diff --git a/Makefile b/Makefile index 6d664ef34fe..468d996fbf8 100644 --- a/Makefile +++ b/Makefile @@ -17,7 +17,7 @@ GO_BUILD_PACKAGES :=$(GO_PACKAGES) GO_BUILD_PACKAGES_EXPANDED :=$(GO_BUILD_PACKAGES) # LDFLAGS are not needed for dummy builds (saving time on calling git commands) GO_LD_FLAGS:= -CONTROLLER_GEN_VERSION :=v0.7.0 +CONTROLLER_GEN_VERSION :=v0.9.2 # $1 - target name # $2 - apis diff --git a/apiserver/v1/apiserver.openshift.io_apirequestcount.yaml b/apiserver/v1/apiserver.openshift.io_apirequestcount.yaml index 5083968d195..c3c97800375 100644 --- a/apiserver/v1/apiserver.openshift.io_apirequestcount.yaml +++ b/apiserver/v1/apiserver.openshift.io_apirequestcount.yaml @@ -67,7 +67,7 @@ spec: description: conditions contains details of the current status of this API Resource. type: array items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n \ttype FooStatus struct{ \t // Represents the observations of a foo's current state. \t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" \t // +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map \t // +listMapKey=type \t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields \t}" + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" type: object required: - lastTransitionTime diff --git a/authorization/v1/0000_03_authorization-openshift_01_rolebindingrestriction.crd.yaml b/authorization/v1/0000_03_authorization-openshift_01_rolebindingrestriction.crd.yaml index 0158c8be683..c968a1c7e14 100644 --- a/authorization/v1/0000_03_authorization-openshift_01_rolebindingrestriction.crd.yaml +++ b/authorization/v1/0000_03_authorization-openshift_01_rolebindingrestriction.crd.yaml @@ -77,6 +77,7 @@ spec: type: object additionalProperties: type: string + x-kubernetes-map-type: atomic nullable: true nullable: true serviceaccountrestriction: @@ -145,6 +146,7 @@ spec: type: object additionalProperties: type: string + x-kubernetes-map-type: atomic nullable: true users: description: Users specifies a list of literal user names. diff --git a/authorization/v1/generated.pb.go b/authorization/v1/generated.pb.go index 4a38ab6f76c..cc9af1340a3 100644 --- a/authorization/v1/generated.pb.go +++ b/authorization/v1/generated.pb.go @@ -1053,7 +1053,7 @@ func init() { } var fileDescriptor_39b89822f939ca46 = []byte{ - // 1821 bytes of a gzipped FileDescriptorProto + // 1823 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x19, 0xcd, 0x6f, 0x1b, 0x59, 0x3d, 0xcf, 0x76, 0x1c, 0xfb, 0xe7, 0x26, 0xce, 0xbe, 0x66, 0xdb, 0x69, 0xa0, 0xb6, 0x35, 0x20, 0x48, 0x05, 0x3b, 0x26, 0x01, 0x4a, 0xdb, 0x15, 0x5a, 0xd9, 0xdd, 0xa8, 0x8a, 0x54, 0x9a, 0xec, @@ -1110,64 +1110,64 @@ var fileDescriptor_39b89822f939ca46 = []byte{ 0x37, 0xbc, 0x2e, 0x83, 0x13, 0x46, 0x24, 0x57, 0xb5, 0x0e, 0xd7, 0x77, 0xd8, 0x1e, 0x75, 0x19, 0x2f, 0x0b, 0x99, 0xb4, 0x2d, 0xc3, 0xa0, 0x8c, 0x11, 0x7a, 0x6c, 0xd2, 0x87, 0xaa, 0x05, 0xd7, 0xee, 0x3b, 0x86, 0x6e, 0x05, 0x2d, 0x3f, 0x0a, 0xc4, 0xbb, 0xc1, 0x25, 0x2d, 0xe3, 0xb1, 0x99, - 0xc1, 0x69, 0x3e, 0x61, 0xbb, 0xc0, 0x75, 0x23, 0x92, 0x8d, 0xfa, 0xd3, 0x1c, 0x28, 0x42, 0x5c, - 0x8a, 0x2a, 0x2f, 0x5d, 0x1a, 0xbf, 0x22, 0x79, 0x6f, 0x49, 0x0e, 0x0a, 0xbc, 0xf5, 0x10, 0x01, - 0xc1, 0x9f, 0x9e, 0x84, 0x28, 0x2f, 0x42, 0x54, 0x1d, 0x8f, 0xea, 0x15, 0x3f, 0x44, 0xfb, 0x96, - 0x69, 0xd0, 0x49, 0x9c, 0xbe, 0x01, 0x45, 0x66, 0x38, 0x03, 0xca, 0xc4, 0x28, 0x50, 0xd9, 0xba, - 0x7d, 0x8a, 0xae, 0xb4, 0x2f, 0x18, 0xf8, 0x69, 0xe0, 0xff, 0x26, 0x92, 0xa9, 0xfa, 0x13, 0x04, - 0xab, 0xbc, 0x31, 0x1d, 0x44, 0xef, 0xc3, 0x06, 0x14, 0xf8, 0xd0, 0x23, 0x67, 0xa2, 0x89, 0xfa, - 0x62, 0x16, 0x10, 0x10, 0xfc, 0x3e, 0x14, 0x78, 0xb7, 0x90, 0x1d, 0xf9, 0xb4, 0x29, 0x3d, 0xe1, - 0x2c, 0x5a, 0x90, 0xe0, 0xa8, 0xfe, 0x06, 0xc1, 0xd5, 0xa4, 0x42, 0xc1, 0x75, 0x73, 0xb2, 0x5e, - 0x1e, 0x54, 0xdc, 0x90, 0x40, 0xaa, 0x77, 0xc6, 0x3e, 0x72, 0x59, 0xca, 0xa9, 0x44, 0x0e, 0x49, - 0x54, 0x8c, 0xfa, 0x18, 0x81, 0x18, 0x18, 0x0f, 0xe6, 0xf4, 0xde, 0x3b, 0x31, 0xef, 0x35, 0x33, - 0xa8, 0x37, 0xd3, 0x6d, 0xbf, 0x0a, 0xe2, 0x98, 0xcd, 0x5f, 0xfd, 0x34, 0x7f, 0xdd, 0xcc, 0xaa, - 0xd0, 0xdc, 0x8e, 0xba, 0x03, 0xcb, 0xb1, 0x9b, 0x12, 0xd7, 0x83, 0xde, 0xe8, 0x37, 0xaa, 0x72, - 0xb2, 0xbf, 0xdd, 0x29, 0xfd, 0xfc, 0x17, 0xf5, 0x85, 0xc7, 0x7f, 0x6b, 0x2c, 0xa8, 0x6f, 0xc2, - 0x4a, 0x3c, 0x9f, 0xb3, 0x10, 0xff, 0x38, 0x0f, 0x10, 0x0e, 0x52, 0x9c, 0x92, 0x8f, 0xeb, 0x31, - 0x4a, 0x3e, 0xc5, 0x33, 0xe2, 0x9f, 0xe3, 0x1f, 0x22, 0x78, 0x5d, 0xf7, 0x3c, 0xd7, 0xec, 0x0c, - 0x3d, 0x1a, 0x69, 0xad, 0xc1, 0x0c, 0x92, 0x71, 0x14, 0xbd, 0x2e, 0x3d, 0xf3, 0x7a, 0x2b, 0x8d, - 0x27, 0x49, 0x17, 0x85, 0x3f, 0x03, 0x65, 0x7d, 0x60, 0xde, 0x8b, 0xb6, 0x09, 0x31, 0xc1, 0x04, - 0x2b, 0x03, 0x23, 0x21, 0x9c, 0x23, 0x07, 0x53, 0xba, 0x3f, 0x58, 0x48, 0xe4, 0xa0, 0xbd, 0x32, - 0x12, 0xc2, 0xf1, 0x97, 0x60, 0x39, 0x3a, 0xd2, 0x33, 0x65, 0x51, 0x10, 0xbc, 0x36, 0x1e, 0xd5, - 0x97, 0xa3, 0x93, 0x3f, 0x23, 0x71, 0x3c, 0xdc, 0x86, 0xaa, 0x1d, 0x9b, 0xd2, 0x99, 0x52, 0x14, - 0xa4, 0xca, 0x78, 0x54, 0x5f, 0x8b, 0x0f, 0xf0, 0xb2, 0x91, 0x25, 0x09, 0xd4, 0x2e, 0xac, 0x5d, - 0x4c, 0xcf, 0xff, 0x3b, 0x82, 0x8f, 0xa7, 0x49, 0x22, 0x94, 0x0d, 0x1c, 0x9b, 0xd1, 0xec, 0x0b, - 0xe0, 0x27, 0x61, 0x91, 0x77, 0x6f, 0xff, 0xce, 0x2c, 0xfb, 0x73, 0x1e, 0x6f, 0xea, 0xd2, 0x54, - 0x1f, 0x38, 0x7f, 0x6f, 0x7f, 0x0b, 0x56, 0xe8, 0xb1, 0x6e, 0x0d, 0xb9, 0xb6, 0xdb, 0xae, 0xeb, - 0xb8, 0x72, 0xdd, 0xbb, 0x2a, 0x95, 0xa8, 0x6e, 0x73, 0xa8, 0x3e, 0x01, 0x93, 0x04, 0xba, 0xfa, - 0x27, 0x04, 0x85, 0xff, 0xff, 0x0d, 0x46, 0x7d, 0x91, 0x87, 0xca, 0xab, 0xb5, 0xe2, 0xa3, 0xbe, - 0x56, 0xf0, 0xc9, 0xfb, 0x62, 0xf7, 0x89, 0x33, 0x4c, 0xde, 0x27, 0x2f, 0x12, 0x2f, 0x10, 0x5c, - 0x89, 0x5e, 0x74, 0x91, 0xf9, 0xfb, 0xfc, 0xf3, 0xb7, 0x0b, 0x05, 0x36, 0xa0, 0x86, 0x4c, 0xdd, - 0xed, 0xd3, 0x19, 0x16, 0x51, 0x79, 0x7f, 0x40, 0x8d, 0x70, 0x40, 0xe0, 0x5f, 0x44, 0x08, 0x50, - 0xc7, 0x08, 0xd6, 0xd3, 0x49, 0x2e, 0x20, 0x7e, 0x87, 0xf1, 0xf8, 0xb5, 0xce, 0x6c, 0xe6, 0x8c, - 0x50, 0xfe, 0x3e, 0x3f, 0xcb, 0x48, 0xee, 0x09, 0xfc, 0x08, 0xaa, 0xbc, 0xa4, 0xdd, 0xf0, 0x58, - 0xda, 0x7a, 0x27, 0x83, 0x42, 0x62, 0xf6, 0x8f, 0x68, 0x22, 0xde, 0x5d, 0x12, 0x87, 0x24, 0x29, - 0x07, 0x7f, 0x1f, 0x56, 0x45, 0x91, 0x47, 0x65, 0xfb, 0x31, 0x7f, 0x33, 0x83, 0xec, 0xe4, 0x82, - 0xd8, 0x5e, 0x1b, 0x8f, 0xea, 0x53, 0x6b, 0x23, 0x99, 0x12, 0x85, 0x7f, 0x89, 0xe0, 0x1a, 0xa3, - 0xee, 0xb1, 0x69, 0x50, 0xdd, 0x30, 0x9c, 0xa1, 0xed, 0x45, 0x15, 0xf1, 0xfb, 0xd9, 0xdb, 0x19, - 0x14, 0xd9, 0xf7, 0x79, 0xb5, 0x7c, 0x5e, 0x51, 0x8d, 0xae, 0x8f, 0x47, 0xf5, 0x6b, 0x33, 0xc1, - 0x64, 0xb6, 0x16, 0xea, 0x1f, 0x11, 0x94, 0x2e, 0x68, 0x93, 0xff, 0x6a, 0x3c, 0x1f, 0x33, 0x0f, - 0xee, 0xe9, 0xd9, 0xf7, 0x1f, 0x04, 0x57, 0xf6, 0xa9, 0x75, 0x28, 0x5b, 0xb0, 0x7f, 0x33, 0xfa, - 0x23, 0x51, 0x50, 0xe6, 0x28, 0x73, 0x99, 0xa7, 0x33, 0x9c, 0x55, 0xe6, 0xf8, 0x08, 0x8a, 0xcc, - 0xd3, 0xbd, 0x61, 0x70, 0x19, 0xde, 0xcd, 0x22, 0x6a, 0x5a, 0x8c, 0x60, 0xd5, 0x5e, 0x91, 0x82, - 0x8a, 0xfe, 0x37, 0x91, 0x22, 0xd4, 0xef, 0xc1, 0xfa, 0x6c, 0xf5, 0x22, 0x0b, 0x2f, 0x3a, 0x8f, - 0x85, 0xd7, 0x82, 0xab, 0xc9, 0x34, 0x93, 0x57, 0xd7, 0x1c, 0xeb, 0x52, 0x6c, 0x60, 0xcc, 0x9d, - 0x3c, 0x30, 0xaa, 0x7f, 0x41, 0x30, 0x3b, 0xab, 0xf1, 0x8f, 0x10, 0x54, 0xe3, 0x89, 0xed, 0x6f, - 0x24, 0x95, 0xad, 0xf6, 0x19, 0x8a, 0x2a, 0xb8, 0x89, 0x27, 0x53, 0x64, 0x1c, 0x81, 0x91, 0xa4, - 0x4c, 0xac, 0x01, 0x4c, 0x54, 0x8e, 0xcd, 0xb6, 0x13, 0x9b, 0x18, 0x89, 0x60, 0xa8, 0x1f, 0xe6, - 0xe0, 0xf2, 0xab, 0x77, 0x94, 0x58, 0x5a, 0xfd, 0x13, 0xc1, 0xc7, 0x52, 0x5c, 0x72, 0xfa, 0x55, - 0xe3, 0x06, 0x2c, 0xe9, 0x96, 0xe5, 0x3c, 0xa4, 0x07, 0xc2, 0xfa, 0x52, 0x38, 0x58, 0xb5, 0xfc, - 0x63, 0x12, 0xc0, 0xf1, 0xa7, 0xa0, 0xe8, 0x52, 0x9d, 0xc9, 0x8e, 0x5c, 0x0e, 0xeb, 0x8e, 0x88, - 0x53, 0x22, 0xa1, 0xb8, 0x05, 0x55, 0x1a, 0x5f, 0x28, 0x4e, 0xda, 0x37, 0x92, 0xf8, 0xea, 0xbf, - 0x10, 0xe0, 0x94, 0x3e, 0x65, 0xc4, 0xfa, 0x54, 0xeb, 0x6c, 0xcd, 0xe3, 0x7f, 0xa2, 0x47, 0xfd, - 0x81, 0x37, 0xe5, 0xf4, 0x06, 0x15, 0x24, 0x25, 0x9a, 0x99, 0x94, 0xe1, 0xfb, 0x6b, 0x6e, 0xe6, - 0xfb, 0x6b, 0x98, 0x8f, 0xf9, 0xf3, 0xc8, 0xc7, 0xdf, 0x21, 0x50, 0x66, 0x19, 0x1d, 0xee, 0x72, - 0xe8, 0xe5, 0xff, 0x1b, 0x95, 0x92, 0x64, 0xb9, 0x8c, 0x49, 0xf6, 0x5b, 0x04, 0xc9, 0xc9, 0x08, - 0xd7, 0x83, 0xcd, 0x3b, 0xf2, 0x62, 0x23, 0x36, 0xef, 0x60, 0xe9, 0x9e, 0xc7, 0xe7, 0xe1, 0x9b, - 0x77, 0xfe, 0x3c, 0xde, 0xbc, 0xdb, 0xbb, 0x4f, 0x9e, 0xd7, 0x16, 0x9e, 0x3e, 0xaf, 0x2d, 0x3c, - 0x7b, 0x5e, 0x5b, 0x78, 0x3c, 0xae, 0xa1, 0x27, 0xe3, 0x1a, 0x7a, 0x3a, 0xae, 0xa1, 0x67, 0xe3, - 0x1a, 0xfa, 0xc7, 0xb8, 0x86, 0x3e, 0x7c, 0x51, 0x5b, 0xf8, 0xe0, 0xc6, 0xdc, 0xff, 0xfe, 0xff, - 0x37, 0x00, 0x00, 0xff, 0xff, 0xac, 0xa0, 0x30, 0xab, 0x29, 0x20, 0x00, 0x00, + 0xc1, 0x69, 0x3e, 0x61, 0xbb, 0xc0, 0x75, 0x23, 0x45, 0x5d, 0x7c, 0xa9, 0x3f, 0xcd, 0x81, 0x22, + 0xc4, 0xa5, 0xa8, 0xf2, 0xd2, 0xa5, 0xf1, 0x2b, 0x92, 0xf7, 0x96, 0xe4, 0xa0, 0xc0, 0x5b, 0x0f, + 0x11, 0x10, 0xfc, 0xe9, 0x49, 0x88, 0xf2, 0x22, 0x44, 0xd5, 0xf1, 0xa8, 0x5e, 0xf1, 0x43, 0xb4, + 0x6f, 0x99, 0x06, 0x9d, 0xc4, 0xe9, 0x1b, 0x50, 0x64, 0x86, 0x33, 0xa0, 0x4c, 0x8c, 0x02, 0x95, + 0xad, 0xdb, 0xa7, 0xe8, 0x4a, 0xfb, 0x82, 0x81, 0x9f, 0x06, 0xfe, 0x6f, 0x22, 0x99, 0xaa, 0x3f, + 0x41, 0xb0, 0xca, 0x1b, 0xd3, 0x41, 0xf4, 0x3e, 0x6c, 0x40, 0x81, 0x0f, 0x3d, 0x72, 0x26, 0x9a, + 0xa8, 0x2f, 0x66, 0x01, 0x01, 0xc1, 0xef, 0x43, 0x81, 0x77, 0x0b, 0xd9, 0x91, 0x4f, 0x9b, 0xd2, + 0x13, 0xce, 0xa2, 0x05, 0x09, 0x8e, 0xea, 0x6f, 0x10, 0x5c, 0x4d, 0x2a, 0x14, 0x5c, 0x37, 0x27, + 0xeb, 0xe5, 0x41, 0xc5, 0x0d, 0x09, 0xa4, 0x7a, 0x67, 0xec, 0x23, 0x97, 0xa5, 0x9c, 0x4a, 0xe4, + 0x90, 0x44, 0xc5, 0xa8, 0x8f, 0x11, 0x88, 0x81, 0xf1, 0x60, 0x4e, 0xef, 0xbd, 0x13, 0xf3, 0x5e, + 0x33, 0x83, 0x7a, 0x33, 0xdd, 0xf6, 0xab, 0x20, 0x8e, 0xd9, 0xfc, 0xd5, 0x4f, 0xf3, 0xd7, 0xcd, + 0xac, 0x0a, 0xcd, 0xed, 0xa8, 0x3b, 0xb0, 0x1c, 