud infrastructure. IBMCloudPlatform PlatformType = "IBMCloud" // AgentPlatform represents user supplied insfrastructure booted with agents. AgentPlatform PlatformType = "Agent" // KubevirtPlatform represents Kubevirt infrastructure. KubevirtPlatform PlatformType = "KubeVirt" // AzurePlatform represents Azure infrastructure. AzurePlatform PlatformType = "Azure" // PowerVSPlatform represents PowerVS infrastructure. PowerVSPlatform PlatformType = "PowerVS" // VSpherePlatform represents vSphere infrastructure. VSpherePlatform PlatformType = "VSphere" )
type PowerVSNodePoolImageDeletePolicy ¶
type PowerVSNodePoolImageDeletePolicy string
PowerVSNodePoolImageDeletePolicy defines image delete policy to be used for PowerVSNodePoolPlatform
type PowerVSNodePoolPlatform ¶
type PowerVSNodePoolPlatform struct { // SystemType is the System type used to host the instance. // systemType determines the number of cores and memory that is available. // Few of the supported SystemTypes are s922,e880,e980. // e880 systemType available only in Dallas Datacenters. // e980 systemType available in Datacenters except Dallas and Washington. // When omitted, this means that the user has no opinion and the platform is left to choose a // reasonable default. The current default is s922 which is generally available. // // +optional // +kubebuilder:default=s922 SystemType string `json:"systemType,omitempty"` // ProcessorType is the VM instance processor type. // It must be set to one of the following values: Dedicated, Capped or Shared. // // Dedicated: resources are allocated for a specific client, The hypervisor makes a 1:1 binding of a partition’s processor to a physical processor core. // Shared: Shared among other clients. // Capped: Shared, but resources do not expand beyond those that are requested, the amount of CPU time is Capped to the value specified for the entitlement. // // if the processorType is selected as Dedicated, then Processors value cannot be fractional. // When omitted, this means that the user has no opinion and the platform is left to choose a // reasonable default. The current default is Shared. // // +kubebuilder:default=shared // +kubebuilder:validation:Enum=dedicated;shared;capped // +optional ProcessorType PowerVSNodePoolProcType `json:"processorType,omitempty"` // Processors is the number of virtual processors in a virtual machine. // when the processorType is selected as Dedicated the processors value cannot be fractional. // maximum value for the Processors depends on the selected SystemType. // when SystemType is set to e880 or e980 maximum Processors value is 143. // when SystemType is set to s922 maximum Processors value is 15. // minimum value for Processors depends on the selected ProcessorType. // when ProcessorType is set as Shared or Capped, The minimum processors is 0.5. // when ProcessorType is set as Dedicated, The minimum processors is 1. // When omitted, this means that the user has no opinion and the platform is left to choose a // reasonable default. The default is set based on the selected ProcessorType. // when ProcessorType selected as Dedicated, the default is set to 1. // when ProcessorType selected as Shared or Capped, the default is set to 0.5. // // +optional // +kubebuilder:default="0.5" Processors intstr.IntOrString `json:"processors,omitempty"` // MemoryGiB is the size of a virtual machine's memory, in GiB. // maximum value for the MemoryGiB depends on the selected SystemType. // when SystemType is set to e880 maximum MemoryGiB value is 7463 GiB. // when SystemType is set to e980 maximum MemoryGiB value is 15307 GiB. // when SystemType is set to s922 maximum MemoryGiB value is 942 GiB. // The minimum memory is 32 GiB. // // When omitted, this means the user has no opinion and the platform is left to choose a reasonable // default. The current default is 32. // // +optional // +kubebuilder:default=32 MemoryGiB int32 `json:"memoryGiB,omitempty"` // Image used for deploying the nodes. If unspecified, the default // is chosen based on the NodePool release payload image. // // +optional Image *PowerVSResourceReference `json:"image,omitempty"` // StorageType for the image and nodes, this will be ignored if Image is specified. // The storage tiers in PowerVS are based on I/O operations per second (IOPS). // It means that the performance of your storage volumes is limited to the maximum number of IOPS based on volume size and storage tier. // Although, the exact numbers might change over time, the Tier 3 storage is currently set to 3 IOPS/GB, and the Tier 1 storage is currently set to 10 IOPS/GB. // // The default is tier1 // // +kubebuilder:default=tier1 // +kubebuilder:validation:Enum=tier1;tier3 // +optional StorageType PowerVSNodePoolStorageType `json:"storageType,omitempty"` // ImageDeletePolicy is policy for the image deletion. // // delete: delete the image from the infrastructure. // retain: delete the image from the openshift but retain in the infrastructure. // // The default is delete // // +kubebuilder:default=delete // +kubebuilder:validation:Enum=delete;retain // +optional ImageDeletePolicy PowerVSNodePoolImageDeletePolicy `json:"imageDeletePolicy,omitempty"` }
PowerVSNodePoolPlatform specifies the configuration of a NodePool when operating on IBMCloud PowerVS platform.
type PowerVSNodePoolProcType ¶
type PowerVSNodePoolProcType string
PowerVSNodePoolProcType defines processor type to be used for PowerVSNodePoolPlatform
func (*PowerVSNodePoolProcType) Set ¶
func (p *PowerVSNodePoolProcType) Set(s string) error
func (*PowerVSNodePoolProcType) String ¶
func (p *PowerVSNodePoolProcType) String() string
func (*PowerVSNodePoolProcType) Type ¶
func (p *PowerVSNodePoolProcType) Type() string
type PowerVSNodePoolStorageType ¶
type PowerVSNodePoolStorageType string
PowerVSNodePoolStorageType defines storage type to be used for PowerVSNodePoolPlatform
type PowerVSPlatformSpec ¶
type PowerVSPlatformSpec struct { // AccountID is the IBMCloud account id. // This field is immutable. Once set, It can't be changed. // // +immutable AccountID string `json:"accountID"` // CISInstanceCRN is the IBMCloud CIS Service Instance's Cloud Resource Name // This field is immutable. Once set, It can't be changed. // // +kubebuilder:validation:Pattern=`^crn:` // +immutable CISInstanceCRN string `json:"cisInstanceCRN"` // ResourceGroup is the IBMCloud Resource Group in which the cluster resides. // This field is immutable. Once set, It can't be changed. // // +immutable ResourceGroup string `json:"resourceGroup"` // Region is the IBMCloud region in which the cluster resides. This configures the // OCP control plane cloud integrations, and is used by NodePool to resolve // the correct boot image for a given release. // This field is immutable. Once set, It can't be changed. // // +immutable Region string `json:"region"` // Zone is the availability zone where control plane cloud resources are // created. // This field is immutable. Once set, It can't be changed. // // +immutable Zone string `json:"zone"` // Subnet is the subnet to use for control plane cloud resources. // This field is immutable. Once set, It can't be changed. // // +immutable Subnet *PowerVSResourceReference `json:"subnet"` // ServiceInstance is the reference to the Power VS service on which the server instance(VM) will be created. // Power VS service is a container for all Power VS instances at a specific geographic region. // serviceInstance can be created via IBM Cloud catalog or CLI. // ServiceInstanceID is the unique identifier that can be obtained from IBM Cloud UI or IBM Cloud cli. // // More detail about Power VS service instance. // https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-creating-power-virtual-server // // This field is immutable. Once set, It can't be changed. // // +immutable ServiceInstanceID string `json:"serviceInstanceID"` // VPC specifies IBM Cloud PowerVS Load Balancing configuration for the control // plane. // This field is immutable. Once set, It can't be changed. // // +immutable VPC *PowerVSVPC `json:"vpc"` // KubeCloudControllerCreds is a reference to a secret containing cloud // credentials with permissions matching the cloud controller policy. // This field is immutable. Once set, It can't be changed. // // TODO(dan): document the "cloud controller policy" // // +immutable KubeCloudControllerCreds corev1.LocalObjectReference `json:"kubeCloudControllerCreds"` // NodePoolManagementCreds is a reference to a secret containing cloud // credentials with permissions matching the node pool management policy. // This field is immutable. Once set, It can't be changed. // // TODO(dan): document the "node pool management policy" // // +immutable NodePoolManagementCreds corev1.LocalObjectReference `json:"nodePoolManagementCreds"` // IngressOperatorCloudCreds is a reference to a secret containing ibm cloud // credentials for ingress operator to get authenticated with ibm cloud. // // +immutable IngressOperatorCloudCreds corev1.LocalObjectReference `json:"ingressOperatorCloudCreds"` // StorageOperatorCloudCreds is a reference to a secret containing ibm cloud // credentials for storage operator to get authenticated with ibm cloud. // // +immutable StorageOperatorCloudCreds corev1.LocalObjectReference `json:"storageOperatorCloudCreds"` }
PowerVSPlatformSpec defines IBMCloud PowerVS specific settings for components
type PowerVSResourceReference ¶
type PowerVSResourceReference struct { // ID of resource // +optional ID *string `json:"id,omitempty"` // Name of resource // +optional Name *string `json:"name,omitempty"` }
PowerVSResourceReference is a reference to a specific IBMCloud PowerVS resource by ID, or Name. Only one of ID, or Name may be specified. Specifying more than one will result in a validation error.
