From 8f2198bb886bc4420c9a94f1170b99b27e94c54a Mon Sep 17 00:00:00 2001 From: Mark Old Date: Mon, 30 Oct 2023 14:35:00 -0700 Subject: [PATCH] operator hive-operator (1.2.4336-412cf72) Signed-off-by: Mark Old --- ....2.4336-412cf72.clusterserviceversion.yaml | 482 +++++++ .../hive.openshift.io_checkpoints.yaml | 70 + .../hive.openshift.io_clusterclaims.yaml | 161 +++ ...ft.io_clusterdeploymentcustomizations.yaml | 131 ++ .../hive.openshift.io_clusterdeployments.yaml | 1245 +++++++++++++++++ ...hive.openshift.io_clusterdeprovisions.yaml | 364 +++++ .../hive.openshift.io_clusterimagesets.yaml | 57 + .../hive.openshift.io_clusterpools.yaml | 704 ++++++++++ .../hive.openshift.io_clusterprovisions.yaml | 186 +++ .../hive.openshift.io_clusterrelocates.yaml | 114 ++ .../hive.openshift.io_clusterstates.yaml | 100 ++ .../manifests/hive.openshift.io_dnszones.yaml | 238 ++++ .../hive.openshift.io_hiveconfigs.yaml | 827 +++++++++++ ...ve.openshift.io_machinepoolnameleases.yaml | 59 + .../hive.openshift.io_machinepools.yaml | 705 ++++++++++ ...hift.io_selectorsyncidentityproviders.yaml | 653 +++++++++ .../hive.openshift.io_selectorsyncsets.yaml | 204 +++ ...ve.openshift.io_syncidentityproviders.yaml | 624 +++++++++ .../manifests/hive.openshift.io_syncsets.yaml | 175 +++ ...ternal.openshift.io_clustersyncleases.yaml | 50 + ...iveinternal.openshift.io_clustersyncs.yaml | 245 ++++ ...rnal.openshift.io_fakeclusterinstalls.yaml | 184 +++ .../metadata/annotations.yaml | 7 + 23 files changed, 7585 insertions(+) create mode 100644 operators/hive-operator/1.2.4336-412cf72/manifests/hive-operator.v1.2.4336-412cf72.clusterserviceversion.yaml create mode 100644 operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_checkpoints.yaml create mode 100644 operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterclaims.yaml create mode 100644 operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterdeploymentcustomizations.yaml create mode 100644 operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterdeployments.yaml create mode 100644 operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterdeprovisions.yaml create mode 100644 operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterimagesets.yaml create mode 100644 operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterpools.yaml create mode 100644 operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterprovisions.yaml create mode 100644 operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterrelocates.yaml create mode 100644 operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterstates.yaml create mode 100644 operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_dnszones.yaml create mode 100644 operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_hiveconfigs.yaml create mode 100644 operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_machinepoolnameleases.yaml create mode 100644 operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_machinepools.yaml create mode 100644 operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_selectorsyncidentityproviders.yaml create mode 100644 operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_selectorsyncsets.yaml create mode 100644 operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_syncidentityproviders.yaml create mode 100644 operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_syncsets.yaml create mode 100644 operators/hive-operator/1.2.4336-412cf72/manifests/hiveinternal.openshift.io_clustersyncleases.yaml create mode 100644 operators/hive-operator/1.2.4336-412cf72/manifests/hiveinternal.openshift.io_clustersyncs.yaml create mode 100644 operators/hive-operator/1.2.4336-412cf72/manifests/hiveinternal.openshift.io_fakeclusterinstalls.yaml create mode 100644 operators/hive-operator/1.2.4336-412cf72/metadata/annotations.yaml diff --git a/operators/hive-operator/1.2.4336-412cf72/manifests/hive-operator.v1.2.4336-412cf72.clusterserviceversion.yaml b/operators/hive-operator/1.2.4336-412cf72/manifests/hive-operator.v1.2.4336-412cf72.clusterserviceversion.yaml new file mode 100644 index 00000000000..ada0f8af9a2 --- /dev/null +++ b/operators/hive-operator/1.2.4336-412cf72/manifests/hive-operator.v1.2.4336-412cf72.clusterserviceversion.yaml @@ -0,0 +1,482 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[{"apiVersion":"hive.openshift.io/v1","kind":"HiveConfig","metadata":{"name":"hive"},"spec":{"managedDomains":[{"aws":{"credentialsSecretRef":{"name":"my-route53-creds"}},"domains":["my-base-domain.example.com"]}]}}]' + capabilities: Seamless Upgrades + categories: OpenShift Optional + certified: 'false' + containerImage: quay.io/app-sre/hive:412cf72dcc + createdAt: '2023-10-30T14:32:19Z' + description: OpenShift cluster provisioning and management at scale. + operators.operatorframework.io/internal-objects: '["checkpoints.hive.openshift.io","clusterdeprovisions.hive.openshift.io","clusterprovisions.hive.openshift.io","clusterstates.hive.openshift.io","machinepoolnameleases.hive.openshift.io","clustersyncleases.hiveinternal.openshift.io","clustersyncs.hiveinternal.openshift.io","fakeclusterinstalls.hiveinternal.openshift.io"]' + repository: https://github.com/openshift/hive + support: Hive Team + name: hive-operator.v1.2.4336-412cf72 + namespace: placeholder +spec: + customresourcedefinitions: + owned: + - description: Checkpoint is the Schema for the backup of Hive objects. + displayName: Checkpoint + kind: Checkpoint + name: checkpoints.hive.openshift.io + version: v1 + - description: ClusterClaim represents a claim to a cluster from a cluster pool. + displayName: ClusterClaim + kind: ClusterClaim + name: clusterclaims.hive.openshift.io + version: v1 + - description: ClusterDeploymentCustomization is the Schema for clusterdeploymentcustomizations + API. + displayName: ClusterDeploymentCustomization + kind: ClusterDeploymentCustomization + name: clusterdeploymentcustomizations.hive.openshift.io + version: v1 + - description: ClusterDeployment is the Schema for the clusterdeployments API + displayName: ClusterDeployment + kind: ClusterDeployment + name: clusterdeployments.hive.openshift.io + version: v1 + - description: ClusterDeprovision is the Schema for the clusterdeprovisions API + displayName: ClusterDeprovision + kind: ClusterDeprovision + name: clusterdeprovisions.hive.openshift.io + version: v1 + - description: ClusterImageSet is the Schema for the clusterimagesets API + displayName: ClusterImageSet + kind: ClusterImageSet + name: clusterimagesets.hive.openshift.io + version: v1 + - description: ClusterPool represents a pool of clusters that should be kept ready + to be given out to users. Clusters are removed from the pool once claimed + and then automatically replaced with a new one. + displayName: ClusterPool + kind: ClusterPool + name: clusterpools.hive.openshift.io + version: v1 + - description: ClusterProvision is the Schema for the clusterprovisions API + displayName: ClusterProvision + kind: ClusterProvision + name: clusterprovisions.hive.openshift.io + version: v1 + - description: ClusterRelocate is the Schema for the ClusterRelocates API + displayName: ClusterRelocate + kind: ClusterRelocate + name: clusterrelocates.hive.openshift.io + version: v1 + - description: ClusterState is the Schema for the clusterstates API + displayName: ClusterState + kind: ClusterState + name: clusterstates.hive.openshift.io + version: v1 + - description: DNSZone is the Schema for the dnszones API + displayName: DNSZone + kind: DNSZone + name: dnszones.hive.openshift.io + version: v1 + - description: HiveConfig is the Schema for the hives API + displayName: HiveConfig + kind: HiveConfig + name: hiveconfigs.hive.openshift.io + version: v1 + - description: MachinePoolNameLease is the Schema for the MachinePoolNameLeases + API. This resource is mostly empty as we're primarily relying on the name + to determine if a lease is available. Note that not all cloud providers require + the use of a lease for naming, at present this is only required for GCP where + we're extremely restricted on name lengths. + displayName: MachinePoolNameLease + kind: MachinePoolNameLease + name: machinepoolnameleases.hive.openshift.io + version: v1 + - description: MachinePool is the Schema for the machinepools API + displayName: MachinePool + kind: MachinePool + name: machinepools.hive.openshift.io + version: v1 + - description: SelectorSyncIdentityProvider is the Schema for the SelectorSyncSet + API + displayName: SelectorSyncIdentityProvider + kind: SelectorSyncIdentityProvider + name: selectorsyncidentityproviders.hive.openshift.io + version: v1 + - description: SelectorSyncSet is the Schema for the SelectorSyncSet API + displayName: SelectorSyncSet + kind: SelectorSyncSet + name: selectorsyncsets.hive.openshift.io + version: v1 + - description: SyncIdentityProvider is the Schema for the SyncIdentityProvider + API + displayName: SyncIdentityProvider + kind: SyncIdentityProvider + name: syncidentityproviders.hive.openshift.io + version: v1 + - description: SyncSet is the Schema for the SyncSet API + displayName: SyncSet + kind: SyncSet + name: syncsets.hive.openshift.io + version: v1 + - description: ClusterSyncLease is a record of the last time that SyncSets and + SelectorSyncSets were applied to a cluster. + displayName: ClusterSyncLease + kind: ClusterSyncLease + name: clustersyncleases.hiveinternal.openshift.io + version: v1alpha1 + - description: ClusterSync is the status of all of the SelectorSyncSets and SyncSets + that apply to a ClusterDeployment. + displayName: ClusterSync + kind: ClusterSync + name: clustersyncs.hiveinternal.openshift.io + version: v1alpha1 + - description: FakeClusterInstall represents a fake request to provision an agent + based cluster. + displayName: FakeClusterInstall + kind: FakeClusterInstall + name: fakeclusterinstalls.hiveinternal.openshift.io + version: v1alpha1 + description: "Hive for Red Hat OpenShift is an operator that runs on top of Kubernetes/OpenShift.\ + \ Hive can be used to provision\nand perform initial configuration of OpenShift\ + \ clusters.\n\nFor provisioning OpenShift, Hive uses the [OpenShift installer](https://github.com/openshift/installer).\n\ + \n### Supported cloud providers\n* Alibaba Cloud\n* AWS\n* Azure\n* Google Cloud\ + \ Platform\n* IBM Cloud\n* Red Hat OpenStack\n* oVirt\n* vSphere\n\nIn the future\ + \ Hive will support more cloud providers.\n\n## Documentation\n\n* [Quick Start\ + \ Guide](https://github.com/openshift/hive/blob/master/docs/quick_start.md)\n\ + * [Using Hive](https://github.com/openshift/hive/blob/master/docs/using-hive.md)\n\ + * [Hiveutil CLI](https://github.com/openshift/hive/blob/master/docs/hiveutil.md)\n\ + * [Frequently Asked Questions](https://github.com/openshift/hive/blob/master/docs/FAQs.md)\n\ + * [Troubleshooting](https://github.com/openshift/hive/blob/master/docs/troubleshooting.md)\n\ + * [Architecture](https://github.com/openshift/hive/blob/master/docs/architecture.md)\n\ + \nSee the [project README](https://github.com/openshift/hive#documentation) for\ + \ more documentation.\n\n## Post Install Configuration\n\nAfter installing the\ + \ Hive for Red Hat OpenShift operator, create a cluster-scoped `HiveConfig` CR\ + \ to configure Hive.\nUpon creation of `HiveConfig`, the operator will create\ + \ the necessary Kubernetes resources to launch Hive.\n\nExample `HiveConfig`:\n\ + ```yaml\n---\n apiVersion: hive.openshift.io/v1\n kind: HiveConfig\n metadata:\n\ + \ name: hive\n spec:\n managedDomains:\n - aws:\n credentialsSecretRef:\n\ + \ name: my-route53-creds\n domains:\n - my-base-domain.example.com\n\ + \ logLevel: debug\n targetNamespace: hive\n```\n\n## Create a cluster\n\n\ + To create a cluster with Hive, create a `ClusterDeployment` CR. You can also use\ + \ the\n[`hiveutil` tool](https://github.com/openshift/hive/blob/master/docs/hiveutil.md)'s\ + \ `create-cluster` command\nto create clusters." + displayName: Hive for Red Hat OpenShift + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAAFAAAABQCAYAAACOEfKtAAAmB3pUWHRSYXcgcHJvZmlsZSB0eXBlIGV4aWYAAHjarZxpshw3kq3/YxVvCZjhWA5Gs95BL/99B5mkRIlSV5s1b4l5mRkZgQDcz+DwKHf++7+u+3/8sd6yy6VZ7bV6/uSeexz8Yv7zp7+/g8/v7/enfD/i37+8735+EHkr8Zo+/2zje/zg/fLHF35cI8xf33f2/STa90Th54nfn6Qr6/f950Hyfvy8H/L3RP18fqnd2p+HOr8nWt8D31C+/+Wfw/q86N/ulzcas7QLF0oxnhSS5++YviNI+i+kwav+5t9RvyV+T6k6XnL6cTIm5Jfb+/Hq/Z8n6JdJ/vGb++vs//ztL5Mfx/f99Je5rN854pfffhDKX95PPy8T/3zh9HNE8dcPdovhb7fz/e/ebfeez92NXJnR+o2oN9nhx2k4cDLl6X2t8tP4r/B7ez+dH/PDL5Z8++UnPyv0EFmV60IOO4xww3mvKyyGmOOJjdcYFwul9yy12ON6K5b1E25sqaedjPVb8TiWLqf4cyzhXbe/661gXHkHDo2BkwW+8o8/7t8+/N/8uHuXpih4+zlXjCsqrhmGVk5/cxQLEu533cqb4B8/3+X3f4ofQpUVLG+ajRscfn5OMUv4I7bSW+fEcYXXTwoF1/b3BEwR1y4MJiRWwNeQSqjBtxhbCMyjsUCDkceU42QFQilxM8iYyZDoWrSoa/OdFt6xscQa9TbYxEKUVFNjbXoaLFbOhfhp2YihUVLJpZRaWjFXehk11VxLrbVVgdxoqeVWWm2tWettWLJsxao1M+s2euwJDCy99tat9z5GdIMLDc41OH7wzowzzTzLrLNNm32ORfisvMqqqy1bfY0dd9rAxK67bdt9jxPcASlOPuXU046dfsYl1m66+ZZbb7t2+x0/V+27qn/7+V+sWviuWnwrpePaz1XjXdfaj1MEwUnRmrFiMQdWvGkFCOioNfMWco5aOa2Z75GkKJFBFq2N20ErxhLmE2K54efa/bFy/9G6uWL/0brF/2nlnJbu/2LlHEv393X7zapt8dx6K/bJQs2pT2Qfx4xojv+856/fv9Y8E+g0Ani4PLmyyY5ZNJc5MB/nMjPMlnlHVg1OulpLZaU6y0ncSl2r+bXjMH/8TSG2UWqLY3tj3CTZYq3GmnuV2/re+7pmfebLbJTGgk4rUOiqPuW67cybx2nj3BP9AOt6abOBjHZY03GTTQPj72hhurxOHj0s1mXeE7S0/eQ+72bkjTOFskpahWkPZ5ewRg2BiSv3zO3PqkRsI6Dc2TuuteKecfTZTrG9PEPgp/TUGIvNMUc45Xa4YDHhFkOxcPotjHLE6Xup3c1N0l2/YglWl83d0hjrtuwNfgD5azrFt7uqzbrLaLNkP/gMNcFH9X00bDsyYa1zW6q3NnJq7BGaJjT1cxhiGswYOuASkvcQ/5aKgqt9TkcYbBjlBjdGyN9z+e+pFlqiFsJrztmYx5FmQ0BkzrXfDRED8fKdF7CxLAt1u9l3qp1REgGKv0qAVhvEyqhzdFvXN7KHs21TeLfJUSV0TjyJhf2wIaTLqpV6dyeDIMNzYkmnceFM/vtcw76nlyN6Ix+YjzHbnouQ8KkQWow7zjtzvY6VNA0dFs8kG8se54iBSdj5pjErSNTGSqTJInArtzMtXjAkljnPBZZqTwZBduLgTPCAJCbV2wIDAvNR+qiEctTQbKfLzd0V5yTewQXjG4jZGpmgCV5EYMQHAivNMM6yUpiUmljQbXnM3Fin2rfWoyAMln7JRcrxr6/u7x8QyZfsKJ2oCTOXWa6/exvAcnPfeSEmgBtCHNzMnfUMsy/HVHLQBQZBQ1ZrMokpAzMdNBPkKHBs17PJOyNTFsDQCLZeSg8mUtRyL1c1daCznUGSMRWsMPFUSRlPHpVK9uf0MmaRXvNEEmazXn6fli75NC+3PxCjYASpn3bMduPs4EmvAj9Ioqw828iZ+PKtg8YenB718G5ojVBkUdFOCnzH7ZhgbPYwZz8r4iIYzD9C3T+9SrBzgkjgHQ9c1NSRocx8bGg/FFnoZMUJB0k3wDFoinhFkUtgh1qLdWIKnHZpk4LjHDKsgPg7VwRhJZeAT+Nre2SYj/CwcTt4xuKEhoybNVjLia8CjChH1wpJzryT13d6KdoIYrTRgZJx9uCSdeYeyEDiecKIfAY6zLIDgFXbYfXzPG7yN0ma+krzML8o3mQ+kxGzCH9brMxcs0DMDH9Ykk/MiRM0PUN+6LHI5xe4YeU9jDNUBhvWrjeGTB6Bh/wSDmwv4kE8nTVOydEf1i2UDSWigR3EstIAJ9J4jMlZ95V7AWQVaUOkAO6AW2Qx+FFBKD9mKCwt6o3BBFBquzGJsgYsJ+F0FZr52LVuTKXCASyfaw4QfIHKMC3RiBAhzHMVGr4AmJ5V+7cgGcARfL7AITCKePdK6HNwaDUDC8fDND6BWW6zaP3yTttdYQ+dZEGUwnKBVDdsa1VwkivhD6ONa2sUdEmfgixubhINrsDuLe+wQRo8ctwjLaQZzNrSkhhQ/uBwDVyBgcvhqA6qJYUE4CadBKHAtAQtiofVgIxJPFgMamfIgPa7ey7pf1noP70iRlACRHjTqiXOUohnQg/IbBBPJ57nLm0lbrVMuZkYBXCsOfLMm23Wpk3BOb4HFFjFlTvDrpAaMEgGIQPAtwR+8msjugkUZmdMiYeOEMIqwS4bCXesa7naiq3dhtBCEqEuSLnkobOQmHM5spMqedJUAehjI5oyTHfQFAsW8ehEkGR/b7Jm/6CWrwF4Y9fZicCc/Z2ncMqDvYO/baF9MnkLgpcDysEJAF8hqA/3sjeJs5x0AGpkawyQaGf9N4l8mZrQb2sgGWZpQCFIxwGEbeEBuqNBvZI2E1PSV3cXBUlyRW4e7JscBfrNl5e42zP9d8j/9BrIaFzudqzdutl6vusis9YMKlsQXOheZHZZo6HaoE0hM7Yjp4tuRJJOL8gK4rpCGDj0Ux4baliiRgbWIRC0CZrrNFRGiivDBgVtmJNkyhzicsDmnKTrwd6KWMVRPOCiMUtRR6IXwFkA/XOgWICkTgATYldCLqLf1ycd0b/Ey0vOX1QtvgCZF/pM8nLcSN7YwPn5GIQBjNETWwWnMhgYiiMMVCGo0B2cGGQ1SO3BHTAXJIvgO9iR5CSmboLLo3grPY1x8A9EQcggUT6ecREwzmMSlngR5aC30AjcHAof5IJxlwHV4HchJQtjacznPAca7VLQbR0tNHHuuOd3t+dKGIkgL9JvBpIGLJ9vCTtfJKoLgYhqH1nrxizz/f7EHffSXICZIy6F0R+ABL4uTKFd+Iab3hvcGFfCNOOZoG4WfC/EGTFOCIQEoOKc93C7FEzJyZE0QtnA6WfJ4cElXwoGgM5pCPO/czCciRyG6O7B1HSyEJholvE/yi3GQHItL5FRAX2P6SJwWkEw1S4kJ/js+mppYB9iwJohRpus2CJKh8QbVItHG7ncIv6d3VL1C00zz9BcASQNJzGBVQgRzQ2QYLA2puaAkTUFwjgkWP82K1cWwvBoTHeYiHJmhQid9aPrmqWdMugC1IJqJL+U/92tIyR2LuSc2QXd9sutzbcbCQZZXBQVdqV/4ygAc6PgWRuOE+XOUEZH+aNvmKMXA+TzTId1aQPElHbly8UMU0mogz+4wsnhoASqFW0nYU5c54KqZdqavCcumqg/YOwmDiDXDQcEBsWtKOXBAQIImaO4BIFwqJhdmORUsDy4s3CZEpwKMsxfI3ck2wciAZuAXQo9ixRxuvI4JDXUJdiHnRYIjFlk+bHrrDiLGZEFYDvefonMwSbQCHaU0UoX8mPBOuPKIDmGD7VD2GhYDAq2a9nhc7HYIxIkXxoH48pHoYx6fb9Y9IO5yVJrcBdjTAgfom2SiD6B3VImDpFijHAjgQkoroF6rkhh5CiS2M9F1k3cNQeRuQjbWMXRO3A1nBGgogNCc58jYOf0ibUNtbck1Z8RJS/WWF8Z02+osRb3E2one6lyX5GxzaGdOOlmBjlPlZPJWydGFq3NzNb+Iu0yUYGAPhHFgZcm+Vf3KNjJeUKswYWO0a3fUPPMUP0RagPUwu4PKYP0ZZMSC34F0sHioCU4crYOnseI0OKIzYF95F24NL7JAInRExOQap4gLsYNpSIVB7xbIPeDAOHMSsjhBogKx2LiLKouCfv4RQgLxTYZAdgT4hdOOgP4QSN1cRI41OVnLloOuzl1AUQEatWIdpxDDKwqevceU0FCAcEiNU6CPEF/cN4I4RGXE/t2gKzBVbaqg92qk3vJAnMmgYso8NqrSsAgTZMh76j1QELwdrGL3DVNA0AN3KmYvD50NOX1fmonD37hjogBMC6tuGvOKBQup6GSKzeIIzYHIAWW1BL/YtViTx5XfC9emhuEL4CYC0kNrHvMQ7BTyUv5IpOZvBfYgTefOhiV63XM7nIZ+eUlHdDlMJPJRm4Rqu6jNMTsvAN4J/ZJrsAMQQJ8ktF7VeWkCfJPqREs2QmEXcZ7nrzx5KjsTciQ9ta9yjWTiRFrIIw+8PHkdkBDoXSa8KMnJ/tyZH07IUa8JsXhfCI3DpYDpU3m4p+foCa0kBioaVUIyWn8Ge4fOdgdBJeJp8aUgb2GU1kiCdIEassq3cU3TQokYRaSEGBZkbnCkXxWYMx23fWEJMLlEmzaGXjqB6uXymSMyOwq5Y2cFPaysEW7VGQQpILmnYMV4B59d2X3I32YPCL59CZgbAkWMJjkqqw63quUul5x8MpnlgHahxtJhV1H8Y5vefQm2JRPUY3Eg/BbNSbGx5wxrIuYE5dzGu7kMX/gqkg28OscNBqE5tLTWIwNAfqhJgwpAULmbyaV6MDVrlzAp/yxFl0nOJ9KGRHIKsn0OBY8qf7C1KKAEB8m/iJUZJZRr8wlzAINIZUrE/QmHPgc3AFJZzLOetcxtVJ8dlBrPfcnNUENFMVcCYGG4uX+8H4S4ntsDFPU/hXYldGuYAMSkfyU8cPHZEI3KQGYG/TWiOQNJrxGSepnQRHflbjlUoh0dFGfVeEJsZGyqHKnEfSO/3q5Q5L7gNhbGfZMvMv0dNw+6OOJny1j6gEppBr00DZRwAwAorAICqx7GeCeG+IILpKaExShdlZmCOQoWI7tJXEjDMi3P067Sjd+hbsLQ1t1ZlGVW24GGsBVqZrT75QVQC6Szcj6PUD/wsxFVSDw2B7v3bki6pk5QqJMIqewkqQ5QNRZeyInHXxAHwIcr+JuZC1IiE1iTAkemPvkWmcmFU9FsU3NGPo8IPUxj6ZtLJU/kVVg/Wb5IPcqBYZhJaXx1g2HRYCFZeEw5gD1jOFUNCNKKpOk5f9qxF8NKPAjqgdgpR7Re5w5XMRqRQTAGxgDZA1z0QGsp0ZIQd0WedohZo6vFmUgEWIXLeIPslXxvBUnQDvJ1IBhRmGOiWSCyGTWnABMBN2KCLiAa5RDJ5RgSeU1owBwD/E8D/qRqUU7bygTjszTcXnu52MRcEChINzhXb5LPOAPJPgP1wDRYBO0KjAgiU1a4YDQRB0FQbg7yOektJfm0hNloF7NRK7dNQcARJIlnCZZvAG5S3AzLBtC7BLB0dNUrjveoc9Bb9IopYXYy4BcV9rUiQruQfUuxBHuDAv8/UQ1QhTrTnhQu/JNpw4HRYwfp/B8QCZJTM6wfIANWayAZob0VRoB1iyhNABp3O3pEkQQhdLHRWQ56yXQQIlxlGr6QAy3XzvhRkpPrSEWjJQizGdjTYgzLDMqJeHITDUdx6kXHgq85PgwVFKGk2GQMxZxnUgEZgveZAUIdHCLGOzEJdoW3wOXd1MwO6Kdae9pGgZB5B1U6EYGKX2HLD4UxALENifB7FUZK9Lb6MW6Vf1kgjvymJjdyMj7My6Jyiojwf1rsX1cm7kbKmYg9lTinih64ENGD3avotoDsKEqy0gN1fJBBMTW/nt1uOyKbm/wzGVZjbxlDlSPAVMbiwPUamcCRw5kYX6h+jAsYNAAMQKUw4PC2iPPgshulITQnxkERcanOPQvMA3FJlWHWucT9Gi62pkspaosh3xrUJX4R6I9lYLx62/LJ8FU31oEaa3cdr+prYHqnD2iqJlApDR2TdQPzCCpTwhA7YmqwMu3LNtdRtwV4JKpbwD+9YqdiNmq2tupIPZFzQsXEMHCX8Q1OJSyCHVU7zdeDGWFsM5uE1qcZBJq+LMD4FuFLMozyQS/dk+0/89cm347xIAqjVd6YaF9eFMfOgmHH5+pT+OJCCksxHs/kdy4BIypYF4uEaUSB96wRBw4fMvyK7+OSmP2xFxs/9mV/+nC7l+uTIRlI/OJPzzHowWJI87WkyAIrgJqtT2nbfonVep+M3HRe14ri14hB0nNV3cdKv8U6RoVLKfkriosEDVpjiLIJ4/rQM3vHZNsLDF48u5W/HuyJJGJ3e4Dzj9Oyz3Bv12m9nlqiQjorP+4U6RMD290TcuWlo6ZHIHWH2M1JTjZpeFhL3UceEgezOXAHthggXd7lVGJL4ABoQA71fw2cLTVgLKEkgR54NIF6mAIsHFzEsTR3ufg15SA3D4Tu2sUxyP1yV+TDPfiF5zWUJWdEAvrVeHQm9zXZycI7SoB4P6hpIdgQnGdWo4k6qg1MzvwJuBzOvieQyMPhuraNUFxeJEBzOLtsu4s5ztMNTt4H0i8lpgaspiFZ8Qqn0axOjgMCxKIcViXv+Aq6mR5mIMEUsoyB10keoAV+An9ApazHggcFcL806lYT8IaGayaP5m1oWMsBNQIchooQq7yMnE0SRtW3qL0flfd/6UctwWel6zQDE+4YZiFdraHawdnoT1nzJFqYRXEiaoSZwQ81MtZylbFN1kxzCDzTJQn1dy11wJmSJBd71gnGUgGhcvzeepUJkd1atYWUJP9BhU5aGqm+WRqdwU2fwAz4KCNKnCqP7dytTnTWGd0kgT24ms5srATcNRmBGMt26MbZlQP16zbVGjd2KZ9xfgOjab9R9Ue0PjE3mUmsURBkCCkxucj3ltl0Dm11kSWfFi5lvXCuFRnnMElOYreakMaRBYUsb60o471UwHtTAQbNjIkKWU1sSXoRsXyz8Y+xITArTs6Sd5qnJc86pkgDEEhxkBJbsyECkDwaTIEmhYkIrPIM6ZOqny9fENTHrfjgzFV1iQ1ARec+HiGpnMNGRo/H4hNQuyb3Amrne/sqrSIZUgXB2b5rEoFUmKM0ArkZpJ3QaeXvtMuYbiB2dduF4gzn+pABHxwqpCTGfBX1bVbJTxU/gIuRNrtaPtb2wO5ASskVVWhPGhI2Cvo5WKj2hshx6aHR6aCPv4YvbMfwizOCoTtL4ShFks6LCMUBZ5xG292qqANkZbm1e63O3+dGQWUYA939JeZwaAR2M2T2EJLJOY4tyLdtNPlCIjhxYpHHSFXtuCqpcJrX9YHNZEUbv+q+fKSe5gHxWUwyVyVUbUDU7HrJ2nDn3OXALDOSZJBwdGmNkMvU6895K6yYFbfDNIzWGyn+sfQyjiUDmLBHWh1kCNe1RPuxutkGPykPT3ip6rBTU13JFVSUhnDIND4HahhKRmOxxm6iCS5MLaWB0s0tVYFkmsdB73BJ0BJmId3kac9M2grX5UJv43ow1npjrpTpHDaMGes+ClymFXLr2A1kGbadJly/2NBmruplvPycGkzwO944JqI1XDaALnam0Ngb5kZtJEPKhjwNuPGwWYgGfxUnUG7g6Di2R1UfSu2wR5kW3Ov+FizEQbcg6DKb8EymqRp6/Tg+Qf+i8Xx2mbA3atIWWCCSvbzR0K5SozOhmiyh4UNYUY2YxwiOvtiLhtnyPJYTQ0OAvfcWSVS7Ziw3aqqOjGoi3VieMb4ENAq8SDCoCDQXbutRD25WcIsAaN0YOcQyAlErhyrqZoUtR9QnWpvLElQqqMxiRN8Fs4LDyrFHWWON1CIDKgD86m7YcGviqIJX/1RkHE4jxmfkn0VYmmAGGr1RsLH160qLqx6YnntQ3Wo5weu2DVHgYv2kYBP4h8vEmDIPLFWHX1dlfY4R2YMOyRq1R7ulVkgoczkJhIplLT7jF9KKgFpH8BIEewXt1TD05tApVrBkEsgE9F/VAqrmRmabSfON1OP2hj1Zakx5hVQnghyZASYjdRCnGhdOFUexWN8d0LVR/VyAc6wsuFtakDFy/F1lRN2rCBz6FLRjsgCfVTHwXJgDgTJGavXEDqQ8VSXF/pGojJp+9YEipPgyJxfzo10Rsxg/JBsUbtLzF5F2Fzcymhxa9cKjWdcuJPwC+Z4VY+Gm6iwnWoBHNXHQStoMxOeBjbRBZ3bwJvtoyTnUybraEPgzsC3YKm5MdMkQ9ImrAEAcFdXj4pQFQ3ZR3x7jej8+uqmiBqkVAK0SV1Q6VUh2uMAJmkj+70GRqziIRnLI8brph9tG/riansXyE2oMsHxfESgLoqHxs/beDU5fXfX+vhobCQlmDzdte815RswXCB0hTyIDmkphnE/BcYnn1V5+DAHt/BO2B9xlFMd7+seofsnfr+3Sb6ErFBjtEl7WEbiEUe/H40Go1rtU+v/elXCfSQQqhjGLr29jWTq2tqoehW8a3TQCqGhdc+vFQHMxa2pzlBBH1ybqtkogq1WBKQGJ1CVB4280T2lPpJWqycTwRxiqYkgqcubOInq1xcNQowv9UM21hrzsEpXUaJl8+oEOQVrgPlXRdLcZ4/rPtGm5rOq6mzLZPshZtSxGT1KOH+AD7vge0kMkG9pG+c1pkxvwanpTJ0GkKf1xRxkoChP9RyKAiSOvAquTBPic3bTph6+Gfekjs6pqqp2G13Q2D3utGubZCYi74YA/fQU/Ktk1tvxCwsTjIhRhqFV0HpDzQGqfcaeZsyudXRmPiRnx4zjBeQTNnqkJsIQUPTyT6/zC9KNN8g065ZR0tGjon0T2k6nFExD+TkjrMtUE5thdFUz+zMln6LC1FZxOEGDRJwh6wDSzdiPmmM3yl+BiRRsUryiVVT7UbqlnNNtGV5UtwKqwasokxk5SUuEWFeHEfGiDYBKijATGTxhxeNn47Xi+7tqTAn40OZUGo/G82PIkhfK7AalKtxF7llG+6oOCdaoieZTN07hbfagQ3GACOLlq2em5+vy16MW8CJWC/Wp/V3d9BqvS8t9VNT5VB9/2bOJHb5kavsvXTA5tpAxUAus2GCOVIRVVK18X2AQjaknsjo8C2/VzKG4NugoKqTaa5LBEPMZpIhIQgLq1urbt8stsfyvGQH9tZLKM5wf6RDfjeCSXkfmLWR5FY9oIMzxxuZW8yp0AWxE7U5ueHxcUGFWHWeExkALyOA+BZnO2zwjOzBUC4BDo3rQAXYCU8qMvKBgl2Wnbrf81Kxp0d7XJfr0oT6DZIhTwhMIJbonGklVhIzJAG0AIPXepjzg/sEtecJLQPctqeBN5lsFRfftIDjYyxR0kZsqwFWDRusTdUs9o7G5ghrXNGXSKD77erR/xeKj8oiwKl951Feup2MiwbQxgdoD0Fb+xJ/YVb+eg2NqhFdIXuXVrih5JkI7laQWVGkJvkZAR68bDKrDYJQyyyG/xf/Qvyz4q40Ej5RGm8FCVZ3kiDlCLKMP1JKrPM3SC+r+AosgWu1LaFZr6v0TgQudjb76EW2FVM6Ikt92o8U6i11Y3HD1WhVZ8qhtpTFWcOpm2kgegHOqb/NTvdEu/B1Z/X/wpGwBf49XnrIct8bJNIyFnbpqBzA9C4HFExDC/QDoIUZUSd3cHiYVvAbq6uo4UNSB2uG1MRu1weARKacUTNKOJaoh7iBmiCHmEDMnA9QiE30gC5THkSMA8oly/Ks2uFUmrhE3qacCXq8tWjyrWhMBK2P+jypMU10YAkqkJ3J67CoDXNR8oh4MDUVbwYSpVBVa7Tu/7n9Ka4CcX360km/VIpNygZkH26q2XJDyITgjlZE19in5y3MP9dXhDvA+q8hIpcb0Yf/GQkEjr7f2j1eHk0hJFYf1JZU04FVCnePkHs5SHEErSJTX7M06HDT6Bf4/u4yJPGa+ZQ7ebhucmtJ0GJkRA8SqVmCo8OgRBGxKAGobwflpycDUIgg3EnIA8gvvlkmX0jDJBR2zIEisLoNSQuhBGVB/rXkiBgEWgd6L2sMqbKSWobC+KMXwsS7auKjaHZ8st0NcEA8JKdtRGmudTxNXEvf/iOmkTXSxNLJBpl07KgNKI04wwYVvG/KYc48wlFVc5Oat2hfCiMXAyEPjm/sybhLQRYNeuSyFP0wV1QGT6zR1qLh1OuRuoE1T+eoBRCPWtJuAwkEJjK6mvEXARjxHMzhB/yZKGebQRshCQrk81xQScRK19Zhq+8neLhEuPOfqCUM0+NTeVaqq1sHLBJkPzJ5PYCC4mPqTNQu5Ci57vzEOMBXCO+FfPBBlNrSBiO2WBeBYIlwbjJsEJMgt8TfmqleHJdXjGJ9mGMyh/a6tE0OLZ8DlgrHqkSRbSEsTSqitVz7TvdJsUzUVFYGiQ6ioIRGrlCd+920EzNfXqB1b7e8iifbNGSjkiJaCRAV2HSR8u7HevwrENrGYOroqE3IyuA3rMaXtx14gH9mNFd2JmLu6V+6tENk4AVw1ZHO1XTyw8UPP9xxt+WoD8PXVZNHj6/DlKLDC/NDc6Yk1r7g6yQGFRV2ZXnGAaiDFUIMVxNJulgqU/tuImbJaqUBK+USIU22JSbsbqNNXq32NmBA1csEEIK/7cDGRwe/vdu7q6gc/qgLIXSRRRUPB4/nsw4Te5VfRWE01BO12vIqLWm0SWCjxe6O6twhBnBjJ8L6mnRFJwVhe+yQqrDo/dodog57CAFi1MRgbgI0W2NhA7GgEhe/QmHBMWqSkKMFp2jYUgR2IY02nWgDrjhQhRkH3oD6uV/wGOFaE3FCq7aaCThkq+5SuB1MwwRdRASiXXUjJ5cqsohjWjvTnaGTOp+Ctgn8ZP7azmnZmtdW/iTEiIGCAkRJEQ9QTB3pazLgB9ADR1mE/9TKoMWPP98RtJHk/O5vAp0cLK8z0NFg0tWkRraYhYLgdMj/y9YEK8pW4DxH81hNFYIM2DioaQnobbcPyVya0N46ZoNdSU4y0B3oOMbrUrAg/BhhCe4IREPXasSbR1RbCPwAVPYcCM5lh+8WkEKaqYkOt0hsFMtx3QtRc87enQRL+BKvAwjGbGINjaPGl3rY91ZeiviHWHrcdpkPIqEaeDWU3rx476uq4VCsCuMNXiehIHrKQnXggiN+GJ2SDaGRGJF21veFUdlg4roM9Z4WP0uJ1rqhBIMEIc35bVkPD/3FFPbmRPgmMGoV+3+9OsuWo+s4SasP8RNDmbaEgKKfqav4VuNYyi8mPR7noZO2ihqaGEpY06TnI+rrTqroSBhSBrcGTgK1XjzeO9Zn9gTpiltWIjMQ5T2ZtdTORl1uSo2mbfoSqpwNhlqOOM2yoqVTF7b6nXYgI6TgEJOnWJCIg0CxDip3aKoypl8yNcfVoxzPlC0miffmoDXD8VlGbZXqFZFzXYIbTB4DX2j9VnkqVkLfDcIPC3Dx6HjJhbWAR7QfYLkzjKwjhB6OeM5zvwcdbIFrtKY+39ENBd7Lzn2ce0ArxkSxqYiOk09sVGNF+NJP+3FYCGlHacqtbT1Ql6MxbqU6FAAGndmVUqFF/Kyfly3qiA1bE64N3BQyercmUwd/MSheE+qlH58hoTA3aprz261RRgWhqibUf+0nhR8PLe/h/ST94dCLBk1+nNQoZhIh6rMCV9hoA1A437Nn5og03iTL/yq0YB+3rcjevb+/iu1WzR/Bq53TKf5WhDV89BQL7YvpJZxMeac97JGRL6UXl1r7jawRqXUUtm6gwU+EgEWzIjf00u0NdRESFjFzqqoKs/hPx//4ACWm4VKBWl3CzJpSVuwVtXB1qIAYOVsEhqKgW1PmF2oYSjlrIcK/veSICoKtUi3cHRIcKOOoN72pA2teptRwr2V+nAUi0X9sy4uQKd7FplvWYyYEonipJ49PKe/ZUOuoRJFVAyTX+nHXeU97SdFfDxlYNta9cKX9gE2Aur8/HE8pqZ36tTe+RFHSYtl6uA3YxgWQ81gahrWpxQh8NNfoRWjah8vCeQ5AiHdb/lBy/e+7I/uF1qN+HwA8KX20LcNvIXRWEd0xMgXmlbSVpVTlf4eqJIY+lVLOsnszQU6Zm6iVTcxkiSN1AgxiIwtzGmsOBKlfAiTjG7m6HK9erfquOqaZY6aeKjlc3nbAMMR20OHpcSx0wmVBUmyNyQ+01sqBjoyG5RtHGBFouAykxqjkZ81Yh53UgkOdTyU7Jkv2egjiqiW31wwPxeW8MgTu/f2brX15V4yTuMSdkBaJfj3Wd7d7/dUKY/VtE8wGdbL6BOxy+1Ma8Xn2fE9Vqd7+tRohrdz16pCZuFWmOav4dv6SKF1a96llhMDddgLEVda1wn60n5odJn59gxDR0PRfQ1et6AAAVE1yf6gmtXT1v2CBGAHLp2d/SVeXjRs6jk82ilV61gcFUaks32RIbdD27l4dj2qQcMaqsqL6s5tqiJ3rhQoTo6Aww4oanHpnTw+Cv6d/Qu2RQfHpJXa4OI6w9LMBEZpCjNB8SWQh9/9gGftY2EjoJKtqGrNPz3drkFu+WOQ2+ZI6qFFbWZrM9gajHcEkidVODT1CXuhX267qVSeAcTyl/M+hkgBjKNLdw0uk1Mey4KpIE3PdSeqriKHKlI7HNutHMWiCOJjmTkix1JZ/1ZH3p0+G39ZRq/rRwlrf5leSxtM0QQmoS9mQxi3y1rVgqGprZZXLUWUnU1KYARx9NNXkb5oolV8sXV9kYVbl7xDSRVStsgUZH7d7etdj5dWgHiLduSAbPwYkm3AUWYzeTaFztzMw98QDXrsUK+KjnAvUIWAAyq2Qyx6lhEXOxWPJJgqqe7etUizkMC/pgDW8BAKEocgh5ojZkVVa2JJWKOGo3UwAvPbqkvQzOh2lwepAD4EdKqJEGt8H44GumAh3LuMd78LvpGXPtAk1E87fP0yD6P7o7fm33wA7sjh34/4AgFoFFz53aAAABhWlDQ1BJQ0MgcHJvZmlsZQAAeJx9kT1Iw1AUhU9TpSIVQQuKOGSoThZFRRy1CkWoEGqFVh1MXvojNGlIUlwcBdeCgz+LVQcXZ10dXAVB8AfEzc1J0UVKvC8ptIjxwuN9nHfP4b37AKFWYprVNgZoum2mEnExk10RQ68IIIIe9GFUZpYxK0lJ+NbXPXVT3cV4ln/fn9Wl5iwGBETiGWaYNvE68dSmbXDeJ46woqwSnxOPmHRB4keuKx6/cS64LPDMiJlOzRFHiMVCCystzIqmRjxJHFU1nfKFjMcq5y3OWqnCGvfkLwzn9OUlrtMaRAILWIQEEQoq2EAJNmK066RYSNF53Mc/4Polcink2gAjxzzK0CC7fvA/+D1bKz8x7iWF40D7i+N8DAGhXaBedZzvY8epnwDBZ+BKb/rLNWD6k/RqU4seAd3bwMV1U1P2gMsdoP/JkE3ZlYK0hHweeD+jb8oCvbdA56o3t8Y5Th+ANM0qeQMcHALDBcpe83l3R+vc/u1pzO8HfNVyqx132SsAAAAGYktHRAD/AP8A/6C9p5MAAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflARQSJCizuferAAARfElEQVR42u2daXgUVdbH/1VdvS/pLJ2drBBCAJFEBGRTQUQlgsArooMjcUMUEQeVcYRHYBREQVmEISo4qOgEFBUEDCgDBEElCUsIIUmbfU9636qru2o+BAORTtPd6TTB5z3P0x9IVdet++tzzz3n3HMvBK6ztBzaJ3I62Vhd3o+JPFXUTXRlmZKuuAhBanqMIDwyGSQJS1FhAYwakyhlIAhFSJVIJqkSxCWdlkRG6pXpw+3X8/2JQDfY8E2O1FTx2yh7c+MER1vLreBRI+wVJQLO6SDAcR6+NQlSJGb5fZI14NifqBDVCXF0TG7IrSOLlbeMtP3pANblbJfQBuNMc/HZBxxazXimVi3xe0d4PAgSB7TwI6P3S+ITP1ampBxT3naH44YGWLltc7L+l5+ynLq2LEdrY2TAtILiQ5A04De+Mnhj8KixH0fd+4D2hgJYs/OzDMPpU0ts5SWZTk0TeT1tFD+un0Xcb8CHoSNHr1aNm1DXqwHW5nwSrT9T+Ibt4rnZTn0bD71GOFCqmDZBbPwbsY9kfaAckmHqVQAb9+QQxnL1AsOJI686tc0q9FYhCAjiU4qlA2+a2++Fvx/rFQArP9oUY7xQ9Jm16NQ4OB24EYQUyxzitJvfi3rgweUhw0cbrxtA9Zb10/VHcjc5WurDcaMJQYAfGXcy5K77suJnP3EhoADrtm8mTC2aZYbD+17haKsAN7DwgsObQu6Z+nTinLnfBASg7lwhv2r9qjfttZWLOAeDP4OQ8mBGFBs3a9D6bV96/V1vbtYW/iJt3L/3e7qq/E8DDwBYo5ZvLSveod76r9cN5wq9UiqPXQ1LbbW4bvfOvcZDu+/An1A4luVpLhbfbueL+Zv3f/+jX4dw1eY1hP78uXdtpecWeByvdse+CyUInvoXSOITwDoc0J86CfPR/QB6pm0OgIXl4OAAgiDsgpCwh8fuzP3SbwBLVi5dYTxy4DUuAG4KPyEVya+9AVmf+Cu1A235v6Jq+d/A2W09Bq/DrokkTNjYu6YMWfz6/m7bwLK1b0435h16JRDwQPKQ+NLSTvDaky8kwoYNR+S8V3ocHgCwNgu/9cj3H5VkbxjQLYA1u3ak6vN+2MTZbfxA2CFx+igokvt1eV01cjQIvrBH4XVApG1RTT8e2Ko5/avcJ4BVW94lND8eyGaN2oA5yaLEfgDRtVXhBylBKoJ7HN7vYm9pGFHyr/WLfQJoaWh4kVYXjwnkTOjQuc86sbQNrNUSEHjtN3OwVqtfLly2eKRXAMvfWR5tVZeuAMsG1JUw5eWC1rR17cQXnwdnMQQGXoc9tFKmCvXm0/Nnkx4DpDXaTY7GanHAfTGrCVUffwAnffVMa2ttQW32uoDC62i7Rj2EDY1Z4JEbU/b28gzd0YM/czbzdcvniTPGIv6p5yBLSAIAtJzIQ132OjjqKwIOr8P+KkPrw9JvSRn02irzlX+nrrJ9pcVLugNPnD4ayjHjwROJYK2vhfbb/4DVt3r1DGv+UeiLxl4G+N1un+AJUoYgZMK9IOQKmJqb0LRnF5imGp/6xejaovXq8qcAvNslwN82rU3XHNid6Wt6KGr+a4ieNBkE7zL/qEmToV7zJqwFxwKqxarHX0TslOngCS+7PQn3ZuL8lo3Qfv+VbxBNppdKt6zbkvL0AotLG2guL32etZp9WsMInpGFmHvv7wQPAERhKiQvXAxSqggYPOnYexE346FO8ABAqAjCoGcWQBCT6BvAtqYofWXFQy4nkcoPNwTZaytn+Kp9ERMmdenDicIjEDRpesAARtw3BQTpWg8EMhmiHnjI52dbq3573CVAWqOZ49Q2S33ix+NDEBTk9h6JmwjDz6kICFUR7t8lMtrnpzOa5pGl27ZkXA2wutJnFeFYB5w07d5J1uu8fKj3U2b7bMuCuca7MGbfF+VYO01ozhRM6zSJNP1wILJu6/ujfX8qC+3pfIgnTe7ylqhJk2HXtEG7a2snOKRUAeV9D0IxJB18qbTDDAhDQjvuiXt8Hpx/aR85nNMJuq0VupPHYTy8B2CdHfBsQinin38Vivj4riE7nWg6fLBbOm7XaTIB/KPDDyx9e8UcXe7urd1KpMiU6Lt689XJAI67bBs5Ds0nj6N2zTKwRi3k46cgfs7TEKl8CLc5Dvqyi6h6bxVodRG4/kORsnAxlInJV7fb8RUOFfv3oGLtsu4ljcQSJD46t2/SzNlqHgA8Nbj/C47mupu7FUXYbdAeOQSnRAGeWAKOZWGqUKN6x7/hoGlI+8SBIElI+8QhaPR4cEoVkrKeBl8R5KOpIyAKDUPQ8FGwiRVIe/4lSMPbbZ/DasHFnM+hLSkGJZEC4GCorkR5zg7UbdvQ/YjJwQAC4ZnsYycLCUuVmlf29j9L6YtnkvwXk7HtH5LXEewopz6K+NlZ4Mtk/muG46DRaABwCA0NAwAY62pxfsMamE8dvayJrLP9XQj/FWIII2I2jv1873zKUFYmdTTXJ/h3IiTbP1cmAr7eDsu5AiQuWgJ5UrLf4Fks7ZGVXGZD088noF63Ek59WydNBY/y+1zP0rZhAEDa66uGOfVtASkAsquLUPr8o7A2NfoVHgCU/3AQpcsXdYbXk86SUDz04vrVIspcWxsfyLQV57CDZexwdMOV0Op0MJs6f99pD2yhKtNSzxcn9u1DOZsbEgPaMsehZN4jVw1xT8XCcmBc/OBcgOtyOI4jmg99l0A5GEdwoAFyNu+zyhwACwc43DrYRED7wcpDgylBqGpwoJQ/KPMRxEyfCYLkeQmPg6atFTba/Zs6rRY0blkHR91vAemPQCQYTDlaGwP2owVl3ApJVLS3QwUajQacXAGh/Nr3iwanwxQggNaKUpCs1YzeKq5m294kDqMB5P/D61biBxQp7l5kQErkkE+YAnFCEuiGOhj+ewDOls613IRIAtmYSZDExPQ4vLD0W4CWRpgKjrvM6ChGT4TypnSwjB2aE8dgKfrV575TMgUoShUJlBX59ADJbXch6bm/QXQpjAIAZuYjqNyWDVtFORQjxiBo8M2QxSeAkkoDonkxt41B0u3jQet00FWo0VqYD82Rg+DsNAYtW42Q/gNAXArp2OkzUZt3FOUrF4NzOr1uS5ycCuLMc1kb6Yunn/WafmQ8Bm7cBr5c4SIUZi9FdFdbCJZhwBj0XTvJeh0sZh/gEQQkIWFQRUSA94dlBZZhwJhNECpde2xlX+1E9aZVXjcpHzZuOsUTUD5tQgmd9rBLeH8Ex7EsbC3NMJSWwFB4Csa8Q+DMetd+HsuBYX1beyQIAlR4LLQTMxEycDCUiYkQBikBggDJ53cJDwDixt+Fmuw18KpolCDAZyxGigqP9mmxVZrgPnnDGPSo378XhhNHQV8sRKdw0UVWxMJyYLqxbstxHJj6CtR/vB71AAhKAPnw2xE6bATC04dBFt21+ySQySFMTIWt7JwX/EgufGJmJSWJiqwwEGR7+snLKdxtyNVQj5ata6+ODkgSKRs+hSBI2aF57U4y3a3JzHTxAlqz13SKuQ3Hc2E4ngvtnZOR8WrXSVTW4YBT510SQhARw1gry2soW031SV6wivV2S5bulxMIHzW2yxyb7uxp16GV0wlSIIBIFd4xYbBSGQTS7nkDnJuhb8w/AVqvax/SLkRfVQmmuc6rfCFLWwtT5i60kbGPPknzZIpib1/YkPslWn7+yfULlZagdfv7XdoOQ8kF//p5HAfL2YKuQzx9G0o//xSsCxtnNxpR+uEmr5OtpFD8a7sbF5fI8kLC8n156eoVL6H6qxxYGxvgMBlha21B/YHvoH51vttS3Oad29FSV+s3J9lSWwPrKfeVD827tuH0OyuhLSsFbdCDNujRfLoA+a8vhrkgz/s5oG9qYUf6ouzdlXO0+3Z2b1FJLAVrs1xzOfL32VY0aQaiZszqcgHcU3FaLaheuxJMeZHHPzzBF3TYSV8yODyJDElPLuibMGWGmgQAYUTEN1RkXLc6wlrNHsNzcIBp/y40/OczOLuhhXRzE2o2rPEc3iUTwjmYSy6Lb+kvKiyyMGHKDDVwaWE97uEsDRWqykMPiqsSM1PuV6C0WgQHB0MsFoPRakC3NLv9gKYhlUoRFqaCNf9X2C8UBDwEFqoi93XA7AhLEpK/tJ3PHx0oeAAgiE1C5JChoMRi8J1OnFuyEKzF/eZJxei7MWzpPwGCQNzESWjO+Sig8EiRhBNQ5LaOf3d0JjR0Gy80yhwoeAAQO2sOKHF7IWxd3jGwZkO7GXDzMeTlQlNe2g4zPhHBE6cFFKAgLPLE0JXr1FcBjJ/9pF4Yl7QrUPCo0CjEjGqvYWcsZtTu+NBThw/Ve77uCN/iMqeip3YwueqRtG//TirfaQqUp6atJ6UKtqfhETweoqbNgkDWnmJuKsgH01Tr8bM1B7+BqaEeABDSrz9k6aMDo30RfRpC+vb7okuA8VnPFAii4/f0FDxh0gCkrdyEUTm56Dt9ZkempDrnE++ez9CoOXigvQMUhYzlb2Hkjn1IWLAEpEjScwCVyrcTHp5j6RIgAEgHDl5BSuROv8NLHoiMVesQNWw4hEFKkBTVoY2ht43zLvPCFyBsaMZlcyASQxIegeTMqRj4xnoQFL8nbF99cOrA7KsmlT/+IfnZRfmS9JF7/T1s+819AeIrStauTH0l3z8NfC/80IgZj0E1eIjLa+FDhiJ82qP+pUeQkKakLUtdsNh8TYAAII6ImMePTbb6zebxBQhJSenaMZVIEDJuosdthaXf4v56xjC/8hP3TTstE1IuZzmXABPnLqyXpA5cAg/Xb6+5D4NHgScUuffuxZ7v6+EJ3B/TwJdK/QaPJ5E7lKkD56UueYv1GCAAyOL6rBWnDT3WbXgAONoGs7uCIo6DsazE406Z690fQGSqrfUbQEnf1LcGLVx8okvHuqsLMbMe58ImZj5BhUY2dwfe775bTe6+LmPltoslMJ70eJc9anbtAGNxXR7CmM2o2fWZf0K26PjjIrl8qdvIxN3FqHsyS4Nuv3seIRTbfYZ3SRp2ZEO9ZzecdrqT5mlKS3D+jde8WhWj1edRtHk96D8Urtt0Wpx7/13Q5UV+GLqyhpipM5+4ecUat36xR+mI0vdWLdd///WS9vRP9/aeCZMHImzcBPAkUhiKzkB3dD98La/jKcMQelcmxNF9YK2rQdvBb/1SH8iTKZjIyTOmpD01/5pb/j0C2PDFVqLl6OHVNvWFRRzLdnvjXm8WguTZxTF9Hh71790eHTrhUTYz6qEsjiLZl6WjJuZYnOyfFh4pkXPC2MS/egrPYw38XbTnz0rLc3Z8oTuWOzlwAXygNI+0S28a8dSINRu3EwTB9QhAAPgBIPj/N3G1XadZ5Es5RG8UnljGCJRBs0Z/trdnj34CgPEAFzbo5pdDxty9lKAo+w0/bIWihrA7Jk3xBZ5PGnilnPr7C3cbigq2Oc3GqBtw0EIQFnEy4s5JWalzFwT2+LsrpXj96piWvMObGE3L/Rx7YwxpUiB0iKLjVqc8/uwq1ahx1+8Axt9Fnf0e0Xru7GOWmsq3HAatqjfDE8YmFUvCw5+45Z3NJ/yjx36Usk8+jG7M3fsKYzQ+6zRoetUhtDyRtF6S3P+d1HkvfqAcMKh3HUJ7lUbmfJrRmv/LEmPhyQmcg5FeT3T8kPA2RfrIT4P69lue/OAjGv9b0h6U/EXPxFpaWp5xGnVZjK4tcAdx83iggkIKxbEJn/BZZkv6+m2WHmsrEB0q3fi22KzT32NtrH/MVlU+wmk2+t1OEiQJKii0QpI25DBhMW5OuG/KadWd99zYR8G7kjNLXxSy4N1mrqkax3HcHU6LOc2hbQ7lWNaL/4yAAMkXsLygkCpKpjhHUtR/lalpR0Ry+dmkJ+YHdM8Xgess5dnrBKLEfnEN3+5MhFIV72ioirfWVcFJ05Ddekck09psslcUmyiJFNJ+aXASvLOyyEitYuiIQsqs00dPefC6Hl79P/rx/H+/MUfaAAAAAElFTkSuQmCC + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - hive.openshift.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - hiveinternal.openshift.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - extensions.hive.openshift.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - velero.io + resources: + - backups + verbs: + - create + - apiGroups: + - '' + resources: + - serviceaccounts + - serviceaccounts/finalizers + - secrets + - secrets/finalizers + - services + - services/finalizers + - endpoints + - events + - configmaps + - namespaces + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + - apiservices/finalizers + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + - daemonsets + - daemonsets/finalizers + - statefulsets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - monitoring.coreos.com + resources: + - prometheusrules + - servicemonitors + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - get + - list + - watch + - apiGroups: + - authorization.openshift.io + resources: + - clusterroles + - clusterrolebindings + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - '' + resources: + - pods + - pods/log + verbs: + - get + - list + - watch + - apiGroups: + - admission.hive.openshift.io + resources: + - dnszones + verbs: + - get + - list + - watch + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - admission.hive.openshift.io + resources: + - clusterdeployments + - clusterimagesets + - clusterprovisions + - dnszones + - machinepools + - selectorsyncsets + - syncsets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - flowcontrol.apiserver.k8s.io + resources: + - prioritylevelconfigurations + - flowschemas + verbs: + - get + - list + - watch + - apiGroups: + - config.openshift.io + resources: + - proxies + verbs: + - get + - list + - watch + serviceAccountName: hive-operator + deployments: + - name: hive-operator + spec: + replicas: 1 + revisionHistoryLimit: 4 + selector: + matchLabels: + control-plane: hive-operator + controller-tools.k8s.io: '1.0' + strategy: + type: Recreate + template: + metadata: + labels: + control-plane: hive-operator + controller-tools.k8s.io: '1.0' + spec: + containers: + - command: + - /opt/services/hive-operator + - --log-level + - info + env: + - name: CLI_CACHE_DIR + value: /var/cache/kubectl + - name: HIVE_OPERATOR_NS + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/app-sre/hive:412cf72dcc + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 8080 + name: hive-operator + ports: + - containerPort: 2112 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8080 + resources: + requests: + cpu: 100m + memory: 256Mi + volumeMounts: + - mountPath: /var/cache/kubectl + name: kubectl-cache + serviceAccountName: hive-operator + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: {} + name: kubectl-cache + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - kubernetes + - openshift + - multi-cluster + - cluster + links: + - name: Hive GitHub + url: https://github.com/openshift/hive + - name: 'Hive: Cluster-as-a-Service' + url: https://www.openshift.com/blog/openshift-hive-cluster-as-a-service + - name: OpenShift + url: https://www.openshift.com/ + maintainers: + - email: openshift-hive-team@redhat.com + name: Hive Team + maturity: alpha + provider: + name: Red Hat + replaces: hive-operator.v1.2.4325-55a3d51 + version: 1.2.4336-412cf72 diff --git a/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_checkpoints.yaml b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_checkpoints.yaml new file mode 100644 index 00000000000..03dfa7eecb1 --- /dev/null +++ b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_checkpoints.yaml @@ -0,0 +1,70 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: checkpoints.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: Checkpoint + listKind: CheckpointList + plural: checkpoints + singular: checkpoint + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Checkpoint is the Schema for the backup of Hive objects. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CheckpointSpec defines the metadata around the Hive objects + state in the namespace at the time of the last backup. + properties: + lastBackupChecksum: + description: LastBackupChecksum is the checksum of all Hive objects + in the namespace at the time of the last backup. + type: string + lastBackupRef: + description: LastBackupRef is a reference to last backup object created + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + lastBackupTime: + description: LastBackupTime is the last time we performed a backup + of the namespace + format: date-time + type: string + required: + - lastBackupChecksum + - lastBackupRef + - lastBackupTime + type: object + status: + description: CheckpointStatus defines the observed state of Checkpoint + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterclaims.yaml b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterclaims.yaml new file mode 100644 index 00000000000..7ce082122cc --- /dev/null +++ b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterclaims.yaml @@ -0,0 +1,161 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: clusterclaims.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: ClusterClaim + listKind: ClusterClaimList + plural: clusterclaims + singular: clusterclaim + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.clusterPoolName + name: Pool + type: string + - jsonPath: .status.conditions[?(@.type=='Pending')].reason + name: Pending + type: string + - jsonPath: .spec.namespace + name: ClusterNamespace + type: string + - jsonPath: .status.conditions[?(@.type=='ClusterRunning')].reason + name: ClusterRunning + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: ClusterClaim represents a claim to a cluster from a cluster pool. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterClaimSpec defines the desired state of the ClusterClaim. + properties: + clusterPoolName: + description: ClusterPoolName is the name of the cluster pool from + which to claim a cluster. + type: string + lifetime: + description: 'Lifetime is the maximum lifetime of the claim after + it is assigned a cluster. If the claim still exists when the lifetime + has elapsed, the claim will be deleted by Hive. This is a Duration + value; see https://pkg.go.dev/time#ParseDuration for accepted formats. + Note: due to discrepancies in validation vs parsing, we use a Pattern + instead of `Format=duration`. See https://bugzilla.redhat.com/show_bug.cgi?id=2050332 + https://github.com/kubernetes/apimachinery/issues/131 https://github.com/kubernetes/apiextensions-apiserver/issues/56' + pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + namespace: + description: Namespace is the namespace containing the ClusterDeployment + (name will match the namespace) of the claimed cluster. This field + will be set as soon as a suitable cluster can be found, however + that cluster may still be resuming and not yet ready for use. Wait + for the ClusterRunning condition to be true to avoid this issue. + type: string + subjects: + description: Subjects hold references to which to authorize access + to the claimed cluster. + items: + description: Subject contains a reference to the object or user + identities a role binding applies to. This can either hold a + direct API object reference, or a value for non-objects such as + user and group names. + properties: + apiGroup: + description: APIGroup holds the API group of the referenced + subject. Defaults to "" for ServiceAccount subjects. Defaults + to "rbac.authorization.k8s.io" for User and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined + by this API group are "User", "Group", and "ServiceAccount". + If the Authorizer does not recognized the kind value, the + Authorizer should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + namespace: + description: Namespace of the referenced object. If the object + kind is non-namespace, such as "User" or "Group", and this + value is not empty the Authorizer should report an error. + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + type: array + required: + - clusterPoolName + type: object + status: + description: ClusterClaimStatus defines the observed state of ClusterClaim. + properties: + conditions: + description: Conditions includes more detailed status for the cluster + pool. + items: + description: ClusterClaimCondition contains details for the current + condition of a cluster claim. + properties: + lastProbeTime: + description: LastProbeTime is the last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about last transition. + type: string + reason: + description: Reason is a unique, one-word, CamelCase reason + for the condition's last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - status + - type + type: object + type: array + lifetime: + description: Lifetime is the maximum lifetime of the claim after it + is assigned a cluster. If the claim still exists when the lifetime + has elapsed, the claim will be deleted by Hive. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterdeploymentcustomizations.yaml b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterdeploymentcustomizations.yaml new file mode 100644 index 00000000000..3663ba67af2 --- /dev/null +++ b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterdeploymentcustomizations.yaml @@ -0,0 +1,131 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: clusterdeploymentcustomizations.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: ClusterDeploymentCustomization + listKind: ClusterDeploymentCustomizationList + plural: clusterdeploymentcustomizations + singular: clusterdeploymentcustomization + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: ClusterDeploymentCustomization is the Schema for clusterdeploymentcustomizations + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterDeploymentCustomizationSpec defines the desired state + of ClusterDeploymentCustomization. + properties: + installConfigPatches: + description: InstallConfigPatches is a list of patches to be applied + to the install-config. + items: + description: PatchEntity represent a json patch (RFC 6902) to be + applied to the install-config + properties: + from: + description: From is the json path to copy or move the value + from + type: string + op: + description: 'Op is the operation to perform: add, remove, replace, + move, copy, test' + type: string + path: + description: Path is the json path to the value to be modified + type: string + value: + description: Value is the value to be used in the operation + type: string + required: + - op + - path + - value + type: object + type: array + type: object + status: + description: ClusterDeploymentCustomizationStatus defines the observed + state of ClusterDeploymentCustomization. + properties: + clusterDeploymentRef: + description: ClusterDeploymentRef is a reference to the cluster deployment + that this customization is applied on. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + clusterPoolRef: + description: ClusterPoolRef is the name of the current cluster pool + the CDC used at. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + conditions: + description: Conditions describes the state of the operator's reconciliation + functionality. + items: + description: Condition represents the state of the operator's reconciliation + functionality. + properties: + lastHeartbeatTime: + format: date-time + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + description: ConditionType is the state of the operator's reconciliation + functionality. + type: string + required: + - status + - type + type: object + type: array + lastAppliedConfiguration: + description: LastAppliedConfiguration contains the last applied patches + to the install-config. The information will retain for reference + in case the customization is updated. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterdeployments.yaml b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterdeployments.yaml new file mode 100644 index 00000000000..86515c22d1d --- /dev/null +++ b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterdeployments.yaml @@ -0,0 +1,1245 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: clusterdeployments.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: ClusterDeployment + listKind: ClusterDeploymentList + plural: clusterdeployments + shortNames: + - cd + singular: clusterdeployment + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.clusterMetadata.infraID + name: InfraID + type: string + - jsonPath: .metadata.labels.hive\.openshift\.io/cluster-platform + name: Platform + type: string + - jsonPath: .metadata.labels.hive\.openshift\.io/cluster-region + name: Region + type: string + - jsonPath: .metadata.labels.hive\.openshift\.io/version + name: Version + type: string + - jsonPath: .metadata.labels.hive\.openshift\.io/cluster-type + name: ClusterType + type: string + - jsonPath: .status.conditions[?(@.type=='Provisioned')].reason + name: ProvisionStatus + type: string + - jsonPath: .status.powerState + name: PowerState + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: ClusterDeployment is the Schema for the clusterdeployments API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterDeploymentSpec defines the desired state of ClusterDeployment + properties: + baseDomain: + description: BaseDomain is the base domain to which the cluster should + belong. + type: string + boundServiceAccountSigningKeySecretRef: + description: BoundServiceAccountSignkingKeySecretRef refers to a Secret + that contains a 'bound-service-account-signing-key.key' data key + pointing to the private key that will be used to sign ServiceAccount + objects. Primarily used to provision AWS clusters to use Amazon's + Security Token Service. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + certificateBundles: + description: CertificateBundles is a list of certificate bundles associated + with this cluster + items: + description: CertificateBundleSpec specifies a certificate bundle + associated with a cluster deployment + properties: + certificateSecretRef: + description: CertificateSecretRef is the reference to the secret + that contains the certificate bundle. If the certificate bundle + is to be generated, it will be generated with the name in + this reference. Otherwise, it is expected that the secret + should exist in the same namespace as the ClusterDeployment + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + generate: + description: Generate indicates whether this bundle should have + real certificates generated for it. + type: boolean + name: + description: Name is an identifier that must be unique within + the bundle and must be referenced by an ingress or by the + control plane serving certs + type: string + required: + - certificateSecretRef + - name + type: object + type: array + clusterInstallRef: + description: ClusterInstallLocalReference provides reference to an + object that implements the hivecontract ClusterInstall. The namespace + of the object is same as the ClusterDeployment. This cannot be set + when Provisioning is also set. + properties: + group: + type: string + kind: + type: string + name: + type: string + version: + type: string + required: + - group + - kind + - name + - version + type: object + clusterMetadata: + description: ClusterMetadata contains metadata information about the + installed cluster. + properties: + adminKubeconfigSecretRef: + description: AdminKubeconfigSecretRef references the secret containing + the admin kubeconfig for this cluster. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + adminPasswordSecretRef: + description: AdminPasswordSecretRef references the secret containing + the admin username/password which can be used to login to this + cluster. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + clusterID: + description: ClusterID is a globally unique identifier for this + cluster generated during installation. Used for reporting metrics + among other places. + type: string + infraID: + description: InfraID is an identifier for this cluster generated + during installation and used for tagging/naming resources in + cloud providers. + type: string + platform: + description: Platform holds platform-specific cluster metadata + properties: + aws: + description: AWS holds AWS-specific cluster metadata + properties: + hostedZoneRole: + description: HostedZoneRole is the role to assume when + performing operations on a hosted zone owned by another + account. + type: string + type: object + azure: + description: Azure holds azure-specific cluster metadata + properties: + resourceGroupName: + description: ResourceGroupName is the name of the resource + group in which the cluster resources were created. + type: string + required: + - resourceGroupName + type: object + gcp: + description: GCP holds GCP-specific cluster metadata + properties: + networkProjectID: + description: NetworkProjectID is used for shared VPC setups + type: string + type: object + type: object + required: + - adminKubeconfigSecretRef + - clusterID + - infraID + type: object + clusterName: + description: ClusterName is the friendly name of the cluster. It is + used for subdomains, some resource tagging, and other instances + where a friendly name for the cluster is useful. + type: string + clusterPoolRef: + description: ClusterPoolRef is a reference to the ClusterPool that + this ClusterDeployment originated from. + properties: + claimName: + description: ClaimName is the name of the ClusterClaim that claimed + the cluster from the pool. + type: string + claimedTimestamp: + description: ClaimedTimestamp is the time this cluster was assigned + to a ClusterClaim. This is only used for ClusterDeployments + belonging to ClusterPools. + format: date-time + type: string + clusterDeploymentCustomization: + description: CustomizationRef is the ClusterPool Inventory claimed + customization for this ClusterDeployment. The Customization + exists in the ClusterPool namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + namespace: + description: Namespace is the namespace where the ClusterPool + resides. + type: string + poolName: + description: PoolName is the name of the ClusterPool for which + the cluster was created. + type: string + required: + - namespace + - poolName + type: object + controlPlaneConfig: + description: ControlPlaneConfig contains additional configuration + for the target cluster's control plane + properties: + apiServerIPOverride: + description: APIServerIPOverride is the optional override of the + API server IP address. Hive will use this IP address for creating + TCP connections. Port from the original API server URL will + be used. This field can be used when repointing the APIServer's + DNS is not viable option. + type: string + apiURLOverride: + description: APIURLOverride is the optional URL override to which + Hive will transition for communication with the API server of + the remote cluster. When a remote cluster is created, Hive will + initially communicate using the API URL established during installation. + If an API URL Override is specified, Hive will periodically + attempt to connect to the remote cluster using the override + URL. Once Hive has determined that the override URL is active, + Hive will use the override URL for further communications with + the API server of the remote cluster. + type: string + servingCertificates: + description: ServingCertificates specifies serving certificates + for the control plane + properties: + additional: + description: Additional is a list of additional domains and + certificates that are also associated with the control plane's + api endpoint. + items: + description: ControlPlaneAdditionalCertificate defines an + additional serving certificate for a control plane + properties: + domain: + description: Domain is the domain of the additional + control plane certificate + type: string + name: + description: Name references a CertificateBundle in + the ClusterDeployment.Spec that should be used for + this additional certificate. + type: string + required: + - domain + - name + type: object + type: array + default: + description: Default references the name of a CertificateBundle + in the ClusterDeployment that should be used for the control + plane's default endpoint. + type: string + type: object + type: object + hibernateAfter: + description: 'HibernateAfter will transition a cluster to hibernating + power state after it has been running for the given duration. The + time that a cluster has been running is the time since the cluster + was installed or the time since the cluster last came out of hibernation. + This is a Duration value; see https://pkg.go.dev/time#ParseDuration + for accepted formats. Note: due to discrepancies in validation vs + parsing, we use a Pattern instead of `Format=duration`. See https://bugzilla.redhat.com/show_bug.cgi?id=2050332 + https://github.com/kubernetes/apimachinery/issues/131 https://github.com/kubernetes/apiextensions-apiserver/issues/56' + pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + ingress: + description: Ingress allows defining desired clusteringress/shards + to be configured on the cluster. + items: + description: ClusterIngress contains the configurable pieces for + any ClusterIngress objects that should exist on the cluster. + properties: + domain: + description: Domain (sometimes referred to as shard) is the + full DNS suffix that the resulting IngressController object + will service (eg abcd.mycluster.mydomain.com). + type: string + httpErrorCodePages: + description: HttpErrorCodePages allows configuring custom HTTP + error pages using the IngressController object + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + name: + description: Name of the ClusterIngress object to create. + type: string + namespaceSelector: + description: NamespaceSelector allows filtering the list of + namespaces serviced by the ingress controller. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + routeSelector: + description: RouteSelector allows filtering the set of Routes + serviced by the ingress controller + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + servingCertificate: + description: ServingCertificate references a CertificateBundle + in the ClusterDeployment.Spec that should be used for this + Ingress + type: string + required: + - domain + - name + type: object + type: array + installAttemptsLimit: + description: InstallAttemptsLimit is the maximum number of times Hive + will attempt to install the cluster. + format: int32 + type: integer + installed: + description: Installed is true if the cluster has been installed + type: boolean + manageDNS: + description: ManageDNS specifies whether a DNSZone should be created + and managed automatically for this ClusterDeployment + type: boolean + platform: + description: Platform is the configuration for the specific platform + upon which to perform the installation. + properties: + agentBareMetal: + description: AgentBareMetal is the configuration used when performing + an Assisted Agent based installation to bare metal. + properties: + agentSelector: + description: AgentSelector is a label selector used for associating + relevant custom resources with this cluster. (Agent, BareMetalHost, + etc) + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - agentSelector + type: object + alibabacloud: + description: AlibabaCloud is the configuration used when installing + on Alibaba Cloud + properties: + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that + contains Alibaba Cloud account access credentials. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + region: + description: Region specifies the Alibaba Cloud region where + the cluster will be created. + type: string + required: + - credentialsSecretRef + - region + type: object + aws: + description: AWS is the configuration used when installing on + AWS. + properties: + credentialsAssumeRole: + description: CredentialsAssumeRole refers to the IAM role + that must be assumed to obtain AWS account access for the + cluster operations. + properties: + externalID: + description: 'ExternalID is random string generated by + platform so that assume role is protected from confused + deputy problem. more info: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html' + type: string + roleARN: + type: string + required: + - roleARN + type: object + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that + contains the AWS account access credentials. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + privateLink: + description: PrivateLink allows uses to enable access to the + cluster's API server using AWS PrivateLink. AWS PrivateLink + includes a pair of VPC Endpoint Service and VPC Endpoint + accross AWS accounts and allows clients to connect to services + using AWS's internal networking instead of the Internet. + properties: + additionalAllowedPrincipals: + description: AdditionalAllowedPrincipals is a list of + additional allowed principal ARNs to be configured for + the Private Link cluster's VPC Endpoint Service. ARNs + provided as AdditionalAllowedPrincipals will be configured + for the cluster's VPC Endpoint Service in addition to + the IAM entity used by Hive. + items: + type: string + type: array + enabled: + type: boolean + required: + - enabled + type: object + region: + description: Region specifies the AWS region where the cluster + will be created. + type: string + userTags: + additionalProperties: + type: string + description: UserTags specifies additional tags for AWS resources + created for the cluster. + type: object + required: + - region + type: object + azure: + description: Azure is the configuration used when installing on + Azure. + properties: + baseDomainResourceGroupName: + description: BaseDomainResourceGroupName specifies the resource + group where the azure DNS zone for the base domain is found + type: string + cloudName: + description: cloudName is the name of the Azure cloud environment + which can be used to configure the Azure SDK with the appropriate + Azure API endpoints. If empty, the value is equal to "AzurePublicCloud". + enum: + - "" + - AzurePublicCloud + - AzureUSGovernmentCloud + - AzureChinaCloud + - AzureGermanCloud + type: string + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that + contains the Azure account access credentials. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + region: + description: Region specifies the Azure region where the cluster + will be created. + type: string + required: + - credentialsSecretRef + - region + type: object + baremetal: + description: BareMetal is the configuration used when installing + on bare metal. + properties: + libvirtSSHPrivateKeySecretRef: + description: LibvirtSSHPrivateKeySecretRef is the reference + to the secret that contains the private SSH key to use for + access to the libvirt provisioning host. The SSH private + key is expected to be in the secret data under the "ssh-privatekey" + key. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - libvirtSSHPrivateKeySecretRef + type: object + gcp: + description: GCP is the configuration used when installing on + Google Cloud Platform. + properties: + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that + contains the GCP account access credentials. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + region: + description: Region specifies the GCP region where the cluster + will be created. + type: string + required: + - credentialsSecretRef + - region + type: object + ibmcloud: + description: IBMCloud is the configuration used when installing + on IBM Cloud + properties: + accountID: + description: AccountID is the IBM Cloud Account ID. AccountID + is DEPRECATED and is gathered via the IBM Cloud API for + the provided credentials. This field will be ignored. + type: string + cisInstanceCRN: + description: CISInstanceCRN is the IBM Cloud Internet Services + Instance CRN CISInstanceCRN is DEPRECATED and gathered via + the IBM Cloud API for the provided credentials and cluster + deployment base domain. This field will be ignored. + type: string + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that + contains IBM Cloud account access credentials. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + region: + description: Region specifies the IBM Cloud region where the + cluster will be created. + type: string + required: + - credentialsSecretRef + - region + type: object + none: + description: None indicates platform-agnostic install. https://docs.openshift.com/container-platform/4.7/installing/installing_platform_agnostic/installing-platform-agnostic.html + type: object + openstack: + description: OpenStack is the configuration used when installing + on OpenStack + properties: + certificatesSecretRef: + description: "CertificatesSecretRef refers to a secret that + contains CA certificates necessary for communicating with + the OpenStack. There is additional configuration required + for the OpenShift cluster to trust the certificates provided + in this secret. The \"clouds.yaml\" file included in the + credentialsSecretRef Secret must also include a reference + to the certificate bundle file for the OpenShift cluster + being created to trust the OpenStack endpoints. The \"clouds.yaml\" + file must set the \"cacert\" field to either \"/etc/openstack-ca/\" or \"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem\". + \n For example, \"\"\"clouds.yaml clouds: shiftstack: auth: + ... cacert: \"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem\" + \"\"\"" + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + cloud: + description: Cloud will be used to indicate the OS_CLOUD value + to use the right section from the clouds.yaml in the CredentialsSecretRef. + type: string + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that + contains the OpenStack account access credentials. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + trunkSupport: + description: TrunkSupport indicates whether or not to use + trunk ports in your OpenShift cluster. + type: boolean + required: + - cloud + - credentialsSecretRef + type: object + ovirt: + description: Ovirt is the configuration used when installing on + oVirt + properties: + certificatesSecretRef: + description: CertificatesSecretRef refers to a secret that + contains the oVirt CA certificates necessary for communicating + with oVirt. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + credentialsSecretRef: + description: 'CredentialsSecretRef refers to a secret that + contains the oVirt account access credentials with fields: + ovirt_url, ovirt_username, ovirt_password, ovirt_ca_bundle' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + ovirt_cluster_id: + description: The target cluster under which all VMs will run + type: string + ovirt_network_name: + description: The target network of all the network interfaces + of the nodes. Omitting defaults to ovirtmgmt network which + is a default network for evert ovirt cluster. + type: string + storage_domain_id: + description: The target storage domain under which all VM + disk would be created. + type: string + required: + - certificatesSecretRef + - credentialsSecretRef + - ovirt_cluster_id + - storage_domain_id + type: object + vsphere: + description: VSphere is the configuration used when installing + on vSphere + properties: + certificatesSecretRef: + description: CertificatesSecretRef refers to a secret that + contains the vSphere CA certificates necessary for communicating + with the VCenter. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + cluster: + description: Cluster is the name of the cluster virtual machines + will be cloned into. + type: string + credentialsSecretRef: + description: 'CredentialsSecretRef refers to a secret that + contains the vSphere account access credentials: GOVC_USERNAME, + GOVC_PASSWORD fields.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + datacenter: + description: Datacenter is the name of the datacenter to use + in the vCenter. + type: string + defaultDatastore: + description: DefaultDatastore is the default datastore to + use for provisioning volumes. + type: string + folder: + description: Folder is the name of the folder that will be + used and/or created for virtual machines. + type: string + network: + description: Network specifies the name of the network to + be used by the cluster. + type: string + vCenter: + description: VCenter is the domain name or IP address of the + vCenter. + type: string + required: + - certificatesSecretRef + - credentialsSecretRef + - datacenter + - defaultDatastore + - vCenter + type: object + type: object + powerState: + description: PowerState indicates whether a cluster should be running + or hibernating. When omitted, PowerState defaults to the Running + state. + enum: + - "" + - Running + - Hibernating + type: string + preserveOnDelete: + description: PreserveOnDelete allows the user to disconnect a cluster + from Hive without deprovisioning it. This can also be used to abandon + ongoing cluster deprovision. + type: boolean + provisioning: + description: Provisioning contains settings used only for initial + cluster provisioning. May be unset in the case of adopted clusters. + properties: + imageSetRef: + description: ImageSetRef is a reference to a ClusterImageSet. + If a value is specified for ReleaseImage, that will take precedence + over the one from the ClusterImageSet. + properties: + name: + description: Name is the name of the ClusterImageSet that + this refers to + type: string + required: + - name + type: object + installConfigSecretRef: + description: InstallConfigSecretRef is the reference to a secret + that contains an openshift-install InstallConfig. This file + will be passed through directly to the installer. Any version + of InstallConfig can be used, provided it can be parsed by the + openshift-install version for the release you are provisioning. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + installerEnv: + description: InstallerEnv are extra environment variables to pass + through to the installer. This may be used to enable additional + features of the installer. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + installerImageOverride: + description: InstallerImageOverride allows specifying a URI for + the installer image, normally gleaned from the metadata within + the ReleaseImage. + type: string + manifestsConfigMapRef: + description: ManifestsConfigMapRef is a reference to user-provided + manifests to add to or replace manifests that are generated + by the installer. It serves the same purpose as, and is mutually + exclusive with, ManifestsSecretRef. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + manifestsSecretRef: + description: ManifestsSecretRef is a reference to user-provided + manifests to add to or replace manifests that are generated + by the installer. It serves the same purpose as, and is mutually + exclusive with, ManifestsConfigMapRef. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + releaseImage: + description: ReleaseImage is the image containing metadata for + all components that run in the cluster, and is the primary and + best way to specify what specific version of OpenShift you wish + to install. + type: string + sshKnownHosts: + description: SSHKnownHosts are known hosts to be configured in + the hive install manager pod to avoid ssh prompts. Use of ssh + in the install pod is somewhat limited today (failure log gathering + from cluster, some bare metal provisioning scenarios), so this + setting is often not needed. + items: + type: string + type: array + sshPrivateKeySecretRef: + description: SSHPrivateKeySecretRef is the reference to the secret + that contains the private SSH key to use for access to compute + instances. This private key should correspond to the public + key included in the InstallConfig. The private key is used by + Hive to gather logs on the target cluster if there are install + failures. The SSH private key is expected to be in the secret + data under the "ssh-privatekey" key. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: object + pullSecretRef: + description: PullSecretRef is the reference to the secret to use when + pulling images. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - baseDomain + - clusterName + - platform + type: object + status: + description: ClusterDeploymentStatus defines the observed state of ClusterDeployment + properties: + apiURL: + description: APIURL is the URL where the cluster's API can be accessed. + type: string + certificateBundles: + description: CertificateBundles contains of the status of the certificate + bundles associated with this cluster deployment. + items: + description: CertificateBundleStatus specifies whether a certificate + bundle was generated for this cluster deployment. + properties: + generated: + description: Generated indicates whether the certificate bundle + was generated + type: boolean + name: + description: Name of the certificate bundle + type: string + required: + - generated + - name + type: object + type: array + cliImage: + description: CLIImage is the name of the oc cli image to use when + installing the target cluster + type: string + conditions: + description: Conditions includes more detailed status for the cluster + deployment + items: + description: ClusterDeploymentCondition contains details for the + current condition of a cluster deployment + properties: + lastProbeTime: + description: LastProbeTime is the last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about last transition. + type: string + reason: + description: Reason is a unique, one-word, CamelCase reason + for the condition's last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - status + - type + type: object + type: array + installRestarts: + description: InstallRestarts is the total count of container restarts + on the clusters install job. + type: integer + installStartedTimestamp: + description: InstallStartedTimestamp is the time when all pre-requisites + were met and cluster installation was launched. + format: date-time + type: string + installVersion: + description: InstallVersion is the version of OpenShift as reported + by the release image resolved for the installation. + type: string + installedTimestamp: + description: InstalledTimestamp is the time we first detected that + the cluster has been successfully installed. + format: date-time + type: string + installerImage: + description: InstallerImage is the name of the installer image to + use when installing the target cluster + type: string + platformStatus: + description: Platform contains the observed state for the specific + platform upon which to perform the installation. + properties: + aws: + description: AWS is the observed state on AWS. + properties: + privateLink: + description: PrivateLinkAccessStatus contains the observed + state for PrivateLinkAccess resources. + properties: + hostedZoneID: + type: string + vpcEndpointID: + type: string + vpcEndpointService: + properties: + additionalAllowedPrincipals: + description: AdditionalAllowedPrincipals is a list + of additional allowed principal ARNs that have been + configured for the Private Link cluster's VPC Endpoint + Service. This list in Status is used to determine + if a sync of Allowed Principals is needed outside + of the regular reconcile period of 2hrs. + items: + type: string + type: array + defaultAllowedPrincipal: + description: DefaultAllowedPrincipal is the ARN of + the IAM entity used by Hive as configured for the + Private Link cluster's VPC Endpoint Service. + type: string + id: + type: string + name: + type: string + type: object + type: object + type: object + type: object + powerState: + description: PowerState indicates the powerstate of cluster + type: string + provisionRef: + description: ProvisionRef is a reference to the last ClusterProvision + created for the deployment + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + webConsoleURL: + description: WebConsoleURL is the URL for the cluster's web console + UI. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterdeprovisions.yaml b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterdeprovisions.yaml new file mode 100644 index 00000000000..8775481b00f --- /dev/null +++ b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterdeprovisions.yaml @@ -0,0 +1,364 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: clusterdeprovisions.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: ClusterDeprovision + listKind: ClusterDeprovisionList + plural: clusterdeprovisions + shortNames: + - cdr + singular: clusterdeprovision + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.infraID + name: InfraID + type: string + - jsonPath: .spec.clusterID + name: ClusterID + type: string + - jsonPath: .status.completed + name: Completed + type: boolean + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: ClusterDeprovision is the Schema for the clusterdeprovisions + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterDeprovisionSpec defines the desired state of ClusterDeprovision + properties: + baseDomain: + description: BaseDomain is the DNS base domain. + type: string + clusterID: + description: ClusterID is a globally unique identifier for the cluster + to deprovision. It will be used if specified. + type: string + clusterName: + description: ClusterName is the friendly name of the cluster. It is + used for subdomains, some resource tagging, and other instances + where a friendly name for the cluster is useful. + type: string + infraID: + description: InfraID is the identifier generated during installation + for a cluster. It is used for tagging/naming resources in cloud + providers. + type: string + platform: + description: Platform contains platform-specific configuration for + a ClusterDeprovision + properties: + alibabacloud: + description: AlibabaCloud contains Alibaba Cloud specific deprovision + settings + properties: + baseDomain: + description: 'BaseDomain is the DNS base domain. TODO: Use + the non-platform-specific BaseDomain field.' + type: string + credentialsSecretRef: + description: CredentialsSecretRef is the Alibaba account credentials + to use for deprovisioning the cluster + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + region: + description: Region is the Alibaba region for this deprovision + type: string + required: + - baseDomain + - credentialsSecretRef + - region + type: object + aws: + description: AWS contains AWS-specific deprovision settings + properties: + credentialsAssumeRole: + description: CredentialsAssumeRole refers to the IAM role + that must be assumed to obtain AWS account access for deprovisioning + the cluster. + properties: + externalID: + description: 'ExternalID is random string generated by + platform so that assume role is protected from confused + deputy problem. more info: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html' + type: string + roleARN: + type: string + required: + - roleARN + type: object + credentialsSecretRef: + description: CredentialsSecretRef is the AWS account credentials + to use for deprovisioning the cluster + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + hostedZoneRole: + description: HostedZoneRole is the role to assume when performing + operations on a hosted zone owned by another account. + type: string + region: + description: Region is the AWS region for this deprovisioning + type: string + required: + - region + type: object + azure: + description: Azure contains Azure-specific deprovision settings + properties: + cloudName: + description: cloudName is the name of the Azure cloud environment + which can be used to configure the Azure SDK with the appropriate + Azure API endpoints. If empty, the value is equal to "AzurePublicCloud". + enum: + - "" + - AzurePublicCloud + - AzureUSGovernmentCloud + - AzureChinaCloud + - AzureGermanCloud + type: string + credentialsSecretRef: + description: CredentialsSecretRef is the Azure account credentials + to use for deprovisioning the cluster + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + resourceGroupName: + description: ResourceGroupName is the name of the resource + group where the cluster was installed. Required for new + deprovisions (schema notwithstanding). + type: string + type: object + gcp: + description: GCP contains GCP-specific deprovision settings + properties: + credentialsSecretRef: + description: CredentialsSecretRef is the GCP account credentials + to use for deprovisioning the cluster + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + networkProjectID: + description: NetworkProjectID is used for shared VPC setups + type: string + region: + description: Region is the GCP region for this deprovision + type: string + required: + - region + type: object + ibmcloud: + description: IBMCloud contains IBM Cloud specific deprovision + settings + properties: + baseDomain: + description: 'BaseDomain is the DNS base domain. TODO: Use + the non-platform-specific BaseDomain field.' + type: string + credentialsSecretRef: + description: CredentialsSecretRef is the IBM Cloud credentials + to use for deprovisioning the cluster + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + region: + description: Region specifies the IBM Cloud region + type: string + required: + - baseDomain + - credentialsSecretRef + - region + type: object + openstack: + description: OpenStack contains OpenStack-specific deprovision + settings + properties: + certificatesSecretRef: + description: CertificatesSecretRef refers to a secret that + contains CA certificates necessary for communicating with + the OpenStack. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + cloud: + description: Cloud is the secion in the clouds.yaml secret + below to use for auth/connectivity. + type: string + credentialsSecretRef: + description: CredentialsSecretRef is the OpenStack account + credentials to use for deprovisioning the cluster + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - cloud + type: object + ovirt: + description: Ovirt contains oVirt-specific deprovision settings + properties: + certificatesSecretRef: + description: CertificatesSecretRef refers to a secret that + contains the oVirt CA certificates necessary for communicating + with the oVirt. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + clusterID: + description: The oVirt cluster ID + type: string + credentialsSecretRef: + description: 'CredentialsSecretRef is the oVirt account credentials + to use for deprovisioning the cluster secret fields: ovirt_url, + ovirt_username, ovirt_password, ovirt_ca_bundle' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - certificatesSecretRef + - clusterID + - credentialsSecretRef + type: object + vsphere: + description: VSphere contains VMWare vSphere-specific deprovision + settings + properties: + certificatesSecretRef: + description: CertificatesSecretRef refers to a secret that + contains the vSphere CA certificates necessary for communicating + with the VCenter. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + credentialsSecretRef: + description: CredentialsSecretRef is the vSphere account credentials + to use for deprovisioning the cluster + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + vCenter: + description: VCenter is the vSphere vCenter hostname. + type: string + required: + - certificatesSecretRef + - credentialsSecretRef + - vCenter + type: object + type: object + required: + - infraID + type: object + status: + description: ClusterDeprovisionStatus defines the observed state of ClusterDeprovision + properties: + completed: + description: Completed is true when the uninstall has completed successfully + type: boolean + conditions: + description: Conditions includes more detailed status for the cluster + deprovision + items: + description: ClusterDeprovisionCondition contains details for the + current condition of a ClusterDeprovision + properties: + lastProbeTime: + description: LastProbeTime is the last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about last transition. + type: string + reason: + description: Reason is a unique, one-word, CamelCase reason + for the condition's last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterimagesets.yaml b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterimagesets.yaml new file mode 100644 index 00000000000..eec9f492c36 --- /dev/null +++ b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterimagesets.yaml @@ -0,0 +1,57 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: clusterimagesets.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: ClusterImageSet + listKind: ClusterImageSetList + plural: clusterimagesets + shortNames: + - imgset + singular: clusterimageset + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.releaseImage + name: Release + type: string + name: v1 + schema: + openAPIV3Schema: + description: ClusterImageSet is the Schema for the clusterimagesets API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterImageSetSpec defines the desired state of ClusterImageSet + properties: + releaseImage: + description: ReleaseImage is the image that contains the payload to + use when installing a cluster. + type: string + required: + - releaseImage + type: object + status: + description: ClusterImageSetStatus defines the observed state of ClusterImageSet + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterpools.yaml b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterpools.yaml new file mode 100644 index 00000000000..5ec7694c6bd --- /dev/null +++ b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterpools.yaml @@ -0,0 +1,704 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: clusterpools.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: ClusterPool + listKind: ClusterPoolList + plural: clusterpools + shortNames: + - cp + singular: clusterpool + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.size + name: Size + type: string + - jsonPath: .status.standby + name: Standby + type: string + - jsonPath: .status.ready + name: Ready + type: string + - jsonPath: .spec.baseDomain + name: BaseDomain + type: string + - jsonPath: .spec.imageSetRef.name + name: ImageSet + type: string + name: v1 + schema: + openAPIV3Schema: + description: ClusterPool represents a pool of clusters that should be kept + ready to be given out to users. Clusters are removed from the pool once + claimed and then automatically replaced with a new one. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterPoolSpec defines the desired state of the ClusterPool. + properties: + annotations: + additionalProperties: + type: string + description: Annotations to be applied to new ClusterDeployments created + for the pool. ClusterDeployments that have already been claimed + will not be affected when this value is modified. + type: object + baseDomain: + description: BaseDomain is the base domain to use for all clusters + created in this pool. + type: string + claimLifetime: + description: ClaimLifetime defines the lifetimes for claims for the + cluster pool. + properties: + default: + description: 'Default is the default lifetime of the claim when + no lifetime is set on the claim itself. This is a Duration value; + see https://pkg.go.dev/time#ParseDuration for accepted formats. + Note: due to discrepancies in validation vs parsing, we use + a Pattern instead of `Format=duration`. See https://bugzilla.redhat.com/show_bug.cgi?id=2050332 + https://github.com/kubernetes/apimachinery/issues/131 https://github.com/kubernetes/apiextensions-apiserver/issues/56' + pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + maximum: + description: 'Maximum is the maximum lifetime of the claim after + it is assigned a cluster. If the claim still exists when the + lifetime has elapsed, the claim will be deleted by Hive. The + lifetime of a claim is the mimimum of the lifetimes set by the + cluster pool and the claim itself. This is a Duration value; + see https://pkg.go.dev/time#ParseDuration for accepted formats. + Note: due to discrepancies in validation vs parsing, we use + a Pattern instead of `Format=duration`. See https://bugzilla.redhat.com/show_bug.cgi?id=2050332 + https://github.com/kubernetes/apimachinery/issues/131 https://github.com/kubernetes/apiextensions-apiserver/issues/56' + pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + type: object + hibernateAfter: + description: 'HibernateAfter will be applied to new ClusterDeployments + created for the pool. HibernateAfter will transition clusters in + the clusterpool to hibernating power state after it has been running + for the given duration. The time that a cluster has been running + is the time since the cluster was installed or the time since the + cluster last came out of hibernation. This is a Duration value; + see https://pkg.go.dev/time#ParseDuration for accepted formats. + Note: due to discrepancies in validation vs parsing, we use a Pattern + instead of `Format=duration`. See https://bugzilla.redhat.com/show_bug.cgi?id=2050332 + https://github.com/kubernetes/apimachinery/issues/131 https://github.com/kubernetes/apiextensions-apiserver/issues/56' + pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + hibernationConfig: + description: HibernationConfig configures the hibernation/resume behavior + of ClusterDeployments owned by the ClusterPool. + properties: + resumeTimeout: + description: 'ResumeTimeout is the maximum amount of time we will + wait for an unclaimed ClusterDeployment to resume from hibernation + (e.g. at the behest of runningCount, or in preparation for being + claimed). If this time is exceeded, the ClusterDeployment will + be considered Broken and we will replace it. The default (unspecified + or zero) means no timeout -- we will allow the ClusterDeployment + to continue trying to resume "forever". This is a Duration value; + see https://pkg.go.dev/time#ParseDuration for accepted formats. + Note: due to discrepancies in validation vs parsing, we use + a Pattern instead of `Format=duration`. See https://bugzilla.redhat.com/show_bug.cgi?id=2050332 + https://github.com/kubernetes/apimachinery/issues/131 https://github.com/kubernetes/apiextensions-apiserver/issues/56' + pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + type: object + imageSetRef: + description: ImageSetRef is a reference to a ClusterImageSet. The + release image specified in the ClusterImageSet will be used by clusters + created for this cluster pool. + properties: + name: + description: Name is the name of the ClusterImageSet that this + refers to + type: string + required: + - name + type: object + installAttemptsLimit: + description: InstallAttemptsLimit is the maximum number of times Hive + will attempt to install the cluster. + format: int32 + type: integer + installConfigSecretTemplateRef: + description: InstallConfigSecretTemplateRef is a secret with the key + install-config.yaml consisting of the content of the install-config.yaml + to be used as a template for all clusters in this pool. Cluster + specific settings (name, basedomain) will be injected dynamically + when the ClusterDeployment install-config Secret is generated. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + inventory: + description: Inventory maintains a list of entries consumed by the + ClusterPool to customize the default ClusterDeployment. + items: + description: InventoryEntry maintains a reference to a custom resource + consumed by a clusterpool to customize the cluster deployment. + properties: + kind: + default: ClusterDeploymentCustomization + description: Kind denotes the kind of the referenced resource. + The default is ClusterDeploymentCustomization, which is also + currently the only supported value. + enum: + - "" + - ClusterDeploymentCustomization + type: string + name: + description: Name is the name of the referenced resource. + type: string + type: object + type: array + labels: + additionalProperties: + type: string + description: Labels to be applied to new ClusterDeployments created + for the pool. ClusterDeployments that have already been claimed + will not be affected when this value is modified. + type: object + maxConcurrent: + description: MaxConcurrent is the maximum number of clusters that + will be provisioned or deprovisioned at an time. This includes the + claimed clusters being deprovisioned. By default there is no limit. + format: int32 + type: integer + maxSize: + description: MaxSize is the maximum number of clusters that will be + provisioned including clusters that have been claimed and ones waiting + to be used. By default there is no limit. + format: int32 + type: integer + platform: + description: Platform encompasses the desired platform for the cluster. + properties: + agentBareMetal: + description: AgentBareMetal is the configuration used when performing + an Assisted Agent based installation to bare metal. + properties: + agentSelector: + description: AgentSelector is a label selector used for associating + relevant custom resources with this cluster. (Agent, BareMetalHost, + etc) + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - agentSelector + type: object + alibabacloud: + description: AlibabaCloud is the configuration used when installing + on Alibaba Cloud + properties: + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that + contains Alibaba Cloud account access credentials. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + region: + description: Region specifies the Alibaba Cloud region where + the cluster will be created. + type: string + required: + - credentialsSecretRef + - region + type: object + aws: + description: AWS is the configuration used when installing on + AWS. + properties: + credentialsAssumeRole: + description: CredentialsAssumeRole refers to the IAM role + that must be assumed to obtain AWS account access for the + cluster operations. + properties: + externalID: + description: 'ExternalID is random string generated by + platform so that assume role is protected from confused + deputy problem. more info: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html' + type: string + roleARN: + type: string + required: + - roleARN + type: object + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that + contains the AWS account access credentials. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + privateLink: + description: PrivateLink allows uses to enable access to the + cluster's API server using AWS PrivateLink. AWS PrivateLink + includes a pair of VPC Endpoint Service and VPC Endpoint + accross AWS accounts and allows clients to connect to services + using AWS's internal networking instead of the Internet. + properties: + additionalAllowedPrincipals: + description: AdditionalAllowedPrincipals is a list of + additional allowed principal ARNs to be configured for + the Private Link cluster's VPC Endpoint Service. ARNs + provided as AdditionalAllowedPrincipals will be configured + for the cluster's VPC Endpoint Service in addition to + the IAM entity used by Hive. + items: + type: string + type: array + enabled: + type: boolean + required: + - enabled + type: object + region: + description: Region specifies the AWS region where the cluster + will be created. + type: string + userTags: + additionalProperties: + type: string + description: UserTags specifies additional tags for AWS resources + created for the cluster. + type: object + required: + - region + type: object + azure: + description: Azure is the configuration used when installing on + Azure. + properties: + baseDomainResourceGroupName: + description: BaseDomainResourceGroupName specifies the resource + group where the azure DNS zone for the base domain is found + type: string + cloudName: + description: cloudName is the name of the Azure cloud environment + which can be used to configure the Azure SDK with the appropriate + Azure API endpoints. If empty, the value is equal to "AzurePublicCloud". + enum: + - "" + - AzurePublicCloud + - AzureUSGovernmentCloud + - AzureChinaCloud + - AzureGermanCloud + type: string + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that + contains the Azure account access credentials. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + region: + description: Region specifies the Azure region where the cluster + will be created. + type: string + required: + - credentialsSecretRef + - region + type: object + baremetal: + description: BareMetal is the configuration used when installing + on bare metal. + properties: + libvirtSSHPrivateKeySecretRef: + description: LibvirtSSHPrivateKeySecretRef is the reference + to the secret that contains the private SSH key to use for + access to the libvirt provisioning host. The SSH private + key is expected to be in the secret data under the "ssh-privatekey" + key. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - libvirtSSHPrivateKeySecretRef + type: object + gcp: + description: GCP is the configuration used when installing on + Google Cloud Platform. + properties: + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that + contains the GCP account access credentials. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + region: + description: Region specifies the GCP region where the cluster + will be created. + type: string + required: + - credentialsSecretRef + - region + type: object + ibmcloud: + description: IBMCloud is the configuration used when installing + on IBM Cloud + properties: + accountID: + description: AccountID is the IBM Cloud Account ID. AccountID + is DEPRECATED and is gathered via the IBM Cloud API for + the provided credentials. This field will be ignored. + type: string + cisInstanceCRN: + description: CISInstanceCRN is the IBM Cloud Internet Services + Instance CRN CISInstanceCRN is DEPRECATED and gathered via + the IBM Cloud API for the provided credentials and cluster + deployment base domain. This field will be ignored. + type: string + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that + contains IBM Cloud account access credentials. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + region: + description: Region specifies the IBM Cloud region where the + cluster will be created. + type: string + required: + - credentialsSecretRef + - region + type: object + none: + description: None indicates platform-agnostic install. https://docs.openshift.com/container-platform/4.7/installing/installing_platform_agnostic/installing-platform-agnostic.html + type: object + openstack: + description: OpenStack is the configuration used when installing + on OpenStack + properties: + certificatesSecretRef: + description: "CertificatesSecretRef refers to a secret that + contains CA certificates necessary for communicating with + the OpenStack. There is additional configuration required + for the OpenShift cluster to trust the certificates provided + in this secret. The \"clouds.yaml\" file included in the + credentialsSecretRef Secret must also include a reference + to the certificate bundle file for the OpenShift cluster + being created to trust the OpenStack endpoints. The \"clouds.yaml\" + file must set the \"cacert\" field to either \"/etc/openstack-ca/\" or \"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem\". + \n For example, \"\"\"clouds.yaml clouds: shiftstack: auth: + ... cacert: \"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem\" + \"\"\"" + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + cloud: + description: Cloud will be used to indicate the OS_CLOUD value + to use the right section from the clouds.yaml in the CredentialsSecretRef. + type: string + credentialsSecretRef: + description: CredentialsSecretRef refers to a secret that + contains the OpenStack account access credentials. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + trunkSupport: + description: TrunkSupport indicates whether or not to use + trunk ports in your OpenShift cluster. + type: boolean + required: + - cloud + - credentialsSecretRef + type: object + ovirt: + description: Ovirt is the configuration used when installing on + oVirt + properties: + certificatesSecretRef: + description: CertificatesSecretRef refers to a secret that + contains the oVirt CA certificates necessary for communicating + with oVirt. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + credentialsSecretRef: + description: 'CredentialsSecretRef refers to a secret that + contains the oVirt account access credentials with fields: + ovirt_url, ovirt_username, ovirt_password, ovirt_ca_bundle' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + ovirt_cluster_id: + description: The target cluster under which all VMs will run + type: string + ovirt_network_name: + description: The target network of all the network interfaces + of the nodes. Omitting defaults to ovirtmgmt network which + is a default network for evert ovirt cluster. + type: string + storage_domain_id: + description: The target storage domain under which all VM + disk would be created. + type: string + required: + - certificatesSecretRef + - credentialsSecretRef + - ovirt_cluster_id + - storage_domain_id + type: object + vsphere: + description: VSphere is the configuration used when installing + on vSphere + properties: + certificatesSecretRef: + description: CertificatesSecretRef refers to a secret that + contains the vSphere CA certificates necessary for communicating + with the VCenter. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + cluster: + description: Cluster is the name of the cluster virtual machines + will be cloned into. + type: string + credentialsSecretRef: + description: 'CredentialsSecretRef refers to a secret that + contains the vSphere account access credentials: GOVC_USERNAME, + GOVC_PASSWORD fields.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + datacenter: + description: Datacenter is the name of the datacenter to use + in the vCenter. + type: string + defaultDatastore: + description: DefaultDatastore is the default datastore to + use for provisioning volumes. + type: string + folder: + description: Folder is the name of the folder that will be + used and/or created for virtual machines. + type: string + network: + description: Network specifies the name of the network to + be used by the cluster. + type: string + vCenter: + description: VCenter is the domain name or IP address of the + vCenter. + type: string + required: + - certificatesSecretRef + - credentialsSecretRef + - datacenter + - defaultDatastore + - vCenter + type: object + type: object + pullSecretRef: + description: PullSecretRef is the reference to the secret to use when + pulling images. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + runningCount: + description: RunningCount is the number of clusters we should keep + running. The remainder will be kept hibernated until claimed. By + default no clusters will be kept running (all will be hibernated). + format: int32 + minimum: 0 + type: integer + size: + description: Size is the default number of clusters that we should + keep provisioned and waiting for use. + format: int32 + minimum: 0 + type: integer + skipMachinePools: + description: SkipMachinePools allows creating clusterpools where the + machinepools are not managed by hive after cluster creation + type: boolean + required: + - baseDomain + - imageSetRef + - platform + - size + type: object + status: + description: ClusterPoolStatus defines the observed state of ClusterPool + properties: + conditions: + description: Conditions includes more detailed status for the cluster + pool + items: + description: ClusterPoolCondition contains details for the current + condition of a cluster pool + properties: + lastProbeTime: + description: LastProbeTime is the last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about last transition. + type: string + reason: + description: Reason is a unique, one-word, CamelCase reason + for the condition's last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - status + - type + type: object + type: array + ready: + description: Ready is the number of unclaimed clusters that are installed + and are running and ready to be claimed. + format: int32 + type: integer + size: + description: Size is the number of unclaimed clusters that have been + created for the pool. + format: int32 + type: integer + standby: + description: Standby is the number of unclaimed clusters that are + installed, but not running. + format: int32 + type: integer + required: + - ready + - size + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.size + statusReplicasPath: .status.size + status: {} diff --git a/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterprovisions.yaml b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterprovisions.yaml new file mode 100644 index 00000000000..173743a2171 --- /dev/null +++ b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterprovisions.yaml @@ -0,0 +1,186 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + labels: + contracts.hive.openshift.io/clusterinstall: "false" + name: clusterprovisions.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: ClusterProvision + listKind: ClusterProvisionList + plural: clusterprovisions + singular: clusterprovision + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.clusterDeploymentRef.name + name: ClusterDeployment + type: string + - jsonPath: .spec.stage + name: Stage + type: string + - jsonPath: .spec.infraID + name: InfraID + type: string + name: v1 + schema: + openAPIV3Schema: + description: ClusterProvision is the Schema for the clusterprovisions API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterProvisionSpec defines the results of provisioning + a cluster. + properties: + adminKubeconfigSecretRef: + description: AdminKubeconfigSecretRef references the secret containing + the admin kubeconfig for this cluster. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + adminPasswordSecretRef: + description: AdminPasswordSecretRef references the secret containing + the admin username/password which can be used to login to this cluster. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + attempt: + description: Attempt is which attempt number of the cluster deployment + that this ClusterProvision is + type: integer + clusterDeploymentRef: + description: ClusterDeploymentRef references the cluster deployment + provisioned. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + clusterID: + description: ClusterID is a globally unique identifier for this cluster + generated during installation. Used for reporting metrics among + other places. + type: string + infraID: + description: InfraID is an identifier for this cluster generated during + installation and used for tagging/naming resources in cloud providers. + type: string + installLog: + description: InstallLog is the log from the installer. + type: string + metadata: + description: 'Metadata is the metadata.json generated by the installer, + providing metadata information about the cluster created. NOTE: + This is not used because it didn''t work (it was always empty). + We think because the thing it''s storing (ClusterMetadata from installer) + is not a runtime.Object, so can''t be put in a RawExtension.' + type: object + metadataJSON: + description: MetadataJSON is a JSON representation of the ClusterMetadata + produced by the installer. We don't use a runtime.RawExtension because + ClusterMetadata isn't a runtime.Object. We don't use ClusterMetadata + itself because we don't want our API consumers to need to pull in + the installer code and its dependencies. + format: byte + type: string + prevClusterID: + description: PrevClusterID is the cluster ID of the previous failed + provision attempt. + type: string + prevInfraID: + description: PrevInfraID is the infra ID of the previous failed provision + attempt. + type: string + prevProvisionName: + description: PrevProvisionName is the name of the previous failed + provision attempt. + type: string + stage: + description: Stage is the stage of provisioning that the cluster deployment + has reached. + type: string + required: + - attempt + - clusterDeploymentRef + - podSpec + - stage + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: ClusterProvisionStatus defines the observed state of ClusterProvision. + properties: + conditions: + description: Conditions includes more detailed status for the cluster + provision + items: + description: ClusterProvisionCondition contains details for the + current condition of a cluster provision + properties: + lastProbeTime: + description: LastProbeTime is the last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about last transition. + type: string + reason: + description: Reason is a unique, one-word, CamelCase reason + for the condition's last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - status + - type + type: object + type: array + jobRef: + description: JobRef is the reference to the job performing the provision. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterrelocates.yaml b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterrelocates.yaml new file mode 100644 index 00000000000..5de593feab9 --- /dev/null +++ b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterrelocates.yaml @@ -0,0 +1,114 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: clusterrelocates.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: ClusterRelocate + listKind: ClusterRelocateList + plural: clusterrelocates + singular: clusterrelocate + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.clusterDeploymentSelector + name: Selector + type: string + name: v1 + schema: + openAPIV3Schema: + description: ClusterRelocate is the Schema for the ClusterRelocates API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterRelocateSpec defines the relocation of clusters from + one Hive instance to another. + properties: + clusterDeploymentSelector: + description: ClusterDeploymentSelector is a LabelSelector indicating + which clusters will be relocated. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + kubeconfigSecretRef: + description: KubeconfigSecretRef is a reference to the secret containing + the kubeconfig for the destination Hive instance. The kubeconfig + must be in a data field where the key is "kubeconfig". + properties: + name: + description: Name is the name of the secret. + type: string + namespace: + description: Namespace is the namespace where the secret lives. + type: string + required: + - name + - namespace + type: object + required: + - clusterDeploymentSelector + - kubeconfigSecretRef + type: object + status: + description: ClusterRelocateStatus defines the observed state of ClusterRelocate. + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterstates.yaml b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterstates.yaml new file mode 100644 index 00000000000..bc82a7bfeb3 --- /dev/null +++ b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_clusterstates.yaml @@ -0,0 +1,100 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: clusterstates.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: ClusterState + listKind: ClusterStateList + plural: clusterstates + singular: clusterstate + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: ClusterState is the Schema for the clusterstates API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterStateSpec defines the desired state of ClusterState + type: object + status: + description: ClusterStateStatus defines the observed state of ClusterState + properties: + clusterOperators: + description: ClusterOperators contains the state for every cluster + operator in the target cluster + items: + description: ClusterOperatorState summarizes the status of a single + cluster operator + properties: + conditions: + description: Conditions is the set of conditions in the status + of the cluster operator on the target cluster + items: + description: ClusterOperatorStatusCondition represents the + state of the operator's managed and monitored components. + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last + update to the current status property. + format: date-time + type: string + message: + description: message provides additional information about + the current condition. This is only to be consumed by + humans. It may contain Line Feed characters (U+000A), + which should be rendered as new lines. + type: string + reason: + description: reason is the CamelCase reason for the condition's + current status. + type: string + status: + description: status of the condition, one of True, False, + Unknown. + type: string + type: + description: type specifies the aspect reported by this + condition. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + name: + description: Name is the name of the cluster operator + type: string + required: + - name + type: object + type: array + lastUpdated: + description: LastUpdated is the last time that operator state was + updated + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_dnszones.yaml b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_dnszones.yaml new file mode 100644 index 00000000000..8afba694a71 --- /dev/null +++ b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_dnszones.yaml @@ -0,0 +1,238 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: dnszones.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: DNSZone + listKind: DNSZoneList + plural: dnszones + singular: dnszone + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: DNSZone is the Schema for the dnszones API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DNSZoneSpec defines the desired state of DNSZone + properties: + aws: + description: AWS specifies AWS-specific cloud configuration + properties: + additionalTags: + description: AdditionalTags is a set of additional tags to set + on the DNS hosted zone. In addition to these tags,the DNS Zone + controller will set a hive.openhsift.io/hostedzone tag identifying + the HostedZone record that it belongs to. + items: + description: AWSResourceTag represents a tag that is applied + to an AWS cloud resource + properties: + key: + description: Key is the key for the tag + type: string + value: + description: Value is the value for the tag + type: string + required: + - key + - value + type: object + type: array + credentialsAssumeRole: + description: CredentialsAssumeRole refers to the IAM role that + must be assumed to obtain AWS account access for the DNS CRUD + operations. + properties: + externalID: + description: 'ExternalID is random string generated by platform + so that assume role is protected from confused deputy problem. + more info: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html' + type: string + roleARN: + type: string + required: + - roleARN + type: object + credentialsSecretRef: + description: CredentialsSecretRef contains a reference to a secret + that contains AWS credentials for CRUD operations + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + region: + description: Region is the AWS region to use for route53 operations. + This defaults to us-east-1. For AWS China, use cn-northwest-1. + type: string + type: object + azure: + description: Azure specifes Azure-specific cloud configuration + properties: + cloudName: + description: CloudName is the name of the Azure cloud environment + which can be used to configure the Azure SDK with the appropriate + Azure API endpoints. If empty, the value is equal to "AzurePublicCloud". + enum: + - "" + - AzurePublicCloud + - AzureUSGovernmentCloud + - AzureChinaCloud + - AzureGermanCloud + type: string + credentialsSecretRef: + description: CredentialsSecretRef references a secret that will + be used to authenticate with Azure CloudDNS. It will need permission + to create and manage CloudDNS Hosted Zones. Secret should have + a key named 'osServicePrincipal.json'. The credentials must + specify the project to use. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + resourceGroupName: + description: ResourceGroupName specifies the Azure resource group + in which the Hosted Zone should be created. + type: string + required: + - credentialsSecretRef + - resourceGroupName + type: object + gcp: + description: GCP specifies GCP-specific cloud configuration + properties: + credentialsSecretRef: + description: CredentialsSecretRef references a secret that will + be used to authenticate with GCP CloudDNS. It will need permission + to create and manage CloudDNS Hosted Zones. Secret should have + a key named 'osServiceAccount.json'. The credentials must specify + the project to use. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - credentialsSecretRef + type: object + linkToParentDomain: + description: LinkToParentDomain specifies whether DNS records should + be automatically created to link this DNSZone with a parent domain. + type: boolean + preserveOnDelete: + description: PreserveOnDelete allows the user to disconnect a DNSZone + from Hive without deprovisioning it. This can also be used to abandon + ongoing DNSZone deprovision. Typically set automatically due to + PreserveOnDelete being set on a ClusterDeployment. + type: boolean + zone: + description: Zone is the DNS zone to host + type: string + required: + - zone + type: object + status: + description: DNSZoneStatus defines the observed state of DNSZone + properties: + aws: + description: AWSDNSZoneStatus contains status information specific + to AWS + properties: + zoneID: + description: ZoneID is the ID of the zone in AWS + type: string + type: object + azure: + description: AzureDNSZoneStatus contains status information specific + to Azure + type: object + conditions: + description: Conditions includes more detailed status for the DNSZone + items: + description: DNSZoneCondition contains details for the current condition + of a DNSZone + properties: + lastProbeTime: + description: LastProbeTime is the last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about last transition. + type: string + reason: + description: Reason is a unique, one-word, CamelCase reason + for the condition's last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - status + - type + type: object + type: array + gcp: + description: GCPDNSZoneStatus contains status information specific + to GCP + properties: + zoneName: + description: ZoneName is the name of the zone in GCP Cloud DNS + type: string + type: object + lastSyncGeneration: + description: LastSyncGeneration is the generation of the zone resource + that was last sync'd. This is used to know if the Object has changed + and we should sync immediately. + format: int64 + type: integer + lastSyncTimestamp: + description: LastSyncTimestamp is the time that the zone was last + sync'd. + format: date-time + type: string + nameServers: + description: NameServers is a list of nameservers for this DNS zone + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_hiveconfigs.yaml b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_hiveconfigs.yaml new file mode 100644 index 00000000000..f8ba9b8c498 --- /dev/null +++ b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_hiveconfigs.yaml @@ -0,0 +1,827 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: hiveconfigs.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: HiveConfig + listKind: HiveConfigList + plural: hiveconfigs + singular: hiveconfig + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: HiveConfig is the Schema for the hives API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HiveConfigSpec defines the desired state of Hive + properties: + additionalCertificateAuthoritiesSecretRef: + description: AdditionalCertificateAuthoritiesSecretRef is a list of + references to secrets in the TargetNamespace that contain an additional + Certificate Authority to use when communicating with target clusters. + These certificate authorities will be used in addition to any self-signed + CA generated by each cluster on installation. The cert data should + be stored in the Secret key named 'ca.crt'. + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + argoCDConfig: + description: ArgoCD specifies configuration for ArgoCD integration. + If enabled, Hive will automatically add provisioned clusters to + ArgoCD, and remove them when they are deprovisioned. + properties: + enabled: + description: Enabled dictates if ArgoCD gitops integration is + enabled. If not specified, the default is disabled. + type: boolean + namespace: + description: Namespace specifies the namespace where ArgoCD is + installed. Used for the location of cluster secrets. Defaults + to "argocd" + type: string + required: + - enabled + type: object + awsPrivateLink: + description: AWSPrivateLink defines the configuration for the aws-private-link + controller. It provides 3 major pieces of information required by + the controller, 1. The Credentials that should be used to create + AWS PrivateLink resources other than what exist in the customer's + account. 2. A list of VPCs that can be used by the controller to + choose one to create AWS VPC Endpoints for the AWS VPC Endpoint + Services created for ClusterDeployments in their corresponding regions. + 3. A list of VPCs that should be able to resolve the DNS addresses + setup for Private Link. + properties: + associatedVPCs: + description: "AssociatedVPCs is the list of VPCs that should be + able to resolve the DNS addresses setup for Private Link. This + allows clients in VPC to resolve the AWS PrivateLink address + using AWS's default DNS resolver for Private Route53 Hosted + Zones. \n This list should at minimum include the VPC where + the current Hive controller is running." + items: + description: AWSAssociatedVPC defines a VPC that should be able + to resolve the DNS addresses setup for Private Link. + properties: + credentialsSecretRef: + description: CredentialsSecretRef references a secret in + the TargetNamespace that will be used to authenticate + with AWS for associating the VPC with the Private HostedZone + created for PrivateLink. When not provided, the common + credentials for the controller should be used. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + region: + type: string + vpcID: + type: string + required: + - region + - vpcID + type: object + type: array + credentialsSecretRef: + description: CredentialsSecretRef references a secret in the TargetNamespace + that will be used to authenticate with AWS for creating the + resources for AWS PrivateLink. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + dnsRecordType: + default: Alias + description: DNSRecordType defines what type of DNS record should + be created in Private Hosted Zone for the customer cluster's + API endpoint (which is the VPC Endpoint's regional DNS name). + enum: + - Alias + - ARecord + type: string + endpointVPCInventory: + description: EndpointVPCInventory is a list of VPCs and the corresponding + subnets in various AWS regions. The controller uses this list + to choose a VPC for creating AWS VPC Endpoints. Since the VPC + Endpoints must be in the same region as the ClusterDeployment, + we must have VPCs in that region to be able to setup Private + Link. + items: + description: AWSPrivateLinkInventory is a VPC and its corresponding + subnets in an AWS region. This VPC will be used to create + an AWS VPC Endpoint whenever there is a VPC Endpoint Service + created for a ClusterDeployment. + properties: + region: + type: string + subnets: + items: + description: AWSPrivateLinkSubnet defines a subnet in + the an AWS VPC. + properties: + availabilityZone: + type: string + subnetID: + type: string + required: + - availabilityZone + - subnetID + type: object + type: array + vpcID: + type: string + required: + - region + - subnets + - vpcID + type: object + type: array + required: + - credentialsSecretRef + type: object + backup: + description: Backup specifies configuration for backup integration. + If absent, backup integration will be disabled. + properties: + minBackupPeriodSeconds: + description: MinBackupPeriodSeconds specifies that a minimum of + MinBackupPeriodSeconds will occur in between each backup. This + is used to rate limit backups. This potentially batches together + multiple changes into 1 backup. No backups will be lost as changes + that happen during this interval are queued up and will result + in a backup happening once the interval has been completed. + type: integer + velero: + description: Velero specifies configuration for the Velero backup + integration. + properties: + enabled: + description: Enabled dictates if Velero backup integration + is enabled. If not specified, the default is disabled. + type: boolean + namespace: + description: Namespace specifies in which namespace velero + backup objects should be created. If not specified, the + default is a namespace named "velero". + type: string + type: object + type: object + controllersConfig: + description: ControllersConfig is used to configure different hive + controllers + properties: + controllers: + description: Controllers contains a list of configurations for + different controllers + items: + description: SpecificControllerConfig contains the configuration + for a specific controller + properties: + config: + description: ControllerConfig contains the configuration + for the controller specified by Name field + properties: + clientBurst: + description: ClientBurst specifies client rate limiter + burst for a controller + format: int32 + type: integer + clientQPS: + description: ClientQPS specifies client rate limiter + QPS for a controller + format: int32 + type: integer + concurrentReconciles: + description: ConcurrentReconciles specifies number of + concurrent reconciles for a controller + format: int32 + type: integer + queueBurst: + description: QueueBurst specifies workqueue rate limiter + burst for a controller + format: int32 + type: integer + queueQPS: + description: QueueQPS specifies workqueue rate limiter + QPS for a controller + format: int32 + type: integer + replicas: + description: Replicas specifies the number of replicas + the specific controller pod should use. This is ONLY + for controllers that have been split out into their + own pods. This is ignored for all others. + format: int32 + type: integer + type: object + name: + description: Name specifies the name of the controller + enum: + - clusterDeployment + - clusterrelocate + - clusterstate + - clusterversion + - controlPlaneCerts + - dnsendpoint + - dnszone + - remoteingress + - remotemachineset + - machinepool + - syncidentityprovider + - unreachable + - velerobackup + - clusterprovision + - clusterDeprovision + - clusterpool + - clusterpoolnamespace + - hibernation + - clusterclaim + - metrics + - clustersync + type: string + required: + - config + - name + type: object + type: array + default: + description: Default specifies default configuration for all the + controllers, can be used to override following coded defaults + default for concurrent reconciles is 5 default for client qps + is 5 default for client burst is 10 default for queue qps is + 10 default for queue burst is 100 + properties: + clientBurst: + description: ClientBurst specifies client rate limiter burst + for a controller + format: int32 + type: integer + clientQPS: + description: ClientQPS specifies client rate limiter QPS for + a controller + format: int32 + type: integer + concurrentReconciles: + description: ConcurrentReconciles specifies number of concurrent + reconciles for a controller + format: int32 + type: integer + queueBurst: + description: QueueBurst specifies workqueue rate limiter burst + for a controller + format: int32 + type: integer + queueQPS: + description: QueueQPS specifies workqueue rate limiter QPS + for a controller + format: int32 + type: integer + replicas: + description: Replicas specifies the number of replicas the + specific controller pod should use. This is ONLY for controllers + that have been split out into their own pods. This is ignored + for all others. + format: int32 + type: integer + type: object + type: object + deleteProtection: + description: DeleteProtection can be set to "enabled" to turn on automatic + delete protection for ClusterDeployments. When enabled, Hive will + add the "hive.openshift.io/protected-delete" annotation to new ClusterDeployments. + Once a ClusterDeployment has been installed, a user must remove + the annotation from a ClusterDeployment prior to deleting it. + enum: + - enabled + type: string + deploymentConfig: + description: DeploymentConfig is used to configure (pods/containers + of) the Deployments generated by hive-operator. + items: + properties: + deploymentName: + description: 'DeploymentName is the name of one of the Deployments/StatefulSets + managed by hive-operator. NOTE: At this time each deployment + has only one container. In the future, we may provide a way + to specify which container this DeploymentConfig will be applied + to.' + enum: + - hive-controllers + - hive-clustersync + - hiveadmission + type: string + resources: + description: Resources allows customization of the resource + (memory, CPU, etc.) limits and requests used by containers + in the Deployment/StatefulSet named by DeploymentName. + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - deploymentName + type: object + type: array + deprovisionsDisabled: + description: DeprovisionsDisabled can be set to true to block deprovision + jobs from running. + type: boolean + disabledControllers: + description: DisabledControllers allows selectively disabling Hive + controllers by name. The name of an individual controller matches + the name of the controller as seen in the Hive logging output. + items: + type: string + type: array + exportMetrics: + description: 'ExportMetrics has been disabled and has no effect. If + upgrading from a version where it was active, please be aware of + the following in your HiveConfig.Spec.TargetNamespace (default `hive` + if unset): 1) ServiceMonitors named hive-controllers and hive-clustersync; + 2) Role and RoleBinding named prometheus-k8s; 3) The `openshift.io/cluster-monitoring` + metadata.label on the Namespace itself. You may wish to delete these + resources. Or you may wish to continue using them to enable monitoring + in your environment; but be aware that hive will no longer reconcile + them.' + type: boolean + failedProvisionConfig: + description: FailedProvisionConfig is used to configure settings related + to handling provision failures. + properties: + aws: + description: FailedProvisionAWSConfig contains AWS-specific info + to upload log files. + properties: + bucket: + description: Bucket is the S3 bucket to store the logs in. + type: string + credentialsSecretRef: + description: 'CredentialsSecretRef references a secret in + the TargetNamespace that will be used to authenticate with + AWS S3. It will need permission to upload logs to S3. Secret + should have keys named aws_access_key_id and aws_secret_access_key + that contain the AWS credentials. Example Secret: data: + aws_access_key_id: minio aws_secret_access_key: minio123' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + region: + description: Region is the AWS region to use for S3 operations. + This defaults to us-east-1. For AWS China, use cn-northwest-1. + type: string + serviceEndpoint: + description: ServiceEndpoint is the url to connect to an S3 + compatible provider. + type: string + required: + - credentialsSecretRef + type: object + retryReasons: + description: RetryReasons is a list of installFailingReason strings + from the [additional-]install-log-regexes ConfigMaps. If specified, + Hive will only retry a failed installation if it results in + one of the listed reasons. If omitted (not the same thing as + empty!), Hive will retry regardless of the failure reason. (The + total number of install attempts is still constrained by ClusterDeployment.Spec.InstallAttemptsLimit.) + items: + type: string + type: array + skipGatherLogs: + description: 'DEPRECATED: This flag is no longer respected and + will be removed in the future.' + type: boolean + type: object + featureGates: + description: FeatureGateSelection allows selecting feature gates for + the controller. + properties: + custom: + description: custom allows the enabling or disabling of any feature. + Because of its nature, this setting cannot be validated. If + you have any typos or accidentally apply invalid combinations + might cause unknown behavior. featureSet must equal "Custom" + must be set to use this field. + nullable: true + properties: + enabled: + description: enabled is a list of all feature gates that you + want to force on + items: + type: string + type: array + type: object + featureSet: + description: featureSet changes the list of features in the cluster. The + default is empty. Be very careful adjusting this setting. + enum: + - "" + - Custom + type: string + type: object + globalPullSecretRef: + description: GlobalPullSecretRef is used to specify a pull secret + that will be used globally by all of the cluster deployments. For + each cluster deployment, the contents of GlobalPullSecret will be + merged with the specific pull secret for a cluster deployment(if + specified), with precedence given to the contents of the pull secret + for the cluster deployment. The global pull secret is assumed to + be in the TargetNamespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + logLevel: + description: LogLevel is the level of logging to use for the Hive + controllers. Acceptable levels, from coarsest to finest, are panic, + fatal, error, warn, info, debug, and trace. The default level is + info. + type: string + maintenanceMode: + description: MaintenanceMode can be set to true to disable the hive + controllers in situations where we need to ensure nothing is running + that will add or act upon finalizers on Hive types. This should + rarely be needed. Sets replicas to 0 for the hive-controllers deployment + to accomplish this. + type: boolean + managedDomains: + description: 'ManagedDomains is the list of DNS domains that are managed + by the Hive cluster When specifying ''manageDNS: true'' in a ClusterDeployment, + the ClusterDeployment''s baseDomain should be a direct child of + one of these domains, otherwise the ClusterDeployment creation will + result in a validation error.' + items: + description: ManageDNSConfig contains the domain being managed, + and the cloud-specific details for accessing/managing the domain. + properties: + aws: + description: AWS contains AWS-specific settings for external + DNS + properties: + credentialsSecretRef: + description: CredentialsSecretRef references a secret in + the TargetNamespace that will be used to authenticate + with AWS Route53. It will need permission to manage entries + for the domain listed in the parent ManageDNSConfig object. + Secret should have AWS keys named 'aws_access_key_id' + and 'aws_secret_access_key'. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + region: + description: Region is the AWS region to use for route53 + operations. This defaults to us-east-1. For AWS China, + use cn-northwest-1. + type: string + required: + - credentialsSecretRef + type: object + azure: + description: Azure contains Azure-specific settings for external + DNS + properties: + cloudName: + description: CloudName is the name of the Azure cloud environment + which can be used to configure the Azure SDK with the + appropriate Azure API endpoints. If empty, the value is + equal to "AzurePublicCloud". + enum: + - "" + - AzurePublicCloud + - AzureUSGovernmentCloud + - AzureChinaCloud + - AzureGermanCloud + type: string + credentialsSecretRef: + description: CredentialsSecretRef references a secret in + the TargetNamespace that will be used to authenticate + with Azure DNS. It wil need permission to manage entries + in each of the managed domains listed in the parent ManageDNSConfig + object. Secret should have a key named 'osServicePrincipal.json' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + resourceGroupName: + description: ResourceGroupName specifies the Azure resource + group containing the DNS zones for the domains being managed. + type: string + required: + - credentialsSecretRef + - resourceGroupName + type: object + domains: + description: Domains is the list of domains that hive will be + managing entries for with the provided credentials. + items: + type: string + type: array + gcp: + description: GCP contains GCP-specific settings for external + DNS + properties: + credentialsSecretRef: + description: CredentialsSecretRef references a secret in + the TargetNamespace that will be used to authenticate + with GCP DNS. It will need permission to manage entries + in each of the managed domains for this cluster. listed + in the parent ManageDNSConfig object. Secret should have + a key named 'osServiceAccount.json'. The credentials must + specify the project to use. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - credentialsSecretRef + type: object + required: + - domains + type: object + type: array + metricsConfig: + description: MetricsConfig encapsulates metrics specific configurations, + like opting in for certain metrics. + properties: + additionalClusterDeploymentLabels: + additionalProperties: + type: string + description: 'AdditionalClusterDeploymentLabels allows configuration + of additional labels to be applied to certain metrics. The keys + can be any string value suitable for a metric label (see https://prometheus.io/docs/concepts/data_model/#metric-names-and-labels). + The values can be any ClusterDeployment label key (from metadata.labels). + When observing an affected metric, hive will label it with the + specified metric key, and copy the value from the specified + ClusterDeployment label. For example, including {"ocp_major_version": + "hive.openshift.io/version-major"} will cause affected metrics + to include a label key ocp_major_version with the value from + the hive.openshift.io/version-major ClusterDeployment label + -- e.g. "4". NOTE: Avoid ClusterDeployment labels whose values + are unbounded, such as those representing cluster names or IDs, + as these will cause your prometheus database to grow indefinitely. + Affected metrics are those whose type implements the metricsWithDynamicLabels + interface found in pkg/controller/metrics/metrics_with_dynamic_labels.go' + type: object + metricsWithDuration: + description: Optional metrics and their configurations + items: + description: MetricsWithDuration represents metrics that report + time as values,like transition seconds. The purpose of these + metrics should be to track outliers - ensure their duration + is not set too low. + properties: + duration: + description: Duration is the minimum time taken - the relevant + metric will be logged only if the value reported by that + metric is more than the time mentioned here. For example, + if a user opts-in for current clusters stopping and mentions + 1 hour here, only the clusters stopping for more than + an hour will be reported. This is a Duration value; see + https://pkg.go.dev/time#ParseDuration for accepted formats. + pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ + type: string + name: + description: Name of the metric. It will correspond to an + optional relevant metric in hive + enum: + - currentStopping + - currentResuming + - currentWaitingForCO + - currentClusterSyncFailing + - cumulativeHibernated + - cumulativeResumed + type: string + required: + - duration + - name + type: object + type: array + type: object + releaseImageVerificationConfigMapRef: + description: "ReleaseImageVerificationConfigMapRef is a reference + to the ConfigMap that will be used to verify release images. \n + The config map structure is exactly the same as the config map used + for verification of release images for OpenShift 4 during upgrades. + Therefore you can usually set this to the config map shipped as + part of OpenShift (openshift-config-managed/release-verification). + \n See https://github.com/openshift/cluster-update-keys for more + details. The keys within the config map in the data field define + how verification is performed: \n verifier-public-key-*: One or + more GPG public keys in ASCII form that must have signed the release + image by digest. \n store-*: A URL (scheme file://, http://, or + https://) location that contains signatures. These signatures are + in the atomic container signature format. The URL will have the + digest of the image appended to it as \"/=/signature-\" + as described in the container image signing format. The docker-image-manifest + section of the signature must match the release image digest. Signatures + are searched starting at NUMBER 1 and incrementing if the signature + exists but is not valid. The signature is a GPG signed and encrypted + JSON message. The file store is provided for testing only at the + current time, although future versions of the CVO might allow host + mounting of signatures. \n See https://github.com/containers/image/blob/ab49b0a48428c623a8f03b41b9083d48966b34a9/docs/signature-protocols.md + for a description of the signature store \n The returned verifier + will require that any new release image will only be considered + verified if each provided public key has signed the release image + digest. The signature may be in any store and the lookup order is + internally defined. \n If not set, no verification will be performed." + properties: + name: + description: Name of the ConfigMap + type: string + namespace: + description: Namespace of the ConfigMap + type: string + required: + - name + - namespace + type: object + serviceProviderCredentialsConfig: + description: ServiceProviderCredentialsConfig is used to configure + credentials related to being a service provider on various cloud + platforms. + properties: + aws: + description: AWS is used to configure credentials related to being + a service provider on AWS. + properties: + credentialsSecretRef: + description: CredentialsSecretRef references a secret in the + TargetNamespace that will be used to authenticate with AWS + to become the Service Provider. Being a Service Provider + allows the controllers to assume the role in customer AWS + accounts to manager clusters. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + syncSetReapplyInterval: + description: SyncSetReapplyInterval is a string duration indicating + how much time must pass before SyncSet resources will be reapplied. + The default reapply interval is two hours. + type: string + targetNamespace: + description: 'TargetNamespace is the namespace where the core Hive + components should be run. Defaults to "hive". Will be created if + it does not already exist. All resource references in HiveConfig + can be assumed to be in the TargetNamespace. NOTE: Whereas it is + possible to edit this value, causing hive to "move" its core components + to the new namespace, the old namespace is not deleted, as it will + still contain resources created by kubernetes and/or other OpenShift + controllers.' + type: string + type: object + status: + description: HiveConfigStatus defines the observed state of Hive + properties: + aggregatorClientCAHash: + description: AggregatorClientCAHash keeps an md5 hash of the aggregator + client CA configmap data from the openshift-config-managed namespace. + When the configmap changes, admission is redeployed. + type: string + conditions: + description: Conditions includes more detailed status for the HiveConfig + items: + description: HiveConfigCondition contains details for the current + condition of a HiveConfig + properties: + lastProbeTime: + description: LastProbeTime is the last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about last transition. + type: string + reason: + description: Reason is a unique, one-word, CamelCase reason + for the condition's last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - status + - type + type: object + type: array + configApplied: + description: ConfigApplied will be set by the hive operator to indicate + whether or not the LastGenerationObserved was successfully reconciled. + type: boolean + observedGeneration: + description: ObservedGeneration will record the most recently processed + HiveConfig object's generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_machinepoolnameleases.yaml b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_machinepoolnameleases.yaml new file mode 100644 index 00000000000..6964ed2902e --- /dev/null +++ b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_machinepoolnameleases.yaml @@ -0,0 +1,59 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: machinepoolnameleases.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: MachinePoolNameLease + listKind: MachinePoolNameLeaseList + plural: machinepoolnameleases + singular: machinepoolnamelease + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.labels.hive\.openshift\.io/machine-pool-name + name: MachinePool + type: string + - jsonPath: .metadata.labels.hive\.openshift\.io/cluster-deployment-name + name: Cluster + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: MachinePoolNameLease is the Schema for the MachinePoolNameLeases + API. This resource is mostly empty as we're primarily relying on the name + to determine if a lease is available. Note that not all cloud providers + require the use of a lease for naming, at present this is only required + for GCP where we're extremely restricted on name lengths. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachinePoolNameLeaseSpec is a minimal resource for obtaining + unique machine pool names of a limited length. + type: object + status: + description: MachinePoolNameLeaseStatus defines the observed state of + MachinePoolNameLease. + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_machinepools.yaml b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_machinepools.yaml new file mode 100644 index 00000000000..aaff21fdc8c --- /dev/null +++ b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_machinepools.yaml @@ -0,0 +1,705 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: machinepools.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: MachinePool + listKind: MachinePoolList + plural: machinepools + singular: machinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.name + name: PoolName + type: string + - jsonPath: .spec.clusterDeploymentRef.name + name: ClusterDeployment + type: string + - jsonPath: .spec.replicas + name: Replicas + type: integer + name: v1 + schema: + openAPIV3Schema: + description: MachinePool is the Schema for the machinepools API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachinePoolSpec defines the desired state of MachinePool + properties: + autoscaling: + description: Autoscaling is the details for auto-scaling the machine + pool. Replicas and autoscaling cannot be used together. + properties: + maxReplicas: + description: MaxReplicas is the maximum number of replicas for + the machine pool. + format: int32 + type: integer + minReplicas: + description: MinReplicas is the minimum number of replicas for + the machine pool. + format: int32 + type: integer + required: + - maxReplicas + - minReplicas + type: object + clusterDeploymentRef: + description: ClusterDeploymentRef references the cluster deployment + to which this machine pool belongs. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + labels: + additionalProperties: + type: string + description: Map of label string keys and values that will be applied + to the created MachineSet's MachineSpec. This list will overwrite + any modifications made to Node labels on an ongoing basis. + type: object + name: + description: Name is the name of the machine pool. + type: string + platform: + description: Platform is configuration for machine pool specific to + the platform. + properties: + alibabacloud: + description: AlibabaCloud is the configuration used when installing + on Alibaba Cloud. + properties: + imageID: + description: ImageID is the Image ID that should be used to + create ECS instance. If set, the ImageID should belong to + the same region as the cluster. + type: string + instanceType: + description: InstanceType defines the ECS instance type. eg. + ecs.g6.large + type: string + systemDiskCategory: + description: SystemDiskCategory defines the category of the + system disk. + enum: + - "" + - cloud_efficiency + - cloud_essd + type: string + systemDiskSize: + description: SystemDiskSize defines the size of the system + disk in gibibytes (GiB). + minimum: 120 + type: integer + zones: + description: Zones is list of availability zones that can + be used. eg. ["cn-hangzhou-i", "cn-hangzhou-h", "cn-hangzhou-j"] + items: + type: string + type: array + type: object + aws: + description: AWS is the configuration used when installing on + AWS. + properties: + additionalSecurityGroupIDs: + description: AdditionalSecurityGroupIDs contains IDs of additional + security groups for machines, where each ID is presented + in the format sg-xxxx. + items: + type: string + type: array + metadataService: + description: EC2MetadataOptions defines metadata service interaction + options for EC2 instances in the machine pool. + properties: + authentication: + description: Authentication determines whether or not + the host requires the use of authentication when interacting + with the metadata service. When using authentication, + this enforces v2 interaction method (IMDSv2) with the + metadata service. When omitted, this means the user + has no opinion and the value is left to the platform + to choose a good default, which is subject to change + over time. The current default is optional. At this + point this field represents `HttpTokens` parameter from + `InstanceMetadataOptionsRequest` structure in AWS EC2 + API https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_InstanceMetadataOptionsRequest.html + type: string + type: object + rootVolume: + description: EC2RootVolume defines the storage for ec2 instance. + properties: + iops: + description: IOPS defines the iops for the storage. + type: integer + kmsKeyARN: + description: The KMS key that will be used to encrypt + the EBS volume. If no key is provided the default KMS + key for the account will be used. https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetEbsDefaultKmsKeyId.html + type: string + size: + description: Size defines the size of the storage. + type: integer + type: + description: Type defines the type of the storage. + type: string + required: + - size + - type + type: object + spotMarketOptions: + description: SpotMarketOptions allows users to configure instances + to be run using AWS Spot instances. + properties: + maxPrice: + description: 'The maximum price the user is willing to + pay for their instances Default: On-Demand price' + type: string + type: object + subnets: + description: Subnets is the list of IDs of subnets to which + to attach the machines. There must be exactly one subnet + for each availability zone used. These subnets may be public + or private. As a special case, for consistency with install-config, + you may specify exactly one private and one public subnet + for each availability zone. In this case, the public subnets + will be filtered out and only the private subnets will be + used. If empty/omitted, we will look for subnets in each + availability zone tagged with Name=-private-. + items: + type: string + type: array + type: + description: InstanceType defines the ec2 instance type. eg. + m4-large + type: string + zones: + description: Zones is list of availability zones that can + be used. + items: + type: string + type: array + required: + - rootVolume + - type + type: object + azure: + description: Azure is the configuration used when installing on + Azure. + properties: + osDisk: + description: OSDisk defines the storage for instance. + properties: + diskEncryptionSet: + description: DiskEncryptionSet defines a disk encryption + set. + properties: + name: + description: Name is the name of the disk encryption + set. + type: string + resourceGroup: + description: ResourceGroup defines the Azure resource + group used by the disk encryption set. + type: string + subscriptionId: + description: SubscriptionID defines the Azure subscription + the disk encryption set is in. + type: string + required: + - name + - resourceGroup + type: object + diskSizeGB: + description: DiskSizeGB defines the size of disk in GB. + format: int32 + minimum: 0 + type: integer + diskType: + description: DiskType defines the type of disk. For control + plane nodes, the valid values are Premium_LRS and StandardSSD_LRS. + Default is Premium_LRS. + enum: + - Standard_LRS + - Premium_LRS + - StandardSSD_LRS + type: string + required: + - diskSizeGB + type: object + osImage: + description: OSImage defines the image to use for the OS. + properties: + offer: + description: Offer is the offer of the image. + type: string + publisher: + description: Publisher is the publisher of the image. + type: string + sku: + description: SKU is the SKU of the image. + type: string + version: + description: Version is the version of the image. + type: string + required: + - offer + - publisher + - sku + - version + type: object + type: + description: InstanceType defines the azure instance type. + eg. Standard_DS_V2 + type: string + zones: + description: Zones is list of availability zones that can + be used. eg. ["1", "2", "3"] + items: + type: string + type: array + required: + - osDisk + - type + type: object + gcp: + description: GCP is the configuration used when installing on + GCP. + properties: + networkProjectID: + description: NetworkProjectID specifies which project the + network and subnets exist in when they are not in the main + ProjectID. + type: string + osDisk: + description: OSDisk defines the storage for instances. + properties: + diskSizeGB: + description: DiskSizeGB defines the size of disk in GB. + Defaulted internally to 128. + format: int64 + maximum: 65536 + minimum: 16 + type: integer + diskType: + description: DiskType defines the type of disk. The valid + values are pd-standard and pd-ssd. Defaulted internally + to pd-ssd. + enum: + - pd-ssd + - pd-standard + type: string + encryptionKey: + description: EncryptionKey defines the KMS key to be used + to encrypt the disk. + properties: + kmsKey: + description: KMSKey is a reference to a KMS Key to + use for the encryption. + properties: + keyRing: + description: KeyRing is the name of the KMS Key + Ring which the KMS Key belongs to. + type: string + location: + description: Location is the GCP location in which + the Key Ring exists. + type: string + name: + description: Name is the name of the customer + managed encryption key to be used for the disk + encryption. + type: string + projectID: + description: ProjectID is the ID of the Project + in which the KMS Key Ring exists. Defaults to + the VM ProjectID if not set. + type: string + required: + - keyRing + - location + - name + type: object + kmsKeyServiceAccount: + description: KMSKeyServiceAccount is the service account + being used for the encryption request for the given + KMS key. If absent, the Compute Engine default service + account is used. See https://cloud.google.com/compute/docs/access/service-accounts#compute_engine_service_account + for details on the default service account. + type: string + type: object + type: object + secureBoot: + description: SecureBoot Defines whether the instance should + have secure boot enabled. Verifies the digital signature + of all boot components, and halts the boot process if signature + verification fails. If omitted, the platform chooses a default, + which is subject to change over time. Currently that default + is "Disabled". + enum: + - Enabled + - Disabled + type: string + type: + description: InstanceType defines the GCP instance type. eg. + n1-standard-4 + type: string + zones: + description: Zones is list of availability zones that can + be used. + items: + type: string + type: array + required: + - type + type: object + ibmcloud: + description: IBMCloud is the configuration used when installing + on IBM Cloud. + properties: + bootVolume: + description: BootVolume is the configuration for the machine's + boot volume. + properties: + encryptionKey: + description: EncryptionKey is the CRN referencing a Key + Protect or Hyper Protect Crypto Services key to use + for volume encryption. If not specified, a provider + managed encryption key will be used. + type: string + type: object + dedicatedHosts: + description: DedicatedHosts is the configuration for the machine's + dedicated host and profile. + items: + description: DedicatedHost stores the configuration for + the machine's dedicated host platform. + properties: + name: + description: Name is the name of the dedicated host + to provision the machine on. If specified, machines + will be created on pre-existing dedicated host. + type: string + profile: + description: Profile is the profile ID for the dedicated + host. If specified, new dedicated host will be created + for machines. + type: string + type: object + type: array + type: + description: InstanceType is the VSI machine profile. + type: string + zones: + description: Zones is the list of availability zones used + for machines in the pool. + items: + type: string + type: array + type: object + openstack: + description: OpenStack is the configuration used when installing + on OpenStack. + properties: + flavor: + description: Flavor defines the OpenStack Nova flavor. eg. + m1.large The json key here differs from the installer which + uses both "computeFlavor" and type "type" depending on which + type you're looking at, and the resulting field on the MachineSet + is "flavor". We are opting to stay consistent with the end + result. + type: string + rootVolume: + description: RootVolume defines the root volume for instances + in the machine pool. The instances use ephemeral disks if + not set. + properties: + size: + description: Size defines the size of the volume in gibibytes + (GiB). Required + type: integer + type: + description: Type defines the type of the volume. Required + type: string + required: + - size + - type + type: object + required: + - flavor + type: object + ovirt: + description: Ovirt is the configuration used when installing on + oVirt. + properties: + cpu: + description: CPU defines the VM CPU. + properties: + cores: + description: Cores is the number of cores per socket. + Total CPUs is (Sockets * Cores) + format: int32 + type: integer + sockets: + description: Sockets is the number of sockets for a VM. + Total CPUs is (Sockets * Cores) + format: int32 + type: integer + required: + - cores + - sockets + type: object + memoryMB: + description: MemoryMB is the size of a VM's memory in MiBs. + format: int32 + type: integer + osDisk: + description: OSDisk is the the root disk of the node. + properties: + sizeGB: + description: SizeGB size of the bootable disk in GiB. + format: int64 + type: integer + required: + - sizeGB + type: object + vmType: + description: VMType defines the workload type of the VM. + enum: + - "" + - desktop + - server + - high_performance + type: string + type: object + vsphere: + description: VSphere is the configuration used when installing + on vSphere + properties: + coresPerSocket: + description: NumCoresPerSocket is the number of cores per + socket in a vm. The number of vCPUs on the vm will be NumCPUs/NumCoresPerSocket. + format: int32 + type: integer + cpus: + description: NumCPUs is the total number of virtual processor + cores to assign a vm. + format: int32 + type: integer + memoryMB: + description: Memory is the size of a VM's memory in MB. + format: int64 + type: integer + osDisk: + description: OSDisk defines the storage for instance. + properties: + diskSizeGB: + description: DiskSizeGB defines the size of disk in GB. + format: int32 + type: integer + required: + - diskSizeGB + type: object + resourcePool: + description: ResourcePool is the name of the resource pool + that will be used for virtual machines. If it is not present, + a default value will be used. + type: string + required: + - coresPerSocket + - cpus + - memoryMB + - osDisk + type: object + type: object + replicas: + description: Replicas is the count of machines for this machine pool. + Replicas and autoscaling cannot be used together. Default is 1, + if autoscaling is not used. + format: int64 + type: integer + taints: + description: List of taints that will be applied to the created MachineSet's + MachineSpec. This list will overwrite any modifications made to + Node taints on an ongoing basis. In case of duplicate entries, first + encountered taint Value will be preserved, and the rest collapsed + on the corresponding MachineSets. Note that taints are uniquely + identified based on key+effect, not just key. + items: + description: The node this Taint is attached to has the "effect" + on any pod that does not tolerate the Taint. + properties: + effect: + description: Required. The effect of the taint on pods that + do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Required. The taint key to be applied to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which the taint + was added. It is only written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint key. + type: string + required: + - effect + - key + type: object + type: array + required: + - clusterDeploymentRef + - name + - platform + type: object + status: + description: MachinePoolStatus defines the observed state of MachinePool + properties: + conditions: + description: Conditions includes more detailed status for the cluster + deployment + items: + description: MachinePoolCondition contains details for the current + condition of a machine pool + properties: + lastProbeTime: + description: LastProbeTime is the last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about last transition. + type: string + reason: + description: Reason is a unique, one-word, CamelCase reason + for the condition's last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - status + - type + type: object + type: array + machineSets: + description: MachineSets is the status of the machine sets for the + machine pool on the remote cluster. + items: + description: MachineSetStatus is the status of a machineset in the + remote cluster. + properties: + errorMessage: + type: string + errorReason: + description: In the event that there is a terminal problem reconciling + the replicas, both ErrorReason and ErrorMessage will be set. + ErrorReason will be populated with a succinct value suitable + for machine interpretation, while ErrorMessage will contain + a more verbose string suitable for logging and human consumption. + type: string + maxReplicas: + description: MaxReplicas is the maximum number of replicas for + the machine set. + format: int32 + type: integer + minReplicas: + description: MinReplicas is the minimum number of replicas for + the machine set. + format: int32 + type: integer + name: + description: Name is the name of the machine set. + type: string + readyReplicas: + description: The number of ready replicas for this MachineSet. + A machine is considered ready when the node has been created + and is "Ready". It is transferred as-is from the MachineSet + from remote cluster. + format: int32 + type: integer + replicas: + description: Replicas is the current number of replicas for + the machine set. + format: int32 + type: integer + required: + - maxReplicas + - minReplicas + - name + - replicas + type: object + type: array + ownedLabels: + description: OwnedLabels lists the keys of labels this MachinePool + created on the remote MachineSet. Used to identify labels to remove + from the remote MachineSet when they are absent from the MachinePool's + spec.labels. + items: + type: string + type: array + ownedTaints: + description: OwnedTaints lists identifiers of taints this MachinePool + created on the remote MachineSet. Used to identify taints to remove + from the remote MachineSet when they are absent from the MachinePool's + spec.taints. + items: + description: TaintIdentifier uniquely identifies a Taint. (It turns + out taints are mutually exclusive by key+effect, not simply by + key.) + properties: + effect: + description: Effect matches corev1.Taint.Effect. + type: string + key: + description: Key matches corev1.Taint.Key. + type: string + type: object + type: array + replicas: + description: Replicas is the current number of replicas for the machine + pool. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} diff --git a/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_selectorsyncidentityproviders.yaml b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_selectorsyncidentityproviders.yaml new file mode 100644 index 00000000000..20badf7cc92 --- /dev/null +++ b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_selectorsyncidentityproviders.yaml @@ -0,0 +1,653 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: selectorsyncidentityproviders.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: SelectorSyncIdentityProvider + listKind: SelectorSyncIdentityProviderList + plural: selectorsyncidentityproviders + singular: selectorsyncidentityprovider + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: SelectorSyncIdentityProvider is the Schema for the SelectorSyncSet + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SelectorSyncIdentityProviderSpec defines the SyncIdentityProviderCommonSpec + to sync to ClusterDeploymentSelector indicating which clusters the SelectorSyncIdentityProvider + applies to in any namespace. + properties: + clusterDeploymentSelector: + description: ClusterDeploymentSelector is a LabelSelector indicating + which clusters the SelectorIdentityProvider applies to in any namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + identityProviders: + description: IdentityProviders is an ordered list of ways for a user + to identify themselves + items: + description: IdentityProvider provides identities for users authenticating + using credentials + properties: + basicAuth: + description: basicAuth contains configuration options for the + BasicAuth IdP + properties: + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + tlsClientCert: + description: tlsClientCert is an optional reference to a + secret by name that contains the PEM-encoded TLS client + certificate to present when connecting to the server. + The key "tls.crt" is used to locate the data. If specified + and the secret or expected key is not found, the identity + provider is not honored. If the specified certificate + data is not valid, the identity provider is not honored. + The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + tlsClientKey: + description: tlsClientKey is an optional reference to a + secret by name that contains the PEM-encoded TLS private + key for the client certificate referenced in tlsClientCert. + The key "tls.key" is used to locate the data. If specified + and the secret or expected key is not found, the identity + provider is not honored. If the specified certificate + data is not valid, the identity provider is not honored. + The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + url: + description: url is the remote URL to connect to + type: string + type: object + github: + description: github enables user authentication using GitHub + credentials + properties: + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. This can only be configured when hostname is set + to a non-empty value. The namespace for this config map + is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the + secret by name containing the oauth client secret. The + key "clientSecret" is used to locate the data. If the + secret or expected key is not found, the identity provider + is not honored. The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + hostname: + description: hostname is the optional domain (e.g. "mycompany.com") + for use with a hosted instance of GitHub Enterprise. It + must match the GitHub Enterprise settings value configured + at /setup/settings#hostname. + type: string + organizations: + description: organizations optionally restricts which organizations + are allowed to log in + items: + type: string + type: array + teams: + description: teams optionally restricts which teams are + allowed to log in. Format is /. + items: + type: string + type: array + type: object + gitlab: + description: gitlab enables user authentication using GitLab + credentials + properties: + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the + secret by name containing the oauth client secret. The + key "clientSecret" is used to locate the data. If the + secret or expected key is not found, the identity provider + is not honored. The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + url: + description: url is the oauth server base URL + type: string + type: object + google: + description: google enables user authentication using Google + credentials + properties: + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the + secret by name containing the oauth client secret. The + key "clientSecret" is used to locate the data. If the + secret or expected key is not found, the identity provider + is not honored. The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + hostedDomain: + description: hostedDomain is the optional Google App domain + (e.g. "mycompany.com") to restrict logins to + type: string + type: object + htpasswd: + description: htpasswd enables user authentication using an HTPasswd + file to validate credentials + properties: + fileData: + description: fileData is a required reference to a secret + by name containing the data to use as the htpasswd file. + The key "htpasswd" is used to locate the data. If the + secret or expected key is not found, the identity provider + is not honored. If the specified htpasswd data is not + valid, the identity provider is not honored. The namespace + for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + type: object + keystone: + description: keystone enables user authentication using keystone + password credentials + properties: + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + domainName: + description: domainName is required for keystone v3 + type: string + tlsClientCert: + description: tlsClientCert is an optional reference to a + secret by name that contains the PEM-encoded TLS client + certificate to present when connecting to the server. + The key "tls.crt" is used to locate the data. If specified + and the secret or expected key is not found, the identity + provider is not honored. If the specified certificate + data is not valid, the identity provider is not honored. + The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + tlsClientKey: + description: tlsClientKey is an optional reference to a + secret by name that contains the PEM-encoded TLS private + key for the client certificate referenced in tlsClientCert. + The key "tls.key" is used to locate the data. If specified + and the secret or expected key is not found, the identity + provider is not honored. If the specified certificate + data is not valid, the identity provider is not honored. + The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + url: + description: url is the remote URL to connect to + type: string + type: object + ldap: + description: ldap enables user authentication using LDAP credentials + properties: + attributes: + description: attributes maps LDAP attributes to identities + properties: + email: + description: email is the list of attributes whose values + should be used as the email address. Optional. If + unspecified, no email is set for the identity + items: + type: string + type: array + id: + description: id is the list of attributes whose values + should be used as the user ID. Required. First non-empty + attribute is used. At least one attribute is required. + If none of the listed attribute have a value, authentication + fails. LDAP standard identity attribute is "dn" + items: + type: string + type: array + name: + description: name is the list of attributes whose values + should be used as the display name. Optional. If unspecified, + no display name is set for the identity LDAP standard + display name attribute is "cn" + items: + type: string + type: array + preferredUsername: + description: preferredUsername is the list of attributes + whose values should be used as the preferred username. + LDAP standard login attribute is "uid" + items: + type: string + type: array + type: object + bindDN: + description: bindDN is an optional DN to bind with during + the search phase. + type: string + bindPassword: + description: bindPassword is an optional reference to a + secret by name containing a password to bind with during + the search phase. The key "bindPassword" is used to locate + the data. If specified and the secret or expected key + is not found, the identity provider is not honored. The + namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + insecure: + description: 'insecure, if true, indicates the connection + should not use TLS WARNING: Should not be set to `true` + with the URL scheme "ldaps://" as "ldaps://" URLs always + attempt to connect using TLS, even when `insecure` is + set to `true` When `true`, "ldap://" URLS connect insecurely. + When `false`, "ldap://" URLs are upgraded to a TLS connection + using StartTLS as specified in https://tools.ietf.org/html/rfc2830.' + type: boolean + url: + description: 'url is an RFC 2255 URL which specifies the + LDAP search parameters to use. The syntax of the URL is: + ldap://host:port/basedn?attribute?scope?filter' + type: string + type: object + mappingMethod: + description: mappingMethod determines how identities from this + provider are mapped to users Defaults to "claim" + type: string + name: + description: 'name is used to qualify the identities returned + by this provider. - It MUST be unique and not shared by any + other identity provider used - It MUST be a valid path segment: + name cannot equal "." or ".." or contain "/" or "%" or ":" + Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName' + type: string + openID: + description: openID enables user authentication using OpenID + credentials + properties: + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + claims: + description: claims mappings + properties: + email: + description: email is the list of claims whose values + should be used as the email address. Optional. If + unspecified, no email is set for the identity + items: + type: string + type: array + x-kubernetes-list-type: atomic + groups: + description: groups is the list of claims value of which + should be used to synchronize groups from the OIDC + provider to OpenShift for the user. If multiple claims + are specified, the first one with a non-empty value + is used. + items: + description: OpenIDClaim represents a claim retrieved + from an OpenID provider's tokens or userInfo responses + minLength: 1 + type: string + type: array + x-kubernetes-list-type: atomic + name: + description: name is the list of claims whose values + should be used as the display name. Optional. If unspecified, + no display name is set for the identity + items: + type: string + type: array + x-kubernetes-list-type: atomic + preferredUsername: + description: preferredUsername is the list of claims + whose values should be used as the preferred username. + If unspecified, the preferred username is determined + from the value of the sub claim + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the + secret by name containing the oauth client secret. The + key "clientSecret" is used to locate the data. If the + secret or expected key is not found, the identity provider + is not honored. The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + extraAuthorizeParameters: + additionalProperties: + type: string + description: extraAuthorizeParameters are any custom parameters + to add to the authorize request. + type: object + extraScopes: + description: extraScopes are any scopes to request in addition + to the standard "openid" scope. + items: + type: string + type: array + issuer: + description: issuer is the URL that the OpenID Provider + asserts as its Issuer Identifier. It must use the https + scheme with no query or fragment component. + type: string + type: object + requestHeader: + description: requestHeader enables user authentication using + request header credentials + properties: + ca: + description: ca is a required reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. Specifically, it allows verification + of incoming requests to prevent header spoofing. The key + "ca.crt" is used to locate the data. If the config map + or expected key is not found, the identity provider is + not honored. If the specified ca data is not valid, the + identity provider is not honored. The namespace for this + config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + challengeURL: + description: challengeURL is a URL to redirect unauthenticated + /authorize requests to Unauthenticated requests from OAuth + clients which expect WWW-Authenticate challenges will + be redirected here. ${url} is replaced with the current + URL, escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} + ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} + Required when challenge is set to true. + type: string + clientCommonNames: + description: clientCommonNames is an optional list of common + names to require a match from. If empty, any client certificate + validated against the clientCA bundle is considered authoritative. + items: + type: string + type: array + emailHeaders: + description: emailHeaders is the set of headers to check + for the email address + items: + type: string + type: array + headers: + description: headers is the set of headers to check for + identity information + items: + type: string + type: array + loginURL: + description: loginURL is a URL to redirect unauthenticated + /authorize requests to Unauthenticated requests from OAuth + clients which expect interactive logins will be redirected + here ${url} is replaced with the current URL, escaped + to be safe in a query parameter https://www.example.com/sso-login?then=${url} + ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} + Required when login is set to true. + type: string + nameHeaders: + description: nameHeaders is the set of headers to check + for the display name + items: + type: string + type: array + preferredUsernameHeaders: + description: preferredUsernameHeaders is the set of headers + to check for the preferred username + items: + type: string + type: array + type: object + type: + description: type identifies the identity provider type for + this entry. + type: string + type: object + type: array + required: + - identityProviders + type: object + status: + description: IdentityProviderStatus defines the observed state of SyncSet + type: object + type: object + served: true + storage: true diff --git a/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_selectorsyncsets.yaml b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_selectorsyncsets.yaml new file mode 100644 index 00000000000..452eb30abc1 --- /dev/null +++ b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_selectorsyncsets.yaml @@ -0,0 +1,204 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: selectorsyncsets.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: SelectorSyncSet + listKind: SelectorSyncSetList + plural: selectorsyncsets + shortNames: + - sss + singular: selectorsyncset + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: SelectorSyncSet is the Schema for the SelectorSyncSet API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SelectorSyncSetSpec defines the SyncSetCommonSpec resources + and patches to sync along with a ClusterDeploymentSelector indicating + which clusters the SelectorSyncSet applies to in any namespace. + properties: + applyBehavior: + description: ApplyBehavior indicates how resources in this syncset + will be applied to the target cluster. The default value of "Apply" + indicates that resources should be applied using the 'oc apply' + command. If no value is set, "Apply" is assumed. A value of "CreateOnly" + indicates that the resource will only be created if it does not + already exist in the target cluster. Otherwise, it will be left + alone. A value of "CreateOrUpdate" indicates that the resource will + be created/updated without the use of the 'oc apply' command, allowing + larger resources to be synced, but losing some functionality of + the 'oc apply' command such as the ability to remove annotations, + labels, and other map entries in general. + enum: + - "" + - Apply + - CreateOnly + - CreateOrUpdate + type: string + clusterDeploymentSelector: + description: ClusterDeploymentSelector is a LabelSelector indicating + which clusters the SelectorSyncSet applies to in any namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + patches: + description: Patches is the list of patches to apply. + items: + description: SyncObjectPatch represents a patch to be applied to + a specific object + properties: + apiVersion: + description: APIVersion is the Group and Version of the object + to be patched. + type: string + kind: + description: Kind is the Kind of the object to be patched. + type: string + name: + description: Name is the name of the object to be patched. + type: string + namespace: + description: Namespace is the Namespace in which the object + to patch exists. Defaults to the SyncSet's Namespace. + type: string + patch: + description: Patch is the patch to apply. + type: string + patchType: + description: PatchType indicates the PatchType as "strategic" + (default), "json", or "merge". + type: string + required: + - apiVersion + - kind + - name + - patch + type: object + type: array + resourceApplyMode: + description: ResourceApplyMode indicates if the Resource apply mode + is "Upsert" (default) or "Sync". ApplyMode "Upsert" indicates create + and update. ApplyMode "Sync" indicates create, update and delete. + type: string + resources: + description: Resources is the list of objects to sync from RawExtension + definitions. + items: + type: object + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + type: array + secretMappings: + description: Secrets is the list of secrets to sync along with their + respective destinations. + items: + description: SecretMapping defines a source and destination for + a secret to be synced by a SyncSet + properties: + sourceRef: + description: SourceRef specifies the name and namespace of a + secret on the management cluster + properties: + name: + description: Name is the name of the secret + type: string + namespace: + description: Namespace is the namespace where the secret + lives. If not present for the source secret reference, + it is assumed to be the same namespace as the syncset + with the reference. + type: string + required: + - name + type: object + targetRef: + description: TargetRef specifies the target name and namespace + of the secret on the target cluster + properties: + name: + description: Name is the name of the secret + type: string + namespace: + description: Namespace is the namespace where the secret + lives. If not present for the source secret reference, + it is assumed to be the same namespace as the syncset + with the reference. + type: string + required: + - name + type: object + required: + - sourceRef + - targetRef + type: object + type: array + type: object + status: + description: SelectorSyncSetStatus defines the observed state of a SelectorSyncSet + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_syncidentityproviders.yaml b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_syncidentityproviders.yaml new file mode 100644 index 00000000000..76cf151b859 --- /dev/null +++ b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_syncidentityproviders.yaml @@ -0,0 +1,624 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: syncidentityproviders.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: SyncIdentityProvider + listKind: SyncIdentityProviderList + plural: syncidentityproviders + singular: syncidentityprovider + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: SyncIdentityProvider is the Schema for the SyncIdentityProvider + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SyncIdentityProviderSpec defines the SyncIdentityProviderCommonSpec + identity providers to sync along with ClusterDeploymentRefs indicating + which clusters the SyncIdentityProvider applies to in the SyncIdentityProvider's + namespace. + properties: + clusterDeploymentRefs: + description: ClusterDeploymentRefs is the list of LocalObjectReference + indicating which clusters the SyncSet applies to in the SyncSet's + namespace. + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + identityProviders: + description: IdentityProviders is an ordered list of ways for a user + to identify themselves + items: + description: IdentityProvider provides identities for users authenticating + using credentials + properties: + basicAuth: + description: basicAuth contains configuration options for the + BasicAuth IdP + properties: + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + tlsClientCert: + description: tlsClientCert is an optional reference to a + secret by name that contains the PEM-encoded TLS client + certificate to present when connecting to the server. + The key "tls.crt" is used to locate the data. If specified + and the secret or expected key is not found, the identity + provider is not honored. If the specified certificate + data is not valid, the identity provider is not honored. + The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + tlsClientKey: + description: tlsClientKey is an optional reference to a + secret by name that contains the PEM-encoded TLS private + key for the client certificate referenced in tlsClientCert. + The key "tls.key" is used to locate the data. If specified + and the secret or expected key is not found, the identity + provider is not honored. If the specified certificate + data is not valid, the identity provider is not honored. + The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + url: + description: url is the remote URL to connect to + type: string + type: object + github: + description: github enables user authentication using GitHub + credentials + properties: + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. This can only be configured when hostname is set + to a non-empty value. The namespace for this config map + is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the + secret by name containing the oauth client secret. The + key "clientSecret" is used to locate the data. If the + secret or expected key is not found, the identity provider + is not honored. The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + hostname: + description: hostname is the optional domain (e.g. "mycompany.com") + for use with a hosted instance of GitHub Enterprise. It + must match the GitHub Enterprise settings value configured + at /setup/settings#hostname. + type: string + organizations: + description: organizations optionally restricts which organizations + are allowed to log in + items: + type: string + type: array + teams: + description: teams optionally restricts which teams are + allowed to log in. Format is /. + items: + type: string + type: array + type: object + gitlab: + description: gitlab enables user authentication using GitLab + credentials + properties: + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the + secret by name containing the oauth client secret. The + key "clientSecret" is used to locate the data. If the + secret or expected key is not found, the identity provider + is not honored. The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + url: + description: url is the oauth server base URL + type: string + type: object + google: + description: google enables user authentication using Google + credentials + properties: + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the + secret by name containing the oauth client secret. The + key "clientSecret" is used to locate the data. If the + secret or expected key is not found, the identity provider + is not honored. The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + hostedDomain: + description: hostedDomain is the optional Google App domain + (e.g. "mycompany.com") to restrict logins to + type: string + type: object + htpasswd: + description: htpasswd enables user authentication using an HTPasswd + file to validate credentials + properties: + fileData: + description: fileData is a required reference to a secret + by name containing the data to use as the htpasswd file. + The key "htpasswd" is used to locate the data. If the + secret or expected key is not found, the identity provider + is not honored. If the specified htpasswd data is not + valid, the identity provider is not honored. The namespace + for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + type: object + keystone: + description: keystone enables user authentication using keystone + password credentials + properties: + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + domainName: + description: domainName is required for keystone v3 + type: string + tlsClientCert: + description: tlsClientCert is an optional reference to a + secret by name that contains the PEM-encoded TLS client + certificate to present when connecting to the server. + The key "tls.crt" is used to locate the data. If specified + and the secret or expected key is not found, the identity + provider is not honored. If the specified certificate + data is not valid, the identity provider is not honored. + The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + tlsClientKey: + description: tlsClientKey is an optional reference to a + secret by name that contains the PEM-encoded TLS private + key for the client certificate referenced in tlsClientCert. + The key "tls.key" is used to locate the data. If specified + and the secret or expected key is not found, the identity + provider is not honored. If the specified certificate + data is not valid, the identity provider is not honored. + The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + url: + description: url is the remote URL to connect to + type: string + type: object + ldap: + description: ldap enables user authentication using LDAP credentials + properties: + attributes: + description: attributes maps LDAP attributes to identities + properties: + email: + description: email is the list of attributes whose values + should be used as the email address. Optional. If + unspecified, no email is set for the identity + items: + type: string + type: array + id: + description: id is the list of attributes whose values + should be used as the user ID. Required. First non-empty + attribute is used. At least one attribute is required. + If none of the listed attribute have a value, authentication + fails. LDAP standard identity attribute is "dn" + items: + type: string + type: array + name: + description: name is the list of attributes whose values + should be used as the display name. Optional. If unspecified, + no display name is set for the identity LDAP standard + display name attribute is "cn" + items: + type: string + type: array + preferredUsername: + description: preferredUsername is the list of attributes + whose values should be used as the preferred username. + LDAP standard login attribute is "uid" + items: + type: string + type: array + type: object + bindDN: + description: bindDN is an optional DN to bind with during + the search phase. + type: string + bindPassword: + description: bindPassword is an optional reference to a + secret by name containing a password to bind with during + the search phase. The key "bindPassword" is used to locate + the data. If specified and the secret or expected key + is not found, the identity provider is not honored. The + namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + insecure: + description: 'insecure, if true, indicates the connection + should not use TLS WARNING: Should not be set to `true` + with the URL scheme "ldaps://" as "ldaps://" URLs always + attempt to connect using TLS, even when `insecure` is + set to `true` When `true`, "ldap://" URLS connect insecurely. + When `false`, "ldap://" URLs are upgraded to a TLS connection + using StartTLS as specified in https://tools.ietf.org/html/rfc2830.' + type: boolean + url: + description: 'url is an RFC 2255 URL which specifies the + LDAP search parameters to use. The syntax of the URL is: + ldap://host:port/basedn?attribute?scope?filter' + type: string + type: object + mappingMethod: + description: mappingMethod determines how identities from this + provider are mapped to users Defaults to "claim" + type: string + name: + description: 'name is used to qualify the identities returned + by this provider. - It MUST be unique and not shared by any + other identity provider used - It MUST be a valid path segment: + name cannot equal "." or ".." or contain "/" or "%" or ":" + Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName' + type: string + openID: + description: openID enables user authentication using OpenID + credentials + properties: + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + claims: + description: claims mappings + properties: + email: + description: email is the list of claims whose values + should be used as the email address. Optional. If + unspecified, no email is set for the identity + items: + type: string + type: array + x-kubernetes-list-type: atomic + groups: + description: groups is the list of claims value of which + should be used to synchronize groups from the OIDC + provider to OpenShift for the user. If multiple claims + are specified, the first one with a non-empty value + is used. + items: + description: OpenIDClaim represents a claim retrieved + from an OpenID provider's tokens or userInfo responses + minLength: 1 + type: string + type: array + x-kubernetes-list-type: atomic + name: + description: name is the list of claims whose values + should be used as the display name. Optional. If unspecified, + no display name is set for the identity + items: + type: string + type: array + x-kubernetes-list-type: atomic + preferredUsername: + description: preferredUsername is the list of claims + whose values should be used as the preferred username. + If unspecified, the preferred username is determined + from the value of the sub claim + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the + secret by name containing the oauth client secret. The + key "clientSecret" is used to locate the data. If the + secret or expected key is not found, the identity provider + is not honored. The namespace for this secret is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + extraAuthorizeParameters: + additionalProperties: + type: string + description: extraAuthorizeParameters are any custom parameters + to add to the authorize request. + type: object + extraScopes: + description: extraScopes are any scopes to request in addition + to the standard "openid" scope. + items: + type: string + type: array + issuer: + description: issuer is the URL that the OpenID Provider + asserts as its Issuer Identifier. It must use the https + scheme with no query or fragment component. + type: string + type: object + requestHeader: + description: requestHeader enables user authentication using + request header credentials + properties: + ca: + description: ca is a required reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. Specifically, it allows verification + of incoming requests to prevent header spoofing. The key + "ca.crt" is used to locate the data. If the config map + or expected key is not found, the identity provider is + not honored. If the specified ca data is not valid, the + identity provider is not honored. The namespace for this + config map is openshift-config. + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + required: + - name + type: object + challengeURL: + description: challengeURL is a URL to redirect unauthenticated + /authorize requests to Unauthenticated requests from OAuth + clients which expect WWW-Authenticate challenges will + be redirected here. ${url} is replaced with the current + URL, escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} + ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} + Required when challenge is set to true. + type: string + clientCommonNames: + description: clientCommonNames is an optional list of common + names to require a match from. If empty, any client certificate + validated against the clientCA bundle is considered authoritative. + items: + type: string + type: array + emailHeaders: + description: emailHeaders is the set of headers to check + for the email address + items: + type: string + type: array + headers: + description: headers is the set of headers to check for + identity information + items: + type: string + type: array + loginURL: + description: loginURL is a URL to redirect unauthenticated + /authorize requests to Unauthenticated requests from OAuth + clients which expect interactive logins will be redirected + here ${url} is replaced with the current URL, escaped + to be safe in a query parameter https://www.example.com/sso-login?then=${url} + ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} + Required when login is set to true. + type: string + nameHeaders: + description: nameHeaders is the set of headers to check + for the display name + items: + type: string + type: array + preferredUsernameHeaders: + description: preferredUsernameHeaders is the set of headers + to check for the preferred username + items: + type: string + type: array + type: object + type: + description: type identifies the identity provider type for + this entry. + type: string + type: object + type: array + required: + - clusterDeploymentRefs + - identityProviders + type: object + status: + description: IdentityProviderStatus defines the observed state of SyncSet + type: object + type: object + served: true + storage: true diff --git a/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_syncsets.yaml b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_syncsets.yaml new file mode 100644 index 00000000000..ef59bb7e35b --- /dev/null +++ b/operators/hive-operator/1.2.4336-412cf72/manifests/hive.openshift.io_syncsets.yaml @@ -0,0 +1,175 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: syncsets.hive.openshift.io +spec: + group: hive.openshift.io + names: + kind: SyncSet + listKind: SyncSetList + plural: syncsets + shortNames: + - ss + singular: syncset + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: SyncSet is the Schema for the SyncSet API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SyncSetSpec defines the SyncSetCommonSpec resources and patches + to sync along with ClusterDeploymentRefs indicating which clusters the + SyncSet applies to in the SyncSet's namespace. + properties: + applyBehavior: + description: ApplyBehavior indicates how resources in this syncset + will be applied to the target cluster. The default value of "Apply" + indicates that resources should be applied using the 'oc apply' + command. If no value is set, "Apply" is assumed. A value of "CreateOnly" + indicates that the resource will only be created if it does not + already exist in the target cluster. Otherwise, it will be left + alone. A value of "CreateOrUpdate" indicates that the resource will + be created/updated without the use of the 'oc apply' command, allowing + larger resources to be synced, but losing some functionality of + the 'oc apply' command such as the ability to remove annotations, + labels, and other map entries in general. + enum: + - "" + - Apply + - CreateOnly + - CreateOrUpdate + type: string + clusterDeploymentRefs: + description: ClusterDeploymentRefs is the list of LocalObjectReference + indicating which clusters the SyncSet applies to in the SyncSet's + namespace. + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + patches: + description: Patches is the list of patches to apply. + items: + description: SyncObjectPatch represents a patch to be applied to + a specific object + properties: + apiVersion: + description: APIVersion is the Group and Version of the object + to be patched. + type: string + kind: + description: Kind is the Kind of the object to be patched. + type: string + name: + description: Name is the name of the object to be patched. + type: string + namespace: + description: Namespace is the Namespace in which the object + to patch exists. Defaults to the SyncSet's Namespace. + type: string + patch: + description: Patch is the patch to apply. + type: string + patchType: + description: PatchType indicates the PatchType as "strategic" + (default), "json", or "merge". + type: string + required: + - apiVersion + - kind + - name + - patch + type: object + type: array + resourceApplyMode: + description: ResourceApplyMode indicates if the Resource apply mode + is "Upsert" (default) or "Sync". ApplyMode "Upsert" indicates create + and update. ApplyMode "Sync" indicates create, update and delete. + type: string + resources: + description: Resources is the list of objects to sync from RawExtension + definitions. + items: + type: object + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + type: array + secretMappings: + description: Secrets is the list of secrets to sync along with their + respective destinations. + items: + description: SecretMapping defines a source and destination for + a secret to be synced by a SyncSet + properties: + sourceRef: + description: SourceRef specifies the name and namespace of a + secret on the management cluster + properties: + name: + description: Name is the name of the secret + type: string + namespace: + description: Namespace is the namespace where the secret + lives. If not present for the source secret reference, + it is assumed to be the same namespace as the syncset + with the reference. + type: string + required: + - name + type: object + targetRef: + description: TargetRef specifies the target name and namespace + of the secret on the target cluster + properties: + name: + description: Name is the name of the secret + type: string + namespace: + description: Namespace is the namespace where the secret + lives. If not present for the source secret reference, + it is assumed to be the same namespace as the syncset + with the reference. + type: string + required: + - name + type: object + required: + - sourceRef + - targetRef + type: object + type: array + required: + - clusterDeploymentRefs + type: object + status: + description: SyncSetStatus defines the observed state of a SyncSet + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4336-412cf72/manifests/hiveinternal.openshift.io_clustersyncleases.yaml b/operators/hive-operator/1.2.4336-412cf72/manifests/hiveinternal.openshift.io_clustersyncleases.yaml new file mode 100644 index 00000000000..06c1cf17b85 --- /dev/null +++ b/operators/hive-operator/1.2.4336-412cf72/manifests/hiveinternal.openshift.io_clustersyncleases.yaml @@ -0,0 +1,50 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: clustersyncleases.hiveinternal.openshift.io +spec: + group: hiveinternal.openshift.io + names: + kind: ClusterSyncLease + listKind: ClusterSyncLeaseList + plural: clustersyncleases + shortNames: + - csl + singular: clustersynclease + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterSyncLease is a record of the last time that SyncSets and + SelectorSyncSets were applied to a cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterSyncLeaseSpec is the specification of a ClusterSyncLease. + properties: + renewTime: + description: RenewTime is the time when SyncSets and SelectorSyncSets + were last applied to the cluster. + format: date-time + type: string + required: + - renewTime + type: object + type: object + served: true + storage: true diff --git a/operators/hive-operator/1.2.4336-412cf72/manifests/hiveinternal.openshift.io_clustersyncs.yaml b/operators/hive-operator/1.2.4336-412cf72/manifests/hiveinternal.openshift.io_clustersyncs.yaml new file mode 100644 index 00000000000..4ff7ba7d4f9 --- /dev/null +++ b/operators/hive-operator/1.2.4336-412cf72/manifests/hiveinternal.openshift.io_clustersyncs.yaml @@ -0,0 +1,245 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + name: clustersyncs.hiveinternal.openshift.io +spec: + group: hiveinternal.openshift.io + names: + kind: ClusterSync + listKind: ClusterSyncList + plural: clustersyncs + shortNames: + - csync + singular: clustersync + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[0].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=="Failed")].message + name: Message + priority: 1 + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterSync is the status of all of the SelectorSyncSets and + SyncSets that apply to a ClusterDeployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterSyncSpec defines the desired state of ClusterSync + type: object + status: + description: ClusterSyncStatus defines the observed state of ClusterSync + properties: + conditions: + description: Conditions is a list of conditions associated with syncing + to the cluster. + items: + description: ClusterSyncCondition contains details for the current + condition of a ClusterSync + properties: + lastProbeTime: + description: LastProbeTime is the last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about the last transition. + type: string + reason: + description: Reason is a unique, one-word, CamelCase reason + for the condition's last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - status + - type + type: object + type: array + controlledByReplica: + description: ControlledByReplica indicates which replica of the hive-clustersync + StatefulSet is responsible for (the CD related to) this clustersync. + Note that this value indicates the replica that most recently handled + the ClusterSync. If the hive-clustersync statefulset is scaled up + or down, the controlling replica can change, potentially causing + logs to be spread across multiple pods. + format: int64 + type: integer + firstSuccessTime: + description: FirstSuccessTime is the time we first successfully applied + all (selector)syncsets to a cluster. + format: date-time + type: string + selectorSyncSets: + description: SelectorSyncSets is the sync status of all of the SelectorSyncSets + for the cluster. + items: + description: SyncStatus is the status of applying a specific SyncSet + or SelectorSyncSet to the cluster. + properties: + failureMessage: + description: FailureMessage is a message describing why the + SyncSet or SelectorSyncSet could not be applied. This is only + set when Result is Failure. + type: string + firstSuccessTime: + description: FirstSuccessTime is the time when the SyncSet or + SelectorSyncSet was first successfully applied to the cluster. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the time when this status + last changed. + format: date-time + type: string + name: + description: Name is the name of the SyncSet or SelectorSyncSet. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the SyncSet + or SelectorSyncSet that was last observed. + format: int64 + type: integer + resourcesToDelete: + description: ResourcesToDelete is the list of resources in the + cluster that should be deleted when the SyncSet or SelectorSyncSet + is deleted or is no longer matched to the cluster. + items: + description: SyncResourceReference is a reference to a resource + that is synced to a cluster via a SyncSet or SelectorSyncSet. + properties: + apiVersion: + description: APIVersion is the Group and Version of the + resource. + type: string + kind: + description: Kind is the Kind of the resource. + type: string + name: + description: Name is the name of the resource. + type: string + namespace: + description: Namespace is the namespace of the resource. + type: string + required: + - apiVersion + - name + type: object + type: array + result: + description: Result is the result of the last attempt to apply + the SyncSet or SelectorSyncSet to the cluster. + enum: + - Success + - Failure + type: string + required: + - lastTransitionTime + - name + - observedGeneration + - result + type: object + type: array + syncSets: + description: SyncSets is the sync status of all of the SyncSets for + the cluster. + items: + description: SyncStatus is the status of applying a specific SyncSet + or SelectorSyncSet to the cluster. + properties: + failureMessage: + description: FailureMessage is a message describing why the + SyncSet or SelectorSyncSet could not be applied. This is only + set when Result is Failure. + type: string + firstSuccessTime: + description: FirstSuccessTime is the time when the SyncSet or + SelectorSyncSet was first successfully applied to the cluster. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the time when this status + last changed. + format: date-time + type: string + name: + description: Name is the name of the SyncSet or SelectorSyncSet. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the SyncSet + or SelectorSyncSet that was last observed. + format: int64 + type: integer + resourcesToDelete: + description: ResourcesToDelete is the list of resources in the + cluster that should be deleted when the SyncSet or SelectorSyncSet + is deleted or is no longer matched to the cluster. + items: + description: SyncResourceReference is a reference to a resource + that is synced to a cluster via a SyncSet or SelectorSyncSet. + properties: + apiVersion: + description: APIVersion is the Group and Version of the + resource. + type: string + kind: + description: Kind is the Kind of the resource. + type: string + name: + description: Name is the name of the resource. + type: string + namespace: + description: Namespace is the namespace of the resource. + type: string + required: + - apiVersion + - name + type: object + type: array + result: + description: Result is the result of the last attempt to apply + the SyncSet or SelectorSyncSet to the cluster. + enum: + - Success + - Failure + type: string + required: + - lastTransitionTime + - name + - observedGeneration + - result + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4336-412cf72/manifests/hiveinternal.openshift.io_fakeclusterinstalls.yaml b/operators/hive-operator/1.2.4336-412cf72/manifests/hiveinternal.openshift.io_fakeclusterinstalls.yaml new file mode 100644 index 00000000000..dbc94abef19 --- /dev/null +++ b/operators/hive-operator/1.2.4336-412cf72/manifests/hiveinternal.openshift.io_fakeclusterinstalls.yaml @@ -0,0 +1,184 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (devel) + creationTimestamp: null + labels: + contracts.hive.openshift.io/clusterinstall: "true" + name: fakeclusterinstalls.hiveinternal.openshift.io +spec: + group: hiveinternal.openshift.io + names: + kind: FakeClusterInstall + listKind: FakeClusterInstallList + plural: fakeclusterinstalls + singular: fakeclusterinstall + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: FakeClusterInstall represents a fake request to provision an + agent based cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FakeClusterInstallSpec defines the desired state of the FakeClusterInstall. + properties: + clusterDeploymentRef: + description: ClusterDeploymentRef is a reference to the ClusterDeployment + associated with this AgentClusterInstall. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + clusterMetadata: + description: ClusterMetadata contains metadata information about the + installed cluster. It should be populated once the cluster install + is completed. (it can be populated sooner if desired, but Hive will + not copy back to ClusterDeployment until the Installed condition + goes True. + properties: + adminKubeconfigSecretRef: + description: AdminKubeconfigSecretRef references the secret containing + the admin kubeconfig for this cluster. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + adminPasswordSecretRef: + description: AdminPasswordSecretRef references the secret containing + the admin username/password which can be used to login to this + cluster. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + clusterID: + description: ClusterID is a globally unique identifier for this + cluster generated during installation. Used for reporting metrics + among other places. + type: string + infraID: + description: InfraID is an identifier for this cluster generated + during installation and used for tagging/naming resources in + cloud providers. + type: string + platform: + description: Platform holds platform-specific cluster metadata + properties: + aws: + description: AWS holds AWS-specific cluster metadata + properties: + hostedZoneRole: + description: HostedZoneRole is the role to assume when + performing operations on a hosted zone owned by another + account. + type: string + type: object + azure: + description: Azure holds azure-specific cluster metadata + properties: + resourceGroupName: + description: ResourceGroupName is the name of the resource + group in which the cluster resources were created. + type: string + required: + - resourceGroupName + type: object + gcp: + description: GCP holds GCP-specific cluster metadata + properties: + networkProjectID: + description: NetworkProjectID is used for shared VPC setups + type: string + type: object + type: object + required: + - adminKubeconfigSecretRef + - clusterID + - infraID + type: object + imageSetRef: + description: ImageSetRef is a reference to a ClusterImageSet. The + release image specified in the ClusterImageSet will be used to install + the cluster. + properties: + name: + description: Name is the name of the ClusterImageSet that this + refers to + type: string + required: + - name + type: object + required: + - clusterDeploymentRef + - imageSetRef + type: object + status: + description: FakeClusterInstallStatus defines the observed state of the + FakeClusterInstall. + properties: + conditions: + description: Conditions includes more detailed status for the cluster + install. + items: + description: ClusterInstallCondition contains details for the current + condition of a cluster install. + properties: + lastProbeTime: + description: LastProbeTime is the last time we probed the condition. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime is the last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human-readable message indicating + details about last transition. + type: string + reason: + description: Reason is a unique, one-word, CamelCase reason + for the condition's last transition. + type: string + status: + description: Status is the status of the condition. + type: string + type: + description: Type is the type of the condition. + type: string + required: + - status + - type + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/hive-operator/1.2.4336-412cf72/metadata/annotations.yaml b/operators/hive-operator/1.2.4336-412cf72/metadata/annotations.yaml new file mode 100644 index 00000000000..24e80d98d3e --- /dev/null +++ b/operators/hive-operator/1.2.4336-412cf72/metadata/annotations.yaml @@ -0,0 +1,7 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: alpha + operators.operatorframework.io.bundle.channels.v1: alpha + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: hive-operator