0xbb, 0x29, 0x71, 0x3d, 0xe8, 0x8d, 0x7e, 0xa3, + 0x2a, 0x27, 0xfb, 0xdb, 0x9d, 0xd2, 0xcf, 0x7f, 0x51, 0x5f, 0x78, 0xfc, 0xb7, 0xc6, 0x82, 0xfa, + 0x26, 0xac, 0xc4, 0xf3, 0x39, 0x0b, 0xf1, 0x8f, 0xf3, 0x00, 0xe1, 0x20, 0xc5, 0x29, 0xf9, 0xb8, + 0x1e, 0xa3, 0xe4, 0x53, 0x3c, 0x23, 0xfe, 0x39, 0xfe, 0x21, 0x82, 0xd7, 0x75, 0xcf, 0x73, 0xcd, + 0xce, 0xd0, 0xa3, 0x91, 0xd6, 0x1a, 0xcc, 0x20, 0x19, 0x47, 0xd1, 0xeb, 0xd2, 0x33, 0xaf, 0xb7, + 0xd2, 0x78, 0x92, 0x74, 0x51, 0xf8, 0x33, 0x50, 0xd6, 0x07, 0xe6, 0xbd, 0x68, 0x9b, 0x10, 0x13, + 0x4c, 0xb0, 0x32, 0x30, 0x12, 0xc2, 0x39, 0x72, 0x30, 0xa5, 0xfb, 0x83, 0x85, 0x44, 0x0e, 0xda, + 0x2b, 0x23, 0x21, 0x1c, 0x7f, 0x09, 0x96, 0xa3, 0x23, 0x3d, 0x53, 0x16, 0x05, 0xc1, 0x6b, 0xe3, + 0x51, 0x7d, 0x39, 0x3a, 0xf9, 0x33, 0x12, 0xc7, 0xc3, 0x6d, 0xa8, 0xda, 0xb1, 0x29, 0x9d, 0x29, + 0x45, 0x41, 0xaa, 0x8c, 0x47, 0xf5, 0xb5, 0xf8, 0x00, 0x2f, 0x1b, 0x59, 0x92, 0x40, 0xed, 0xc2, + 0xda, 0xc5, 0xf4, 0xfc, 0xbf, 0x23, 0xf8, 0x78, 0x9a, 0x24, 0x42, 0xd9, 0xc0, 0xb1, 0x19, 0xcd, + 0xbe, 0x00, 0x7e, 0x12, 0x16, 0x79, 0xf7, 0xf6, 0xef, 0xcc, 0xb2, 0x3f, 0xe7, 0xf1, 0xa6, 0x2e, + 0x4d, 0xf5, 0x81, 0xf3, 0xf7, 0xf6, 0xb7, 0x60, 0x85, 0x1e, 0xeb, 0xd6, 0x90, 0x6b, 0xbb, 0xed, + 0xba, 0x8e, 0x2b, 0xd7, 0xbd, 0xab, 0x52, 0x89, 0xea, 0x36, 0x87, 0xea, 0x13, 0x30, 0x49, 0xa0, + 0xab, 0x7f, 0x42, 0x50, 0xf8, 0xff, 0xdf, 0x60, 0xd4, 0x17, 0x79, 0xa8, 0xbc, 0x5a, 0x2b, 0x3e, + 0xea, 0x6b, 0x05, 0x9f, 0xbc, 0x2f, 0x76, 0x9f, 0x38, 0xc3, 0xe4, 0x7d, 0xf2, 0x22, 0xf1, 0x02, + 0xc1, 0x95, 0xe8, 0x45, 0x17, 0x99, 0xbf, 0xcf, 0x3f, 0x7f, 0xbb, 0x50, 0x60, 0x03, 0x6a, 0xc8, + 0xd4, 0xdd, 0x3e, 0x9d, 0x61, 0x11, 0x95, 0xf7, 0x07, 0xd4, 0x08, 0x07, 0x04, 0xfe, 0x45, 0x84, + 0x00, 0x75, 0x8c, 0x60, 0x3d, 0x9d, 0xe4, 0x02, 0xe2, 0x77, 0x18, 0x8f, 0x5f, 0xeb, 0xcc, 0x66, + 0xce, 0x08, 0xe5, 0xef, 0xf3, 0xb3, 0x8c, 0xe4, 0x9e, 0xc0, 0x8f, 0xa0, 0xca, 0x4b, 0xda, 0x0d, + 0x8f, 0xa5, 0xad, 0x77, 0x32, 0x28, 0x24, 0x66, 0xff, 0x88, 0x26, 0xe2, 0xdd, 0x25, 0x71, 0x48, + 0x92, 0x72, 0xf0, 0xf7, 0x61, 0x55, 0x14, 0x79, 0x54, 0xb6, 0x1f, 0xf3, 0x37, 0x33, 0xc8, 0x4e, + 0x2e, 0x88, 0xed, 0xb5, 0xf1, 0xa8, 0x3e, 0xb5, 0x36, 0x92, 0x29, 0x51, 0xf8, 0x97, 0x08, 0xae, + 0x31, 0xea, 0x1e, 0x9b, 0x06, 0xd5, 0x0d, 0xc3, 0x19, 0xda, 0x5e, 0x54, 0x11, 0xbf, 0x9f, 0xbd, + 0x9d, 0x41, 0x91, 0x7d, 0x9f, 0x57, 0xcb, 0xe7, 0x15, 0xd5, 0xe8, 0xfa, 0x78, 0x54, 0xbf, 0x36, + 0x13, 0x4c, 0x66, 0x6b, 0xa1, 0xfe, 0x11, 0x41, 0xe9, 0x82, 0x36, 0xf9, 0xaf, 0xc6, 0xf3, 0x31, + 0xf3, 0xe0, 0x9e, 0x9e, 0x7d, 0xff, 0x41, 0x70, 0x65, 0x9f, 0x5a, 0x87, 0xb2, 0x05, 0xfb, 0x37, + 0xa3, 0x3f, 0x12, 0x05, 0x65, 0x8e, 0x32, 0x97, 0x79, 0x3a, 0xc3, 0x59, 0x65, 0x8e, 0x8f, 0xa0, + 0xc8, 0x3c, 0xdd, 0x1b, 0x06, 0x97, 0xe1, 0xdd, 0x2c, 0xa2, 0xa6, 0xc5, 0x08, 0x56, 0xed, 0x15, + 0x29, 0xa8, 0xe8, 0x7f, 0x13, 0x29, 0x42, 0xfd, 0x1e, 0xac, 0xcf, 0x56, 0x2f, 0xb2, 0xf0, 0xa2, + 0xf3, 0x58, 0x78, 0x2d, 0xb8, 0x9a, 0x4c, 0x33, 0x79, 0x75, 0xcd, 0xb1, 0x2e, 0xc5, 0x06, 0xc6, + 0xdc, 0xc9, 0x03, 0xa3, 0xfa, 0x17, 0x04, 0xb3, 0xb3, 0x1a, 0xff, 0x08, 0x41, 0x35, 0x9e, 0xd8, + 0xfe, 0x46, 0x52, 0xd9, 0x6a, 0x9f, 0xa1, 0xa8, 0x82, 0x9b, 0x78, 0x32, 0x45, 0xc6, 0x11, 0x18, + 0x49, 0xca, 0xc4, 0x1a, 0xc0, 0x44, 0xe5, 0xd8, 0x6c, 0x3b, 0xb1, 0x89, 0x91, 0x08, 0x86, 0xfa, + 0x61, 0x0e, 0x2e, 0xbf, 0x7a, 0x47, 0x89, 0xa5, 0xd5, 0x3f, 0x11, 0x7c, 0x2c, 0xc5, 0x25, 0xa7, + 0x5f, 0x35, 0x6e, 0xc0, 0x92, 0x6e, 0x59, 0xce, 0x43, 0x7a, 0x20, 0xac, 0x2f, 0x85, 0x83, 0x55, + 0xcb, 0x3f, 0x26, 0x01, 0x1c, 0x7f, 0x0a, 0x8a, 0x2e, 0xd5, 0x99, 0xec, 0xc8, 0xe5, 0xb0, 0xee, + 0x88, 0x38, 0x25, 0x12, 0x8a, 0x5b, 0x50, 0xa5, 0xf1, 0x85, 0xe2, 0xa4, 0x7d, 0x23, 0x89, 0xaf, + 0xfe, 0x0b, 0x01, 0x4e, 0xe9, 0x53, 0x46, 0xac, 0x4f, 0xb5, 0xce, 0xd6, 0x3c, 0xfe, 0x27, 0x7a, + 0xd4, 0x1f, 0x78, 0x53, 0x4e, 0x6f, 0x50, 0x41, 0x52, 0xa2, 0x99, 0x49, 0x19, 0xbe, 0xbf, 0xe6, + 0x66, 0xbe, 0xbf, 0x86, 0xf9, 0x98, 0x3f, 0x8f, 0x7c, 0xfc, 0x1d, 0x02, 0x65, 0x96, 0xd1, 0xe1, + 0x2e, 0x87, 0x5e, 0xfe, 0xbf, 0x51, 0x29, 0x49, 0x96, 0xcb, 0x98, 0x64, 0xbf, 0x45, 0x90, 0x9c, + 0x8c, 0x70, 0x3d, 0xd8, 0xbc, 0x23, 0x2f, 0x36, 0x62, 0xf3, 0x0e, 0x96, 0xee, 0x79, 0x7c, 0x1e, + 0xbe, 0x79, 0xe7, 0xcf, 0xe3, 0xcd, 0xbb, 0xbd, 0xfb, 0xe4, 0x79, 0x6d, 0xe1, 0xe9, 0xf3, 0xda, + 0xc2, 0xb3, 0xe7, 0xb5, 0x85, 0xc7, 0xe3, 0x1a, 0x7a, 0x32, 0xae, 0xa1, 0xa7, 0xe3, 0x1a, 0x7a, + 0x36, 0xae, 0xa1, 0x7f, 0x8c, 0x6b, 0xe8, 0xc3, 0x17, 0xb5, 0x85, 0x0f, 0x6e, 0xcc, 0xfd, 0xef, + 0xff, 0x7f, 0x03, 0x00, 0x00, 0xff, 0xff, 0x41, 0x86, 0xa3, 0x6e, 0x29, 0x20, 0x00, 0x00, } func (m *Action) Marshal() (dAtA []byte, err error) { diff --git a/cloudnetwork/v1/001-cloudprivateipconfig.crd.yaml b/cloudnetwork/v1/001-cloudprivateipconfig.crd.yaml index fe57b3210e7..c723303ad3f 100644 --- a/cloudnetwork/v1/001-cloudprivateipconfig.crd.yaml +++ b/cloudnetwork/v1/001-cloudprivateipconfig.crd.yaml @@ -66,14 +66,12 @@ spec: description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, - \n \ttype FooStatus struct{ \t // Represents the observations - of a foo's current state. \t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\" \t // - +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map - \t // +listMapKey=type \t Conditions []metav1.Condition + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields - \t}" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: lastTransitionTime: description: lastTransitionTime is the last time the condition diff --git a/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml b/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml index a79c00e14d6..73677d5ca1a 100644 --- a/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml +++ b/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml @@ -208,7 +208,7 @@ spec: description: 'conditions represents the observations of the conditional update''s current status. Known types are: * Evaluating, for whether the cluster-version operator will attempt to evaluate any risks[].matchingRules. * Recommended, for whether the update is recommended for the current cluster.' type: array items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n \ttype FooStatus struct{ \t // Represents the observations of a foo's current state. \t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" \t // +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map \t // +listMapKey=type \t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields \t}" + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" type: object required: - lastTransitionTime diff --git a/config/v1/0000_03_config-operator_01_proxy.crd.yaml b/config/v1/0000_03_config-operator_01_proxy.crd.yaml index 246225397f3..3f58cbf691f 100644 --- a/config/v1/0000_03_config-operator_01_proxy.crd.yaml +++ b/config/v1/0000_03_config-operator_01_proxy.crd.yaml @@ -51,7 +51,7 @@ spec: items: type: string trustedCA: - description: "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. \n The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----" + description: "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. \n The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----" type: object required: - name diff --git a/config/v1/0000_10_config-operator_01_apiserver.crd.yaml b/config/v1/0000_10_config-operator_01_apiserver.crd.yaml index 3ff78377a3d..3e53b28b9e8 100644 --- a/config/v1/0000_10_config-operator_01_apiserver.crd.yaml +++ b/config/v1/0000_10_config-operator_01_apiserver.crd.yaml @@ -73,7 +73,7 @@ spec: - group x-kubernetes-list-type: map profile: - description: "profile specifies the name of the desired top-level audit profile to be applied to all requests sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, openshift-apiserver and oauth-apiserver), with the exception of those requests that match one or more of the customRules. \n The following profiles are provided: - Default: default policy which means MetaData level logging with the exception of events (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody level). - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. \n Warning: It is not recommended to disable audit logging by using the `None` profile unless you are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. If you disable audit logging and a support situation arises, you might need to enable audit logging and reproduce the issue in order to troubleshoot properly. \n If unset, the 'Default' profile is used as the default." + description: "profile specifies the name of the desired top-level audit profile to be applied to all requests sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, openshift-apiserver and oauth-apiserver), with the exception of those requests that match one or more of the customRules. \n The following profiles are provided: - Default: default policy which means MetaData level logging with the exception of events (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody level). - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. \n Warning: It is not recommended to disable audit logging by using the `None` profile unless you are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. If you disable audit logging and a support situation arises, you might need to enable audit logging and reproduce the issue in order to troubleshoot properly. \n If unset, the 'Default' profile is used as the default." type: string default: Default enum: @@ -95,7 +95,7 @@ spec: type: object properties: type: - description: "type defines what encryption type should be used to encrypt resources at the datastore layer. When this field is unset (i.e. when it is set to the empty string), identity is implied. The behavior of unset can and will change over time. Even if encryption is enabled by default, the meaning of unset may change to a different encryption