type PowerVSVPC ¶
type PowerVSVPC struct { // Name for VPC to used for all the service load balancer. // This field is immutable. Once set, It can't be changed. // // +immutable Name string `json:"name"` // Region is the IBMCloud region in which VPC gets created, this VPC used for all the ingress traffic // into the OCP cluster. // This field is immutable. Once set, It can't be changed. // // +immutable Region string `json:"region"` // Zone is the availability zone where load balancer cloud resources are // created. // This field is immutable. Once set, It can't be changed. // // +immutable // +optional Zone string `json:"zone,omitempty"` // Subnet is the subnet to use for load balancer. // This field is immutable. Once set, It can't be changed. // // +immutable // +optional Subnet string `json:"subnet,omitempty"` }
PowerVSVPC specifies IBM Cloud PowerVS LoadBalancer configuration for the control plane.
type PublishingStrategyType ¶
type PublishingStrategyType string
PublishingStrategyType defines publishing strategies for services.
var ( // LoadBalancer exposes a service with a LoadBalancer kube service. LoadBalancer PublishingStrategyType = "LoadBalancer" // NodePort exposes a service with a NodePort kube service. NodePort PublishingStrategyType = "NodePort" // Route exposes services with a Route + ClusterIP kube service. Route PublishingStrategyType = "Route" // S3 exposes a service through an S3 bucket S3 PublishingStrategyType = "S3" // None disables exposing the service None PublishingStrategyType = "None" )
type Release ¶
type Release struct { // Image is the image pullspec of an OCP release payload image. // // +kubebuilder:validation:Pattern=^(\w+\S+)$ Image string `json:"image"` }
Release represents the metadata for an OCP release payload image.
type ReplaceUpgrade ¶
type ReplaceUpgrade struct { // Strategy is the node replacement strategy for nodes in the pool. // // +kubebuilder:validation:Optional // +kubebuilder:validation:Enum=RollingUpdate;OnDelete Strategy UpgradeStrategy `json:"strategy"` // RollingUpdate specifies a rolling update strategy which upgrades nodes by // creating new nodes and deleting the old ones. // // +kubebuilder:validation:Optional RollingUpdate *RollingUpdate `json:"rollingUpdate,omitempty"` }
ReplaceUpgrade specifies upgrade behavior that replaces existing nodes according to a given strategy.
type RollingUpdate ¶
type RollingUpdate struct { // during the update. // // Value can be an absolute number (ex: 5) or a percentage of desired nodes // (ex: 10%). // // Absolute number is calculated from percentage by rounding down. // // This can not be 0 if MaxSurge is 0. // // Defaults to 0. // // Example: when this is set to 30%, old nodes can be deleted down to 70% of // desired nodes immediately when the rolling update starts. Once new nodes // are ready, more old nodes be deleted, followed by provisioning new nodes, // ensuring that the total number of nodes available at all times during the // update is at least 70% of desired nodes. // // +optional MaxUnavailable *intstr.IntOrString `json:"maxUnavailable,omitempty"` // MaxSurge is the maximum number of nodes that can be provisioned above the // desired number of nodes. // // Value can be an absolute number (ex: 5) or a percentage of desired nodes // (ex: 10%). // // Absolute number is calculated from percentage by rounding up. // // This can not be 0 if MaxUnavailable is 0. // // Defaults to 1. // // Example: when this is set to 30%, new nodes can be provisioned immediately // when the rolling update starts, such that the total number of old and new // nodes do not exceed 130% of desired nodes. Once old nodes have been // deleted, new nodes can be provisioned, ensuring that total number of nodes // running at any time during the update is at most 130% of desired nodes. // // +optional MaxSurge *intstr.IntOrString `json:"maxSurge,omitempty"` }
RollingUpdate specifies a rolling update strategy which upgrades nodes by creating new nodes and deleting the old ones.
type RoutePublishingStrategy ¶
type RoutePublishingStrategy struct { // Hostname is the name of the DNS record that will be created pointing to the Route. // +optional Hostname string `json:"hostname,omitempty"` }
RoutePublishingStrategy specifies options for exposing a service as a Route.
type SecretEncryptionSpec ¶
type SecretEncryptionSpec struct { // Type defines the type of kube secret encryption being used // +unionDiscriminator Type SecretEncryptionType `json:"type"` // KMS defines metadata about the kms secret encryption strategy // +optional KMS *KMSSpec `json:"kms,omitempty"` // AESCBC defines metadata about the AESCBC secret encryption strategy // +optional AESCBC *AESCBCSpec `json:"aescbc,omitempty"` }
SecretEncryptionSpec contains metadata about the kubernetes secret encryption strategy being used for the cluster when applicable.
type SecretEncryptionType ¶
type SecretEncryptionType string
SecretEncryptionType defines the type of kube secret encryption being used. +kubebuilder:validation:Enum=kms;aescbc
const ( // KMS integrates with a cloud provider's key management service to do secret encryption KMS SecretEncryptionType = "kms" // AESCBC uses AES-CBC with PKCS#7 padding to do secret encryption AESCBC SecretEncryptionType = "aescbc" )
type ServiceNetworkEntry ¶
type ServiceNetworkEntry struct { // CIDR is the IP block address pool for services within the cluster. CIDR ipnet.IPNet `json:"cidr"` }
ServiceNetworkEntry is a single IP address block for the service network.
type ServicePublishingStrategy ¶
type ServicePublishingStrategy struct { // Type is the publishing strategy used for the service. // // +kubebuilder:validation:Enum=LoadBalancer;NodePort;Route;None;S3 // +immutable Type PublishingStrategyType `json:"type"` // NodePort configures exposing a service using a NodePort. NodePort *NodePortPublishingStrategy `json:"nodePort,omitempty"` // LoadBalancer configures exposing a service using a LoadBalancer. LoadBalancer *LoadBalancerPublishingStrategy `json:"loadBalancer,omitempty"` // Route configures exposing a service using a Route. Route *RoutePublishingStrategy `json:"route,omitempty"` }
ServicePublishingStrategy specfies how to publish a ServiceType.
type ServicePublishingStrategyMapping ¶
type ServicePublishingStrategyMapping struct { // Service identifies the type of service being published. // // +kubebuilder:validation:Enum=APIServer;OAuthServer;OIDC;Konnectivity;Ignition;OVNSbDb // +immutable Service ServiceType `json:"service"` // ServicePublishingStrategy specifies how to publish Service. ServicePublishingStrategy `json:"servicePublishingStrategy"` }
ServicePublishingStrategyMapping specifies how individual control plane services are published from the hosting cluster of a control plane.
type ServiceType ¶
type ServiceType string
ServiceType defines what control plane services can be exposed from the management control plane.