type based on changes in best practices. \n When encryption is enabled, all sensitive resources shipped with the platform are encrypted. This list of sensitive resources can and will change over time. The current authoritative list is: \n 1. secrets 2. configmaps 3. routes.route.openshift.io 4. oauthaccesstokens.oauth.openshift.io 5. oauthauthorizetokens.oauth.openshift.io" + description: "type defines what encryption type should be used to encrypt resources at the datastore layer. When this field is unset (i.e. when it is set to the empty string), identity is implied. The behavior of unset can and will change over time. Even if encryption is enabled by default, the meaning of unset may change to a different encryption type based on changes in best practices. \n When encryption is enabled, all sensitive resources shipped with the platform are encrypted. This list of sensitive resources can and will change over time. The current authoritative list is: \n 1. secrets 2. configmaps 3. routes.route.openshift.io 4. oauthaccesstokens.oauth.openshift.io 5. oauthauthorizetokens.oauth.openshift.io" type: string enum: - "" @@ -131,16 +131,16 @@ spec: type: object properties: custom: - description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: TLSv1.1" + description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: TLSv1.1" type: object properties: ciphers: - description: "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" + description: "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" type: array items: type: string minTLSVersion: - description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" + description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" type: string enum: - VersionTLS10 @@ -149,15 +149,15 @@ spec: - VersionTLS13 nullable: true intermediate: - description: "intermediate is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: TLSv1.2" + description: "intermediate is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: TLSv1.2" type: object nullable: true modern: - description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported." + description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported." type: object nullable: true old: - description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: TLSv1.0" + description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: TLSv1.0" type: object nullable: true type: diff --git a/config/v1/0000_10_config-operator_01_build.crd.yaml b/config/v1/0000_10_config-operator_01_build.crd.yaml index f67be27db44..89bc65581f0 100644 --- a/config/v1/0000_10_config-operator_01_build.crd.yaml +++ b/config/v1/0000_10_config-operator_01_build.crd.yaml @@ -69,7 +69,7 @@ spec: items: type: string trustedCA: - description: "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. \n The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----" + description: "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. \n The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----" type: object required: - name @@ -111,6 +111,7 @@ spec: optional: description: Specify whether the ConfigMap or its key must be defined type: boolean + x-kubernetes-map-type: atomic fieldRef: description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' type: object @@ -123,6 +124,7 @@ spec: fieldPath: description: Path of the field to select in the specified API version. type: string + x-kubernetes-map-type: atomic resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' type: object @@ -142,6 +144,7 @@ spec: resource: description: 'Required: resource to select' type: string + x-kubernetes-map-type: atomic secretKeyRef: description: Selects a key of a secret in the pod's namespace type: object @@ -157,6 +160,7 @@ spec: optional: description: Specify whether the Secret or its key must be defined type: boolean + x-kubernetes-map-type: atomic gitProxy: description: "GitProxy contains the proxy settings for git operations only. If set, this will override any Proxy settings for all git commands, such as git clone. \n Values that are not set here will be inherited from DefaultProxy." type: object @@ -176,7 +180,7 @@ spec: items: type: string trustedCA: - description: "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. \n The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----" + description: "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well. \n The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: ConfigMap metadata: name: user-ca-bundle namespace: openshift-config data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate bundle. -----END CERTIFICATE-----" type: object required: - name diff --git a/config/v1/0000_10_config-operator_01_ingress.crd.yaml b/config/v1/0000_10_config-operator_01_ingress.crd.yaml index 026560ea419..0491e842ffa 100644 --- a/config/v1/0000_10_config-operator_01_ingress.crd.yaml +++ b/config/v1/0000_10_config-operator_01_ingress.crd.yaml @@ -96,7 +96,7 @@ spec: - type properties: type: - description: "type allows user to set a load balancer type. When this field is set the default ingresscontroller will get created using the specified LBType. If this field is not set then the default ingress controller of LBType Classic will be created. Valid values are: \n * \"Classic\": A Classic Load Balancer that makes routing decisions at either the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb \n * \"NLB\": A Network Load Balancer that makes routing decisions at the transport layer (TCP/SSL). See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb" + description: "type allows user to set a load balancer type. When this field is set the default ingresscontroller will get created using the specified LBType. If this field is not set then the default ingress controller of LBType Classic will be created. Valid values are: \n * \"Classic\": A Classic Load Balancer that makes routing decisions at either the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb \n * \"NLB\": A Network Load Balancer that makes routing decisions at the transport layer (TCP/SSL). See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb" type: string enum: - NLB @@ -188,6 +188,7 @@ spec: type: object additionalProperties: type: string + x-kubernetes-map-type: atomic preloadPolicy: description: preloadPolicy directs the client to include hosts in its host preload list so that it never needs to do an initial load to get the HSTS header (note that this is not defined in RFC 6797 and is therefore client implementation-dependent). type: string @@ -215,7 +216,7 @@ spec: description: "conditions are used to communicate the state of the componentRoutes entry. \n Supported conditions include Available, Degraded and Progressing. \n If available is true, the content served by the route can be accessed by users. This includes cases where a default may continue to serve content while the customized route specified by the cluster-admin is being configured. \n If Degraded is true, that means something has gone wrong trying to handle the componentRoutes entry. The currentHostnames field may or may not be in effect. \n If Progressing is true, that means the component is taking some action related to the componentRoutes entry." type: array items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n \ttype FooStatus struct{ \t // Represents the observations of a foo's current state. \t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" \t // +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map \t // +listMapKey=type \t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields \t}" + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" type: object required: - lastTransitionTime diff --git a/config/v1/0000_10_config-operator_01_oauth.crd.yaml b/config/v1/0000_10_config-operator_01_oauth.crd.yaml index 883c623b36f..ba5ab8327ef 100644 --- a/config/v1/0000_10_config-operator_01_oauth.crd.yaml +++ b/config/v1/0000_10_config-operator_01_oauth.crd.yaml @@ -262,7 +262,7 @@ spec: description: name is the metadata.name of the referenced config map type: string insecure: - description: 'insecure, if true, indicates the connection should not use TLS WARNING: Should not be set to `true` with the URL scheme "ldaps://" as "ldaps://" URLs always attempt to connect using TLS, even when `insecure` is set to `true` When `true`, "ldap://" URLS connect insecurely. When `false`, "ldap://" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830.' + description: 'insecure, if true, indicates the connection should not use TLS WARNING: Should not be set to `true` with the URL scheme "ldaps://" as "ldaps://" URLs always attempt to connect using TLS, even when `insecure` is set to `true` When `true`, "ldap://" URLS connect insecurely. When `false`, "ldap://" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830.' type: boolean url: description: 'url is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is: ldap://host:port/basedn?attribute?scope?filter' @@ -271,7 +271,7 @@ spec: description: mappingMethod determines how identities from this provider are mapped to users Defaults to "claim" type: string name: - description: 'name is used to qualify the identities returned by this provider. - It MUST be unique and not shared by any other identity provider used - It MUST be a valid path segment: name cannot equal "." or ".." or contain "/" or "%" or ":" Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName' + description: 'name is used to qualify the identities returned by this provider. - It MUST be unique and not shared by any other identity provider used - It MUST be a valid path segment: name cannot equal "." or ".." or contain "/" or "%" or ":" Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName' type: string openID: description: openID enables