var ( // APIServer is the control plane API server. APIServer ServiceType = "APIServer" // Konnectivity is the control plane Konnectivity networking service. Konnectivity ServiceType = "Konnectivity" // OAuthServer is the control plane OAuth service. OAuthServer ServiceType = "OAuthServer" // OIDC is the control plane OIDC service. OIDC ServiceType = "OIDC" // Ignition is the control plane ignition service for nodes. Ignition ServiceType = "Ignition" // OVNSbDb is the optional control plane ovn southbound database service used by OVNKubernetes CNI. OVNSbDb ServiceType = "OVNSbDb" )
type Taint ¶
type Taint struct { // Required. The taint key to be applied to a node. Key string `json:"key"` // The taint value corresponding to the taint key. // +optional // +kubebuilder:validation:Pattern:=`(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?` Value string `json:"value,omitempty"` // Required. The effect of the taint on pods // that do not tolerate the taint. // Valid effects are NoSchedule, PreferNoSchedule and NoExecute. Effect corev1.TaintEffect `json:"effect"` }
Taint is as v1 Core but without TimeAdded. https://github.com/kubernetes/kubernetes/blob/ed8cad1e80d096257921908a52ac69cf1f41a098/staging/src/k8s.io/api/core/v1/types.go#L3037-L3053
type UnmanagedEtcdSpec ¶
type UnmanagedEtcdSpec struct { // Endpoint is the full etcd cluster client endpoint URL. For example: // // https://etcd-client:2379 // // If the URL uses an HTTPS scheme, the TLS field is required. // // +kubebuilder:validation:Pattern=`^https://` Endpoint string `json:"endpoint"` // TLS specifies TLS configuration for HTTPS etcd client endpoints. TLS EtcdTLSConfig `json:"tls"` }
UnmanagedEtcdSpec specifies configuration which enables the control plane to integrate with an eternally managed etcd cluster.
type UpgradeStrategy ¶
type UpgradeStrategy string
UpgradeStrategy is a specific strategy for upgrading nodes in a NodePool.
type UpgradeType ¶
type UpgradeType string
UpgradeType is a type of high-level upgrade behavior nodes in a NodePool.
func (*UpgradeType) Set ¶
func (p *UpgradeType) Set(s string) error
func (*UpgradeType) String ¶
func (p *UpgradeType) String() string
func (*UpgradeType) Type ¶
func (p *UpgradeType) Type() string
type VSphereDiskType ¶
type VSphereDiskType string
VSphereDiskType is a disk provisioning type for vsphere. +kubebuilder:validation:Enum="";thin;thick;eagerZeroedThick
const ( // DiskTypeThin uses Thin disk provisioning type for vsphere in the cluster. DiskTypeThin VSphereDiskType = "thin" // DiskTypeThick uses Thick disk provisioning type for vsphere in the cluster. DiskTypeThick VSphereDiskType = "thick" // DiskTypeEagerZeroedThick uses EagerZeroedThick disk provisioning type for vsphere in the cluster. DiskTypeEagerZeroedThick VSphereDiskType = "eagerZeroedThick" )
type VSphereNodePoolPlatform ¶
type VSphereNodePoolPlatform struct { VMSize string `json:"vmsize"` // Template is the name of the VM or template which is cloned to create new nodes Template string `json:"template"` // +kubebuilder:default:=120 // +kubebuilder:validation:Minimum=16 // +optional DiskSizeGB int32 `json:"diskSizeGB,omitempty"` // Cpus is the number of vCPUs allocated to a node // +kubebuilder:default:=4 // +kubebuilder:validation:Minimum=2 // +optional Cpus int32 `json:"cpus,omitempty"` // CoresPerSocket defines the topology of cores per socket to the node // +kubebuilder:default:=1 // +kubebuilder:validation:Minimum=1 // +optional CoresPerSocket int32 `json:"coresPerSocket,omitempty"` // MemoryMB defines the amount of memory allocated to the node // +kubebuilder:default:=16384 // +kubebuilder:validation:Minimum=8192 // +optional MemoryMB int32 `json:"memoryMB,omitempty"` // Datacenter is the name of the datacenter to use in the vCenter. Datacenter string `json:"datacenter"` // DefaultDatastore is the default datastore to use for provisioning volumes. DefaultDatastore string `json:"defaultDatastore"` // Folder is the absolute path of the folder that will be used and/or created for // virtual machines. The absolute path is of the form /<datacenter>/vm/<folder>/<subfolder>. Folder string `json:"folder,omitempty"` // Cluster is the name of the cluster virtual machines will be cloned into. Cluster string `json:"cluster,omitempty"` // ResourcePool is the absolute path of the resource pool where virtual machines will be // created. The absolute path is of the form /<datacenter>/host/<cluster>/Resources/<resourcepool>. ResourcePool string `json:"resourcePool,omitempty"` // Network specifies the name of the network to be used by the cluster. Network string `json:"network,omitempty"` }
type VSpherePlatformSpec ¶
type VSpherePlatformSpec struct { // VCenter is the domain name or IP address of the vCenter. VCenter string `json:"vCenter"` // secretName refers to name of the secret containing the username and password // required to connect to the vCenter SecretName string `json:"secretName"` // Datacenter is the name of the datacenter to use in the vCenter. Datacenter string `json:"datacenter"` // DefaultDatastore is the default datastore to use for provisioning volumes. DefaultDatastore string `json:"defaultDatastore"` // Folder is the absolute path of the folder that will be used and/or created for // virtual machines. The absolute path is of the form /<datacenter>/vm/<folder>/<subfolder>. Folder string `json:"folder,omitempty"` // Cluster is the name of the cluster virtual machines will be cloned into. Cluster string `json:"cluster,omitempty"` // ResourcePool is the absolute path of the resource pool where virtual machines will be // created. The absolute path is of the form /<datacenter>/host/<cluster>/Resources/<resourcepool>. ResourcePool string `json:"resourcePool,omitempty"` // ClusterOSImage overrides the url provided in rhcos.json to download the RHCOS OVA ClusterOSImage string `json:"clusterOSImage,omitempty"` // APIVIP is the virtual IP address for the api endpoint // // +kubebuilder:validation:format=ip // +optional APIVIP string `json:"apiVIP,omitempty"` // IngressVIP is the virtual IP address for ingress // // +kubebuilder:validation:format=ip // +optional IngressVIP string `json:"ingressVIP,omitempty"` // Network specifies the name of the network to be used by the cluster. Network string `json:"network,omitempty"` // DiskType is the name of the disk provisioning type, // valid values are thin, thick, and eagerZeroedThick. When not // specified, it will be set according to the default storage policy // of vsphere. DiskType VSphereDiskType `json:"diskType,omitempty"` // TemplateVM the name of a VM that will be cloned to create compute nodes TemplateVM string `json:"templateVM"` // NumCPUs the number of vCPUs to be assigned to a VM NumCPUs int32 `json:"numCpus"` // NumCoresPerSocket the number of CPU cores per socket NumCoresPerSocket int32 `json:"numCoresPerSocket"` // MemoryMiB the amount of memory allocated to a VM in MiB MemoryMiB int64 `json:"memoryMiB"` // DiskSizeGB the amount of storage allocated to a VM in GiB DiskSizeGiB int32 `json:"diskSizeGiB"` }
VSpherePlatformSpec defines VSphere specific settings for components
type Volume ¶
type Volume struct { // Size specifies size (in Gi) of the storage device. // // Must be greater than the image snapshot size or 8 (whichever is greater). // // +kubebuilder:validation:Minimum=8 Size int64 `json:"size"` // Type is the type of the volume. Type string `json:"type"` // IOPS is the number of IOPS requested for the disk. This is only valid // for type io1. // // +optional IOPS int64 `json:"iops,omitempty"` // Encrypted is whether the volume should be encrypted or not. // +optional // +kubebuilder:validation:XValidation:rule="self == oldSelf", message="Encrypted is immutable" Encrypted *bool `json:"encrypted,omitempty"` // EncryptionKey is the KMS key to use to encrypt the volume. Can be either a KMS key ID or ARN. // If Encrypted is set and this is omitted, the default AWS key will be used. // The key must already exist and be accessible by the controller. // +optional EncryptionKey string `json:"encryptionKey,omitempty"` }
Volume specifies the configuration options for node instance storage devices.