user authentication using OpenID credentials @@ -355,7 +355,7 @@ spec: description: name is the metadata.name of the referenced config map type: string challengeURL: - description: challengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here. ${url} is replaced with the current URL, escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} Required when challenge is set to true. + description: challengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here. ${url} is replaced with the current URL, escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} Required when challenge is set to true. type: string clientCommonNames: description: clientCommonNames is an optional list of common names to require a match from. If empty, any client certificate validated against the clientCA bundle is considered authoritative. @@ -373,7 +373,7 @@ spec: items: type: string loginURL: - description: loginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} Required when login is set to true. + description: loginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} Required when login is set to true. type: string nameHeaders: description: nameHeaders is the set of headers to check for the display name diff --git a/console/v1/0000_10_consoleexternalloglink.crd.yaml b/console/v1/0000_10_consoleexternalloglink.crd.yaml index 75ede315529..bd2f3b488c4 100644 --- a/console/v1/0000_10_consoleexternalloglink.crd.yaml +++ b/console/v1/0000_10_consoleexternalloglink.crd.yaml @@ -53,7 +53,7 @@ spec: - text properties: hrefTemplate: - description: "hrefTemplate is an absolute secure URL (must use https) for the log link including variables to be replaced. Variables are specified in the URL with the format ${variableName}, for instance, ${containerName} and will be replaced with the corresponding values from the resource. Resource is a pod. Supported variables are: - ${resourceName} - name of the resource which containes the logs - ${resourceUID} - UID of the resource which contains the logs - e.g. `11111111-2222-3333-4444-555555555555` - ${containerName} - name of the resource's container that contains the logs - ${resourceNamespace} - namespace of the resource that contains the logs - ${resourceNamespaceUID} - namespace UID of the resource that contains the logs - ${podLabels} - JSON representation of labels matching the pod with the logs - e.g. `{\"key1\":\"value1\",\"key2\":\"value2\"}` \n e.g., https://example.com/logs?resourceName=${resourceName}&containerName=${containerName}&resourceNamespace=${resourceNamespace}&podLabels=${podLabels}" + description: "hrefTemplate is an absolute secure URL (must use https) for the log link including variables to be replaced. Variables are specified in the URL with the format ${variableName}, for instance, ${containerName} and will be replaced with the corresponding values from the resource. Resource is a pod. Supported variables are: - ${resourceName} - name of the resource which containes the logs - ${resourceUID} - UID of the resource which contains the logs - e.g. `11111111-2222-3333-4444-555555555555` - ${containerName} - name of the resource's container that contains the logs - ${resourceNamespace} - namespace of the resource that contains the logs - ${resourceNamespaceUID} - namespace UID of the resource that contains the logs - ${podLabels} - JSON representation of labels matching the pod with the logs - e.g. `{\"key1\":\"value1\",\"key2\":\"value2\"}` \n e.g., https://example.com/logs?resourceName=${resourceName}&containerName=${containerName}&resourceNamespace=${resourceNamespace}&podLabels=${podLabels}" type: string pattern: ^https:// namespaceFilter: diff --git a/console/v1/0000_10_consolelink.crd.yaml b/console/v1/0000_10_consolelink.crd.yaml index 6280a8aef99..0892f2cf863 100644 --- a/console/v1/0000_10_consolelink.crd.yaml +++ b/console/v1/0000_10_consolelink.crd.yaml @@ -110,6 +110,7 @@ spec: type: object additionalProperties: type: string + x-kubernetes-map-type: atomic namespaces: description: namespaces is an array of namespace names in which the dashboard link should appear. type: array diff --git a/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml b/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml index f14d2a144d0..4ae9a66b1ea 100644 --- a/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml +++ b/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml @@ -84,7 +84,7 @@ spec: description: conditions is a list of conditions and their statuses type: array items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n \ttype FooStatus struct{ \t // Represents the observations of a foo's current state. \t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" \t // +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map \t // +listMapKey=type \t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields \t}" + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" type: object required: - lastTransitionTime diff --git a/helm/v1beta1/0000_10-project-helm-chart-repository.crd.yaml b/helm/v1beta1/0000_10-project-helm-chart-repository.crd.yaml index b51b3053bf2..6c014c2b7f5 100644 --- a/helm/v1beta1/0000_10-project-helm-chart-repository.crd.yaml +++ b/helm/v1beta1/0000_10-project-helm-chart-repository.crd.yaml @@ -97,7 +97,7 @@ spec: description: conditions is a list of conditions and their statuses type: array items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n \ttype FooStatus struct{ \t // Represents the observations of a foo's current state. \t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" \t // +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map \t // +listMapKey=type \t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields \t}" + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" type: object required: - lastTransitionTime diff --git a/imageregistry/v1/00_imageregistry.crd.yaml b/imageregistry/v1/00_imageregistry.crd.yaml index 6965eb277c1..c3ee00a0b63 100644 --- a/imageregistry/v1/00_imageregistry.crd.yaml +++ b/imageregistry/v1/00_imageregistry.crd.yaml @@ -141,6 +141,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. @@ -241,10 +242,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules (e.g. co-locate @@ -321,6 +324,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -377,6 +381,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The @@ -475,6 +480,7 @@ spec: requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the @@ -526,6 +532,7 @@ spec: requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The term is applied @@ -626,6 +633,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied @@ -682,6 +690,7 @@ spec: The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The @@ -780,6 +789,7 @@ spec: requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the @@ -831,6 +841,7 @@ spec: requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The term is applied @@ -1264,6 +1275,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic required: - baseURL - keypairID @@ -1445,6 +1457,7 @@ spec: only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: description: MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys @@ -1540,10 +1553,10 @@ spec: description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway - tells the scheduler to schedule the pod in any location, but + tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce - the skew. A constraint is considered "Unsatisfiable" for - an incoming pod if and only if every possible node assignment + the skew. A constraint is considered "Unsatisfiable" for an + incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 @@ -1847,6 +1860,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic required: - baseURL - keypairID diff --git a/imageregistry/v1/01_imagepruner.crd.yaml b/imageregistry/v1/01_imagepruner.crd.yaml index 8c5119f6532..14b0b86bd7c 100644 --- a/imageregistry/v1/01_imagepruner.crd.yaml +++ b/imageregistry/v1/01_imagepruner.crd.yaml @@ -101,6 +101,7 @@ spec: type: array items: type: string + x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. type: integer @@ -160,6 +161,8 @@ spec: type: array items: type: string + x-kubernetes-map-type: atomic + x-kubernetes-map-type: atomic podAffinity: description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). type: object @@ -210,6 +213,7 @@ spec: type: object additionalProperties: type: string + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -240,6 +244,7 @@ spec: type: object additionalProperties: type: string + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array @@ -291,6 +296,7 @@ spec: type: object additionalProperties: type: string + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -321,6 +327,7 @@ spec: type: object additionalProperties: type: string + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array @@ -379,6 +386,7 @@ spec: type: object additionalProperties: type: string + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -409,6 +417,7 @@ spec: type: object additionalProperties: type: string + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array @@ -460,6 +469,7 @@ spec: type: object additionalProperties: type: string + x-kubernetes-map-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -490,6 +500,7 @@ spec: type: object additionalProperties: type: string + x-kubernetes-map-type: atomic namespaces: description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array diff --git a/machine/v1/0000_10_controlplanemachineset.crd.yaml b/machine/v1/0000_10_controlplanemachineset.crd.yaml index 32919bee932..a58f5a88555 100644 --- a/machine/v1/0000_10_controlplanemachineset.crd.yaml +++ b/machine/v1/0000_10_controlplanemachineset.crd.yaml @@ -101,6 +101,7 @@ spec: type: object additionalProperties: type: string + x-kubernetes-map-type: atomic strategy: description: Strategy defines how the ControlPlaneMachineSet will update Machines when it detects a change to the ProviderSpec. type: object @@ -371,6 +372,7 @@ spec: uid: description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' type: string + x-kubernetes-map-type: atomic providerID: description: ProviderID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider. type: string @@ -413,7 +415,7 @@ spec: description: 'Conditions represents the observations of the ControlPlaneMachineSet''s current state. Known .status.conditions.type are: Available, Degraded and Progressing.' type: array items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n \ttype FooStatus struct{ \t // Represents the observations of a foo's current state. \t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" \t // +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map \t // +listMapKey=type \t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields \t}" + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" type: object required: - lastTransitionTime diff --git a/machine/v1beta1/0000_10_machine.crd.yaml b/machine/v1beta1/0000_10_machine.crd.yaml index 180831bb409..9c4ff022720 100644 --- a/machine/v1beta1/0000_10_machine.crd.yaml +++ b/machine/v1beta1/0000_10_machine.crd.yaml @@ -175,6 +175,7 @@ spec: uid: description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' type: string + x-kubernetes-map-type: atomic providerID: description: ProviderID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider. type: string @@ -307,6 +308,7 @@ spec: uid: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string + x-kubernetes-map-type: atomic phase: description: 'Phase represents the current phase of machine actuation. One of: Failed, Provisioning, Provisioned, Running, Deleting' type: string diff --git a/machine/v1beta1/0000_10_machinehealthcheck.yaml b/machine/v1beta1/0000_10_machinehealthcheck.yaml index ae73bf3d189..f15c6f04424 100644 --- a/machine/v1beta1/0000_10_machinehealthcheck.yaml +++ b/machine/v1beta1/0000_10_machinehealthcheck.yaml @@ -89,6 +89,7 @@ spec: uid: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string + x-kubernetes-map-type: atomic selector: description: 'Label selector to match machines whose health will be exercised. Note: An empty selector will match all machines.' type: object @@ -119,6 +120,7 @@ spec: type: object additionalProperties: type: string + x-kubernetes-map-type: atomic unhealthyConditions: description: UnhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy. type: array diff --git a/machine/v1beta1/0000_10_machineset.crd.yaml b/machine/v1beta1/0000_10_machineset.crd.yaml index 8a7b1b62826..ac339731595 100644 --- a/machine/v1beta1/0000_10_machineset.crd.yaml +++ b/machine/v1beta1/0000_10_machineset.crd.yaml @@ -102,6 +102,7 @@ spec: type: object additionalProperties: type: string + x-kubernetes-map-type: atomic template: description: Template is the object that describes the machine that will be created if insufficient replicas are detected. type: object @@ -159,6 +160,7 @@ spec: uid: description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' type: string + x-kubernetes-map-type: atomic spec: description: 'Specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' type: object @@ -268,6 +270,7 @@ spec: uid: description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' type: string + x-kubernetes-map-type: atomic providerID: description: ProviderID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider. type: string diff --git a/monitoring/v1alpha1/0000_50_monitoring_01_alertingrules.crd.yaml b/monitoring/v1alpha1/0000_50_monitoring_01_alertingrules.crd.yaml index a7da6b71eeb..ac114e83d15 100644 --- a/monitoring/v1alpha1/0000_50_monitoring_01_alertingrules.crd.yaml +++ b/monitoring/v1alpha1/0000_50_monitoring_01_alertingrules.crd.yaml @@ -71,12 +71,12 @@ spec: type: string pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ annotations: - description: "annotations to add to each alert. These are values that can be used to store longer additional information that you won't query on, such as alert descriptions or runbook links, e.g.: \n annotations: summary: HAProxy reload failure description: | This alert fires when HAProxy fails to reload its configuration, which will result in the router not picking up recently created or modified routes." + description: "annotations to add to each alert. These are values that can be used to store longer additional information that you won't query on, such as alert descriptions or runbook links, e.g.: \n annotations: summary: HAProxy reload failure description: | This alert fires when HAProxy fails to reload its configuration, which will result in the router not picking up recently created or modified routes." type: object additionalProperties: type: string expr: - description: "expr is the PromQL expression to evaluate. Every evaluation cycle this is evaluated at the current time, and all resultant time series become pending or firing alerts. This is most often a string representing a PromQL expression, e.g.: \n mapi_current_pending_csr > mapi_max_pending_csr \n In rare cases this could be a simple integer, e.g. a simple \"1\" if the intent is to create an alert that is always firing. This is sometimes used to create an always-firing \"Watchdog\" alert in order to ensure the alerting pipeline is functional." + description: "expr is the PromQL expression to evaluate. Every evaluation cycle this is evaluated at the current time, and all resultant time series become pending or firing alerts. This is most often a string representing a PromQL expression, e.g.: \n mapi_current_pending_csr > mapi_max_pending_csr \n In rare cases this could be a simple integer, e.g. a simple \"1\" if the intent is to create an alert that is always firing. This is sometimes used to create an always-firing \"Watchdog\" alert in order to ensure the alerting pipeline is functional." anyOf: - type: integer - type: string @@ -86,7 +86,7 @@ spec: type: string pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ labels: - description: "labels to add or overwrite for each alert. The results of the PromQL expression for the alert will result in an existing set of labels for the alert, after evaluating the expression, for any label specified here with the same name as a label in that set, the label here wins and overwrites the previous value. These should typically be short identifying values that may be useful to query against. A common example is the alert severity: \n labels: severity: warning" + description: "labels to add or overwrite for each alert. The results of the PromQL expression for the alert will result in an existing set of labels for the alert, after evaluating the expression, for any label specified here with the same name as a label in that set, the label here wins and overwrites the previous value. These should typically be short identifying values that may be useful to query against. A common example is the alert severity: \n labels: severity: warning" type: object additionalProperties: type: string diff --git a/monitoring/v1alpha1/0000_50_monitoring_02_alertrelabelconfigs.crd.yaml b/monitoring/v1alpha1/0000_50_monitoring_02_alertrelabelconfigs.crd.yaml index e6606fe948c..bd9121f60c8 100644 --- a/monitoring/v1alpha1/0000_50_monitoring_02_alertrelabelconfigs.crd.yaml +++ b/monitoring/v1alpha1/0000_50_monitoring_02_alertrelabelconfigs.crd.yaml @@ -88,7 +88,7 @@ spec: description: conditions contains details on the state of the AlertRelabelConfig, may be empty. type: array items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n \ttype FooStatus struct{ \t // Represents the observations of a foo's current state. \t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" \t // +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map \t // +listMapKey=type \t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields \t}" + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" type: object required: - lastTransitionTime diff --git a/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml b/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml index 360765c3b48..0515ed8ff9f 100644 --- a/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml +++ b/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml @@ -36,7 +36,7 @@ spec: type: object properties: credentialsMode: - description: 'CredentialsMode allows informing CCO that it should not attempt to dynamically determine the root cloud credentials capabilities, and it should just run in the specified mode. It also allows putting the operator into "manual" mode if desired. Leaving the field in default mode runs CCO so that the cluster''s cloud credentials will be dynamically probed for capabilities (on supported clouds/platforms). Supported modes: AWS/Azure/GCP: "" (Default), "Mint", "Passthrough", "Manual" Others: Do not set value as other platforms only support running in "Passthrough"' + description: 'CredentialsMode allows informing CCO that it should not attempt to dynamically determine the root cloud credentials capabilities, and it should just run in the specified mode. It also allows putting the operator into "manual" mode if desired. Leaving the field in default mode runs CCO so that the cluster''s cloud credentials will be dynamically probed for capabilities (on supported clouds/platforms). Supported modes: AWS/Azure/GCP: "" (Default), "Mint", "Passthrough", "Manual" Others: Do not set value as other platforms only support running in "Passthrough"' type: string enum: - "" diff --git a/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml b/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml index 1772ff8d41b..07515ad0517 100644 --- a/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml +++ b/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml @@ -97,8 +97,8 @@ spec: description: "defaultCertificate is a reference to a secret containing the default certificate served by the ingress controller. When Routes don't specify their own certificate, defaultCertificate is used. - \n The secret must contain the following keys and data: \n tls.crt: - certificate file contents tls.key: key file contents \n If unset, + \n The secret must contain the following keys and data: \n tls.crt: + certificate file contents tls.key: key file contents \n If unset, a wildcard certificate is automatically generated and used. The certificate is valid for the ingress controller domain (and subdomains) and the generated certificate's CA will be automatically integrated @@ -116,15 +116,16 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic domain: description: "domain is a DNS name serviced by the ingress controller and is used to configure multiple features: \n * For the LoadBalancerService - endpoint publishing strategy, domain is used to configure DNS - records. See endpointPublishingStrategy. \n * When using a generated - default certificate, the certificate will be valid for domain - and its subdomains. See defaultCertificate. \n * The value is published - to individual Route statuses so that end-users know where to target - external DNS records. \n domain must be unique among all IngressControllers, + endpoint publishing strategy, domain is used to configure DNS records. + See endpointPublishingStrategy. \n * When using a generated default + certificate, the certificate will be valid for domain and its subdomains. + See defaultCertificate. \n * The value is published to individual + Route statuses so that end-users know where to target external DNS + records. \n domain must be unique among all IngressControllers, and cannot be updated. \n If empty, defaults to ingress.config.openshift.io/cluster .spec.domain." type: string @@ -132,13 +133,13 @@ spec: description: "endpointPublishingStrategy is used to publish the ingress controller endpoints to other networks, enable load balancer integrations, etc. \n If unset, the default is based on infrastructure.config.openshift.io/cluster - .status.platform: \n AWS: LoadBalancerService (with External - scope) Azure: LoadBalancerService (with External scope) - \ GCP: LoadBalancerService (with External scope) IBMCloud: - \ LoadBalancerService (with External scope) AlibabaCloud: LoadBalancerService - (with External scope) Libvirt: HostNetwork \n Any other platform - types (including None) default to HostNetwork. \n endpointPublishingStrategy - cannot be updated." + .status.platform: \n AWS: LoadBalancerService (with External + scope) Azure: LoadBalancerService (with External scope) GCP: + \ LoadBalancerService (with External scope) IBMCloud: LoadBalancerService + (with External scope) AlibabaCloud: LoadBalancerService (with External + scope) Libvirt: HostNetwork \n Any other platform types (including + None) default to HostNetwork. \n endpointPublishingStrategy cannot + be updated." properties: hostNetwork: description: hostNetwork holds parameters for the HostNetwork @@ -266,12 +267,12 @@ spec: description: "type is the type of AWS load balancer to instantiate for an ingresscontroller. \n Valid values are: \n * \"Classic\": A Classic Load Balancer - that makes routing decisions at either the transport + that makes routing decisions at either the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). - See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb + See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb \n * \"NLB\": A Network Load Balancer that makes - routing decisions at the transport layer (TCP/SSL). - See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb" + routing decisions at the transport layer (TCP/SSL). + See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb" enum: - Classic - NLB @@ -289,14 +290,14 @@ spec: description: "clientAccess describes how client access is restricted for internal load balancers. \n Valid values are: * \"Global\": Specifying an internal - load balancer with Global client access allows - clients from any region within the VPC to communicate - with the load balancer. \n https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access + load balancer with Global client access allows clients + from any region within the VPC to communicate with + the load balancer. \n https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access \n * \"Local\": Specifying an internal load balancer - with Local client access means only clients within + with Local client access means only clients within the same region (and VPC) as the GCP load balancer - \ can communicate with the load balancer. Note - that this is the default behavior. \n https://cloud.google.com/load-balancing/docs/internal#client_access" + can communicate with the load balancer. Note that + this is the default behavior. \n https://cloud.google.com/load-balancing/docs/internal#client_access" enum: - Global - Local @@ -443,19 +444,19 @@ spec: \"X-custom/customsub\", etc. \n The format should follow the Content-Type definition in RFC 1341: Content-Type := type \"/\" subtype *[\";\" parameter] - The type in Content-Type - can be one of: application, audio, image, message, multipart, - text, video, or a custom type preceded by \"X-\" and followed + can be one of: application, audio, image, message, multipart, + text, video, or a custom type preceded by \"X-\" and followed by a token as defined below. - The token is a string of at - least one character, and not containing white space, control + least one character, and not containing white space, control characters, or any of the characters in the tspecials set. - The tspecials set contains the characters ()<>@,;:\\\"/[]?.= - The subtype in Content-Type is also a token. - The optional - parameter/s following the subtype are defined as: token - \"=\" (token / quoted-string) - The quoted-string, as defined - in RFC 822, is surrounded by double quotes and can contain - white space plus any character EXCEPT \\, \", and CR. It - can also contain any single ASCII character as long as it - is escaped by \\." + parameter/s following the subtype are defined as: token \"=\" + (token / quoted-string) - The quoted-string, as defined in + RFC 822, is surrounded by double quotes and can contain white + space plus any character EXCEPT \\, \", and CR. It can also + contain any single ASCII character as long as it is escaped + by \\." pattern: ^(?i)(x-[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+|application|audio|image|message|multipart|text|video)/[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+(; *[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+=([^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+|"(\\[\x00-\x7F]|[^\x0D"\\])*"))*$ @@ -513,14 +514,14 @@ spec: IngressController sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version HTTP headers. The value may be one of the following: \n * \"Append\", - which specifies that the IngressController appends the headers, + which specifies that the IngressController appends the headers, preserving existing headers. \n * \"Replace\", which specifies - that the IngressController sets the headers, replacing any - existing Forwarded or X-Forwarded-* headers. \n * \"IfNone\", - which specifies that the IngressController sets the headers - if they are not already set. \n * \"Never\", which specifies - that the IngressController never sets the headers, preserving - any existing headers. \n By default, the policy is \"Append\"." + that the IngressController sets the headers, replacing any existing + Forwarded or X-Forwarded-* headers. \n * \"IfNone\", which specifies + that the IngressController sets the headers if they are not + already set. \n * \"Never\", which specifies that the IngressController + never sets the headers, preserving any existing headers. \n + By default, the policy is \"Append\"." enum: - Append - Replace @@ -892,6 +893,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic nodePlacement: description: "nodePlacement enables explicit control over the scheduling of the ingress controller. \n If unset, defaults are used. See NodePlacement @@ -903,10 +905,10 @@ spec: used and replaces the default. \n If unset, the default depends on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses status. \n When defaultPlacement is Workers, the default is: - \n kubernetes.io/os: linux node-role.kubernetes.io/worker: - '' \n When defaultPlacement is ControlPlane, the default is: - \n kubernetes.io/os: linux node-role.kubernetes.io/master: - '' \n These defaults are subject to change." + \n kubernetes.io/os: linux node-role.kubernetes.io/worker: '' + \n When defaultPlacement is ControlPlane, the default is: \n + kubernetes.io/os: linux node-role.kubernetes.io/master: '' \n + These defaults are subject to change." properties: matchExpressions: description: matchExpressions is a list of label selector @@ -949,6 +951,7 @@ spec: "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic tolerations: description: "tolerations is a list of tolerations applied to ingress controller deployments. \n The default is an empty list. @@ -1017,7 +1020,7 @@ spec: across namespaces should be handled. \n Value must be one of: \n - Strict: Do not allow routes in different namespaces to claim the same host. \n - InterNamespaceAllowed: Allow routes - to claim different paths of the same host name across namespaces. + to claim different paths of the same host name across namespaces. \n If empty, the default is Strict." enum: - InterNamespaceAllowed @@ -1085,6 +1088,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic tlsSecurityProfile: description: "tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers. \n If unset, the default is based on the @@ -1100,16 +1104,16 @@ spec: description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: - \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - \ - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - \ minTLSVersion: TLSv1.1" + \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 + minTLSVersion: TLSv1.1" nullable: true properties: ciphers: description: "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, - to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" + to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" items: type: string type: array @@ -1117,7 +1121,7 @@ spec: description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 - and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n NOTE: currently + and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" enum: - VersionTLS10 @@ -1129,38 +1133,34 @@ spec: intermediate: description: "intermediate is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - \ - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - \ - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - \ - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - \ - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - \ minTLSVersion: TLSv1.2" + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - + DHE-RSA-AES256-GCM-SHA384 minTLSVersion: TLSv1.2" nullable: true type: object modern: description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - \ minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported." + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: + TLSv1.3 \n NOTE: Currently unsupported." nullable: true type: object old: description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - \ - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - \ - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - \ - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - \ - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - \ - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - \ - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - \ - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - \ - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - \ - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - \ - AES128-SHA256 - AES256-SHA256 - AES128-SHA - - AES256-SHA - DES-CBC3-SHA minTLSVersion: TLSv1.0" + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - + DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 + - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA + - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 + - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 + - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: TLSv1.0" nullable: true type: object type: @@ -1389,19 +1389,19 @@ spec: and servicing route and ingress resources (i.e, .status.availableReplicas equals .spec.replicas) \n There are additional conditions which indicate the status of other ingress controller features and capabilities. - \n * LoadBalancerManaged - True if the following conditions - are met: * The endpoint publishing strategy requires a service - load balancer. - False if any of those conditions are unsatisfied. - \n * LoadBalancerReady - True if the following conditions are - met: * A load balancer is managed. * The load balancer is - ready. - False if any of those conditions are unsatisfied. \n - \ * DNSManaged - True if the following conditions are met: * - The endpoint publishing strategy and platform support DNS. * - The ingress controller domain is set. * dns.config.openshift.io/cluster - configures DNS zones. - False if any of those conditions are unsatisfied. - \n * DNSReady - True if the following conditions are met: * - DNS is managed. * DNS records have been successfully created. - \ - False if any of those conditions are unsatisfied." + \n * LoadBalancerManaged - True if the following conditions are + met: * The endpoint publishing strategy requires a service load + balancer. - False if any of those conditions are unsatisfied. \n + * LoadBalancerReady - True if the following conditions are met: + * A load balancer is managed. * The load balancer is ready. - False + if any of those conditions are unsatisfied. \n * DNSManaged - True + if the following conditions are met: * The endpoint publishing strategy + and platform support DNS. * The ingress controller domain is set. + * dns.config.openshift.io/cluster configures DNS zones. - False + if any of those conditions are unsatisfied. \n * DNSReady - True + if the following conditions are met: * DNS is managed. * DNS records + have been successfully created. - False if any of those conditions + are unsatisfied." items: description: OperatorCondition is just the standard condition fields. properties: @@ -1551,12 +1551,12 @@ spec: description: "type is the type of AWS load balancer to instantiate for an ingresscontroller. \n Valid values are: \n * \"Classic\": A Classic Load Balancer - that makes routing decisions at either the transport + that makes routing decisions at either the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). - See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb + See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb \n * \"NLB\": A Network Load Balancer that makes - routing decisions at the transport layer (TCP/SSL). - See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb" + routing decisions at the transport layer (TCP/SSL). + See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb" enum: - Classic - NLB @@ -1574,14 +1574,14 @@ spec: description: "clientAccess describes how client access is restricted for internal load balancers. \n Valid values are: * \"Global\": Specifying an internal - load balancer with Global client access allows - clients from any region within the VPC to communicate - with the load balancer. \n https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access + load balancer with Global client access allows clients + from any region within the VPC to communicate with + the load balancer. \n https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access \n * \"Local\": Specifying an internal load balancer - with Local client access means only clients within + with Local client access means only clients within the same region (and VPC) as the GCP load balancer - \ can communicate with the load balancer. Note - that this is the default behavior. \n https://cloud.google.com/load-balancing/docs/internal#client_access" + can communicate with the load balancer. Note that + this is the default behavior. \n https://cloud.google.com/load-balancing/docs/internal#client_access" enum: - Global - Local @@ -1752,6 +1752,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic observedGeneration: description: observedGeneration is the most recent generation observed. format: int64 @@ -1800,6 +1801,7 @@ spec: are ANDed. type: object type: object + x-kubernetes-map-type: atomic selector: description: selector is a label selector, in string format, for ingress controller pods corresponding to the IngressController. The number @@ -1813,7 +1815,7 @@ spec: description: "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, - to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" + to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" items: type: string type: array @@ -1821,7 +1823,7 @@ spec: description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n - \ minTLSVersion: TLSv1.1 \n NOTE: currently the highest minTLSVersion + minTLSVersion: TLSv1.1 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" enum: - VersionTLS10 diff --git a/operator/v1/0000_50_insights-operator_00-insightsoperator.crd.yaml b/operator/v1/0000_50_insights-operator_00-insightsoperator.crd.yaml index fcad9f9573f..f9b70ad13c8 100644 --- a/operator/v1/0000_50_insights-operator_00-insightsoperator.crd.yaml +++ b/operator/v1/0000_50_insights-operator_00-insightsoperator.crd.yaml @@ -112,7 +112,7 @@ spec: type: array minItems: 1 items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n \ttype FooStatus struct{ \t // Represents the observations of a foo's current state. \t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" \t // +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map \t // +listMapKey=type \t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields \t}" + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" type: object required: - lastTransitionTime diff --git a/operator/v1/0000_70_dns-operator_00.crd.yaml b/operator/v1/0000_70_dns-operator_00.crd.yaml index 22d8277e9c3..facc4a7e01a 100644 --- a/operator/v1/0000_70_dns-operator_00.crd.yaml +++ b/operator/v1/0000_70_dns-operator_00.crd.yaml @@ -88,9 +88,9 @@ spec: description: 'logLevel describes the desired logging verbosity for CoreDNS. Any one of the following values may be specified: * Normal logs errors from upstream resolvers. * Debug logs errors, NXDOMAIN - responses, and NODATA responses. * Trace logs errors and all responses. Setting - logLevel: Trace will produce extremely verbose logs. Valid values - are: "Normal", "Debug", "Trace". Defaults to "Normal".' + responses, and NODATA responses. * Trace logs errors and all responses. + Setting logLevel: Trace will produce extremely verbose logs. Valid + values are: "Normal", "Debug", "Trace". Defaults to "Normal".' enum: - Normal - Debug @@ -120,7 +120,7 @@ spec: type: string description: "nodeSelector is the node selector applied to DNS pods. \n If empty, the default is used, which is currently the - following: \n kubernetes.io/os: linux \n This default is subject + following: \n kubernetes.io/os: linux \n This default is subject to change. \n If set, the specified selector is used and replaces the default." type: object @@ -442,9 +442,9 @@ spec: - address description: "Upstream can either be of type SystemResolvConf, or of type Network. \n * For an Upstream of type SystemResolvConf, - no further fields are necessary: The upstream will be configured + no further fields are necessary: The upstream will be configured to use /etc/resolv.conf. * For an Upstream of type Network, - a NetworkResolver field needs to be defined with an IP address + a NetworkResolver field needs to be defined with an IP address or IP:port if the upstream listens on a port other than 53." properties: address: @@ -468,7 +468,7 @@ spec: an IP/IP:port resolver or the local /etc/resolv.conf. Type accepts 2 possible values: SystemResolvConf or Network. \n * When SystemResolvConf is used, the Upstream structure - does not require any further fields to be defined: /etc/resolv.conf + does not require any further fields to be defined: /etc/resolv.conf will be used * When Network is used, the Upstream structure must contain at least an Address" enum: @@ -504,9 +504,8 @@ spec: conditions: description: "conditions provide information about the state of the DNS on the cluster. \n These are the supported DNS conditions: \n - \ * Available - True if the following conditions are met: * - DNS controller daemonset is available. - False if any of those - conditions are unsatisfied." + * Available - True if the following conditions are met: * DNS controller + daemonset is available. - False if any of those conditions are unsatisfied." items: description: OperatorCondition is just the standard condition fields. properties: diff --git a/platform/v1alpha1/platformoperators.crd.yaml b/platform/v1alpha1/platformoperators.crd.yaml index 607d73b764b..e8577a5dcbb 100644 --- a/platform/v1alpha1/platformoperators.crd.yaml +++ b/platform/v1alpha1/platformoperators.crd.yaml @@ -65,7 +65,7 @@ spec: description: conditions represent the latest available observations of a platform operator's current state. type: array items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n \ttype FooStatus struct{ \t // Represents the observations of a foo's current state. \t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" \t // +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map \t // +listMapKey=type \t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields \t}" + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" type: object required: - lastTransitionTime diff --git a/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml b/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml index bf2038c919d..35e9323838d 100644 --- a/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml +++ b/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml @@ -78,6 +78,7 @@ spec: type: array items: type: string + x-kubernetes-map-type: atomic scopes: description: A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects. type: array @@ -125,6 +126,7 @@ spec: additionalProperties: type: string nullable: true + x-kubernetes-map-type: atomic status: description: Status defines the actual enforced quota and its current usage type: object diff --git a/sharedresource/v1alpha1/0000_10_sharedconfigmap.crd.yaml b/sharedresource/v1alpha1/0000_10_sharedconfigmap.crd.yaml index 8dc37106d6e..b55ac1d72ea 100644 --- a/sharedresource/v1alpha1/0000_10_sharedconfigmap.crd.yaml +++ b/sharedresource/v1alpha1/0000_10_sharedconfigmap.crd.yaml @@ -22,7 +22,7 @@ spec: storage: true "schema": "openAPIV3Schema": - description: "SharedConfigMap allows a ConfigMap to be shared across namespaces. Pods can mount the shared ConfigMap by adding a CSI volume to the pod specification using the \"csi.sharedresource.openshift.io\" CSI driver and a reference to the SharedConfigMap in the volume attributes: \n spec: volumes: - name: shared-configmap csi: driver: csi.sharedresource.openshift.io volumeAttributes: sharedConfigMap: my-share \n For the mount to be successful, the pod's service account must be granted permission to 'use' the named SharedConfigMap object within its namespace with an appropriate Role and RoleBinding. For compactness, here are example `oc` invocations for creating such Role and RoleBinding objects. \n `oc create role shared-resource-my-share --verb=use --resource=sharedconfigmaps.sharedresource.openshift.io --resource-name=my-share` `oc create rolebinding shared-resource-my-share --role=shared-resource-my-share --serviceaccount=my-namespace:default` \n Shared resource objects, in this case ConfigMaps, have default permissions of list, get, and watch for system authenticated users. \n Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support." + description: "SharedConfigMap allows a ConfigMap to be shared across namespaces. Pods can mount the shared ConfigMap by adding a CSI volume to the pod specification using the \"csi.sharedresource.openshift.io\" CSI driver and a reference to the SharedConfigMap in the volume attributes: \n spec: volumes: - name: shared-configmap csi: driver: csi.sharedresource.openshift.io volumeAttributes: sharedConfigMap: my-share \n For the mount to be successful, the pod's service account must be granted permission to 'use' the named SharedConfigMap object within its namespace with an appropriate Role and RoleBinding. For compactness, here are example `oc` invocations for creating such Role and RoleBinding objects. \n `oc create role shared-resource-my-share --verb=use --resource=sharedconfigmaps.sharedresource.openshift.io --resource-name=my-share` `oc create rolebinding shared-resource-my-share --role=shared-resource-my-share --serviceaccount=my-namespace:default` \n Shared resource objects, in this case ConfigMaps, have default permissions of list, get, and watch for system authenticated users. \n Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support." type: object properties: apiVersion: @@ -63,7 +63,7 @@ spec: description: conditions represents any observations made on this particular shared resource by the underlying CSI driver or Share controller. type: array items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n \ttype FooStatus struct{ \t // Represents the observations of a foo's current state. \t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" \t // +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map \t // +listMapKey=type \t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields \t}" + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" type: object required: - lastTransitionTime diff --git a/sharedresource/v1alpha1/0000_10_sharedsecret.crd.yaml b/sharedresource/v1alpha1/0000_10_sharedsecret.crd.yaml index 2ab4b2fda45..5ac0e423daa 100644 --- a/sharedresource/v1alpha1/0000_10_sharedsecret.crd.yaml +++ b/sharedresource/v1alpha1/0000_10_sharedsecret.crd.yaml @@ -22,7 +22,7 @@ spec: storage: true "schema": "openAPIV3Schema": - description: "SharedSecret allows a Secret to be shared across namespaces. Pods can mount the shared Secret by adding a CSI volume to the pod specification using the \"csi.sharedresource.openshift.io\" CSI driver and a reference to the SharedSecret in the volume attributes: \n spec: volumes: - name: shared-secret csi: driver: csi.sharedresource.openshift.io volumeAttributes: sharedSecret: my-share \n For the mount to be successful, the pod's service account must be granted permission to 'use' the named SharedSecret object within its namespace with an appropriate Role and RoleBinding. For compactness, here are example `oc` invocations for creating such Role and RoleBinding objects. \n `oc create role shared-resource-my-share --verb=use --resource=sharedsecrets.sharedresource.openshift.io --resource-name=my-share` `oc create rolebinding shared-resource-my-share --role=shared-resource-my-share --serviceaccount=my-namespace:default` \n Shared resource objects, in this case Secrets, have default permissions of list, get, and watch for system authenticated users. \n Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support." + description: "SharedSecret allows a Secret to be shared across namespaces. Pods can mount the shared Secret by adding a CSI volume to the pod specification using the \"csi.sharedresource.openshift.io\" CSI driver and a reference to the SharedSecret in the volume attributes: \n spec: volumes: - name: shared-secret csi: driver: csi.sharedresource.openshift.io volumeAttributes: sharedSecret: my-share \n For the mount to be successful, the pod's service account must be granted permission to 'use' the named SharedSecret object within its namespace with an appropriate Role and RoleBinding. For compactness, here are example `oc` invocations for creating such Role and RoleBinding objects. \n `oc create role shared-resource-my-share --verb=use --resource=sharedsecrets.sharedresource.openshift.io --resource-name=my-share` `oc create rolebinding shared-resource-my-share --role=shared-resource-my-share --serviceaccount=my-namespace:default` \n Shared resource objects, in this case Secrets, have default permissions of list, get, and watch for system authenticated users. \n Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support." type: object properties: apiVersion: @@ -63,7 +63,7 @@ spec: description: conditions represents any observations made on this particular shared resource by the underlying CSI driver or Share controller. type: array items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n \ttype FooStatus struct{ \t // Represents the observations of a foo's current state. \t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" \t // +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map \t // +listMapKey=type \t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields \t}" + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" type: object required: - lastTransitionTime