diff --git a/features.md b/features.md index afa64782571..6ec11d0fffe 100644 --- a/features.md +++ b/features.md @@ -24,6 +24,7 @@ | AWSDedicatedHosts| | | Enabled | Enabled | | | Enabled | Enabled | | AWSDualStackInstall| | | Enabled | Enabled | | | Enabled | Enabled | | AWSServiceLBNetworkSecurityGroup| | | Enabled | Enabled | | | Enabled | Enabled | +| AdditionalStorageConfig| | | Enabled | Enabled | | | Enabled | Enabled | | AutomatedEtcdBackup| | | Enabled | Enabled | | | Enabled | Enabled | | AzureClusterHostedDNSInstall| | | Enabled | Enabled | | | Enabled | Enabled | | AzureDedicatedHosts| | | Enabled | Enabled | | | Enabled | Enabled | diff --git a/features/features.go b/features/features.go index 187edb0e164..38eb6805e18 100644 --- a/features/features.go +++ b/features/features.go @@ -401,6 +401,14 @@ var ( enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() + FeatureGateAdditionalStorageConfig = newFeatureGate("AdditionalStorageConfig"). + reportProblemsToJiraComponent("MachineConfigOperator"). + contactPerson("saschagrunert"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1934"). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + FeatureGateUpgradeStatus = newFeatureGate("UpgradeStatus"). reportProblemsToJiraComponent("Cluster Version Operator"). contactPerson("pmuller"). diff --git a/machineconfiguration/v1/tests/containerruntimeconfigs.machineconfiguration.openshift.io/AdditionalStorageConfig.yaml b/machineconfiguration/v1/tests/containerruntimeconfigs.machineconfiguration.openshift.io/AdditionalStorageConfig.yaml new file mode 100644 index 00000000000..eb9007176ca --- /dev/null +++ b/machineconfiguration/v1/tests/containerruntimeconfigs.machineconfiguration.openshift.io/AdditionalStorageConfig.yaml @@ -0,0 +1,248 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "ContainerRuntimeConfig" +crdName: containerruntimeconfigs.machineconfiguration.openshift.io +featureGates: +- AdditionalStorageConfig +tests: + onCreate: + # AdditionalLayerStores - comprehensive validation tests + - name: Should be able to create ContainerRuntimeConfig with multiple additionalLayerStores + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: ContainerRuntimeConfig + spec: + containerRuntimeConfig: + additionalLayerStores: + - path: /var/lib/stargz-store + - path: /mnt/nydus-store + - path: /opt/layer_store-v1.0 + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: ContainerRuntimeConfig + spec: + containerRuntimeConfig: + additionalLayerStores: + - path: /var/lib/stargz-store + - path: /mnt/nydus-store + - path: /opt/layer_store-v1.0 + + - name: Should fail if additionalLayerStores path is empty + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: ContainerRuntimeConfig + spec: + containerRuntimeConfig: + additionalLayerStores: + - path: "" + expectedError: "path in body should be at least 1 chars long" + + - name: Should fail if additionalLayerStores path is not absolute + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: ContainerRuntimeConfig + spec: + containerRuntimeConfig: + additionalLayerStores: + - path: var/lib/stargz-store + expectedError: "path must be absolute and contain only alphanumeric characters, '/', '.', '_', and '-'" + + - name: Should fail if additionalLayerStores path contains spaces + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: ContainerRuntimeConfig + spec: + containerRuntimeConfig: + additionalLayerStores: + - path: /var/lib/stargz store + expectedError: "path must be absolute and contain only alphanumeric characters, '/', '.', '_', and '-'" + + - name: Should fail if additionalLayerStores path contains invalid characters + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: ContainerRuntimeConfig + spec: + containerRuntimeConfig: + additionalLayerStores: + - path: /var/lib/stargz@store + expectedError: "path must be absolute and contain only alphanumeric characters, '/', '.', '_', and '-'" + + - name: Should fail if additionalLayerStores path is too long + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: ContainerRuntimeConfig + spec: + containerRuntimeConfig: + additionalLayerStores: + - path: /aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa + expectedError: "Too long: may not be more than 256 bytes" + + - name: Should fail if additionalLayerStores exceeds maximum of 5 items + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: ContainerRuntimeConfig + spec: + containerRuntimeConfig: + additionalLayerStores: + - path: /var/lib/store1 + - path: /var/lib/store2 + - path: /var/lib/store3 + - path: /var/lib/store4 + - path: /var/lib/store5 + - path: /var/lib/store6 + expectedError: "Too many: 6: must have at most 5 items" + + - name: Should fail if additionalLayerStores item has no path field + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: ContainerRuntimeConfig + spec: + containerRuntimeConfig: + additionalLayerStores: + - {} + expectedError: "path: Required value" + + - name: Should fail if additionalLayerStores contains duplicate paths + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: ContainerRuntimeConfig + spec: + containerRuntimeConfig: + additionalLayerStores: + - path: /var/lib/stargz-store + - path: /var/lib/stargz-store + expectedError: "additionalLayerStores must not contain duplicate paths" + + # AdditionalImageStores - test max items validation (different from layer stores) + - name: Should fail if additionalImageStores exceeds maximum of 10 items + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: ContainerRuntimeConfig + spec: + containerRuntimeConfig: + additionalImageStores: + - path: /var/lib/store1 + - path: /var/lib/store2 + - path: /var/lib/store3 + - path: /var/lib/store4 + - path: /var/lib/store5 + - path: /var/lib/store6 + - path: /var/lib/store7 + - path: /var/lib/store8 + - path: /var/lib/store9 + - path: /var/lib/store10 + - path: /var/lib/store11 + expectedError: "Too many: 11: must have at most 10 items" + + - name: Should fail if additionalImageStores path is not absolute + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: ContainerRuntimeConfig + spec: + containerRuntimeConfig: + additionalImageStores: + - path: var/lib/images + expectedError: "path must be absolute and contain only alphanumeric characters, '/', '.', '_', and '-'" + + - name: Should fail if additionalImageStores item has no path field + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: ContainerRuntimeConfig + spec: + containerRuntimeConfig: + additionalImageStores: + - {} + expectedError: "path: Required value" + + - name: Should fail if additionalImageStores contains duplicate paths + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: ContainerRuntimeConfig + spec: + containerRuntimeConfig: + additionalImageStores: + - path: /mnt/nfs-images + - path: /mnt/nfs-images + expectedError: "additionalImageStores must not contain duplicate paths" + + # AdditionalArtifactStores - test max items validation (different from layer stores) + - name: Should fail if additionalArtifactStores exceeds maximum of 10 items + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: ContainerRuntimeConfig + spec: + containerRuntimeConfig: + additionalArtifactStores: + - path: /var/lib/store1 + - path: /var/lib/store2 + - path: /var/lib/store3 + - path: /var/lib/store4 + - path: /var/lib/store5 + - path: /var/lib/store6 + - path: /var/lib/store7 + - path: /var/lib/store8 + - path: /var/lib/store9 + - path: /var/lib/store10 + - path: /var/lib/store11 + expectedError: "Too many: 11: must have at most 10 items" + + - name: Should fail if additionalArtifactStores path is not absolute + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: ContainerRuntimeConfig + spec: + containerRuntimeConfig: + additionalArtifactStores: + - path: var/lib/artifacts + expectedError: "path must be absolute and contain only alphanumeric characters, '/', '.', '_', and '-'" + + - name: Should fail if additionalArtifactStores item has no path field + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: ContainerRuntimeConfig + spec: + containerRuntimeConfig: + additionalArtifactStores: + - {} + expectedError: "path: Required value" + + - name: Should fail if additionalArtifactStores contains duplicate paths + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: ContainerRuntimeConfig + spec: + containerRuntimeConfig: + additionalArtifactStores: + - path: /mnt/ssd-artifacts + - path: /mnt/ssd-artifacts + expectedError: "additionalArtifactStores must not contain duplicate paths" + + # Combined test - all storage types together with other fields + - name: Should be able to create ContainerRuntimeConfig with all storage types and existing fields + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: ContainerRuntimeConfig + spec: + containerRuntimeConfig: + defaultRuntime: crun + logLevel: info + additionalLayerStores: + - path: /var/lib/stargz-store + additionalImageStores: + - path: /mnt/nfs-images + - path: /mnt/ssd-images + additionalArtifactStores: + - path: /mnt/ssd-artifacts + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: ContainerRuntimeConfig + spec: + containerRuntimeConfig: + defaultRuntime: crun + logLevel: info + additionalLayerStores: + - path: /var/lib/stargz-store + additionalImageStores: + - path: /mnt/nfs-images + - path: /mnt/ssd-images + additionalArtifactStores: + - path: /mnt/ssd-artifacts diff --git a/machineconfiguration/v1/types.go b/machineconfiguration/v1/types.go index 6673adeb1b2..d9dd017bf39 100644 --- a/machineconfiguration/v1/types.go +++ b/machineconfiguration/v1/types.go @@ -892,6 +892,61 @@ type ContainerRuntimeConfiguration struct { // +kubebuilder:validation:Enum=crun;runc // +optional DefaultRuntime ContainerRuntimeDefaultRuntime `json:"defaultRuntime,omitempty"` + + // additionalLayerStores configures additional layer store locations. + // + // Stores are checked in order until a layer is found. + // Maximum of 5 stores allowed. + // Each path must be unique. + // + // When omitted, no additional layer stores are configured. + // When specified, at least one store must be provided. + // + // +openshift:enable:FeatureGate=AdditionalStorageConfig + // +optional + // +listType=atomic + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=5 + // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x.path == y.path))",message="additionalLayerStores must not contain duplicate paths" + AdditionalLayerStores []AdditionalLayerStore `json:"additionalLayerStores,omitempty"` + + // additionalImageStores configures additional read-only container image store + // locations for complete Open Container Initiative (OCI) images. + // + // Images are checked in order: additional stores first, then default location. + // Stores are read-only. + // Maximum of 10 stores allowed. + // Each path must be unique. + // + // When omitted, only the default image location is used. + // When specified, at least one store must be provided. + // + // +openshift:enable:FeatureGate=AdditionalStorageConfig + // +optional + // +listType=atomic + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x.path == y.path))",message="additionalImageStores must not contain duplicate paths" + AdditionalImageStores []AdditionalImageStore `json:"additionalImageStores,omitempty"` + + // additionalArtifactStores configures additional read-only artifact storage + // locations for Open Container Initiative (OCI) artifacts. + // + // Artifacts are checked in order: additional stores first, then default location. + // Stores are read-only. + // Maximum of 10 stores allowed. + // Each path must be unique. + // + // When omitted, only the default artifact location (/var/lib/containers/storage/artifacts/) is used. + // When specified, at least one store must be provided. + // + // +openshift:enable:FeatureGate=AdditionalStorageConfig + // +optional + // +listType=atomic + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x.path == y.path))",message="additionalArtifactStores must not contain duplicate paths" + AdditionalArtifactStores []AdditionalArtifactStore `json:"additionalArtifactStores,omitempty"` } type ContainerRuntimeDefaultRuntime string @@ -904,6 +959,66 @@ const ( ContainerRuntimeDefaultRuntimeDefault = ContainerRuntimeDefaultRuntimeCrun ) +// AdditionalLayerStore defines a storage location for container image layers. +type AdditionalLayerStore struct { + // path is the absolute path to the additional layer store location. + // + // The path must exist on the node before configuration is applied. + // When a container image is requested, layers found at this location will be used instead of + // retrieving from the registry. + // + // This field is required and must: + // - Have length between 1 and 256 characters + // - Start with '/' (absolute path) + // - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters) + // + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + // +kubebuilder:validation:XValidation:rule="self.matches('^/[a-zA-Z0-9/._-]+$')",message="path must be absolute and contain only alphanumeric characters, '/', '.', '_', and '-'" + Path string `json:"path,omitempty"` +} + +// AdditionalImageStore defines an additional read-only storage location for complete container images. +type AdditionalImageStore struct { + // path is the absolute path to the additional image store location. + // + // The path must exist on the node before configuration is applied. + // When a container image is requested, images found at this location will be used instead of + // retrieving from the registry. + // + // This field is required and must: + // - Have length between 1 and 256 characters + // - Start with '/' (absolute path) + // - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters) + // + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + // +kubebuilder:validation:XValidation:rule="self.matches('^/[a-zA-Z0-9/._-]+$')",message="path must be absolute and contain only alphanumeric characters, '/', '.', '_', and '-'" + Path string `json:"path,omitempty"` +} + +// AdditionalArtifactStore defines an additional storage location for Open Container Initiative (OCI) artifacts. +type AdditionalArtifactStore struct { + // path is the absolute path to the additional artifact store location. + // + // The path must exist on the node before configuration is applied. + // When an Open Container Initiative (OCI) artifact is requested, artifacts found at this location will be used instead of + // retrieving from the registry. + // + // This field is required and must: + // - Have length between 1 and 256 characters + // - Start with '/' (absolute path) + // - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters) + // + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + // +kubebuilder:validation:XValidation:rule="self.matches('^/[a-zA-Z0-9/._-]+$')",message="path must be absolute and contain only alphanumeric characters, '/', '.', '_', and '-'" + Path string `json:"path,omitempty"` +} + // ContainerRuntimeConfigStatus defines the observed state of a ContainerRuntimeConfig type ContainerRuntimeConfigStatus struct { // observedGeneration represents the generation observed by the controller. diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-CustomNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-CustomNoUpgrade.crd.yaml new file mode 100644 index 00000000000..fed15794b44 --- /dev/null +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-CustomNoUpgrade.crd.yaml @@ -0,0 +1,331 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: CustomNoUpgrade + labels: + openshift.io/operator-managed: "" + name: containerruntimeconfigs.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: ContainerRuntimeConfig + listKind: ContainerRuntimeConfigList + plural: containerruntimeconfigs + shortNames: + - ctrcfg + singular: containerruntimeconfig + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + ContainerRuntimeConfig describes a customized Container Runtime configuration. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec contains the desired container runtime configuration. + properties: + containerRuntimeConfig: + description: containerRuntimeConfig defines the tuneables of the container + runtime. + properties: + additionalArtifactStores: + description: |- + additionalArtifactStores configures additional read-only artifact storage + locations for Open Container Initiative (OCI) artifacts. + + Artifacts are checked in order: additional stores first, then default location. + Stores are read-only. + Maximum of 10 stores allowed. + Each path must be unique. + + When omitted, only the default artifact location (/var/lib/containers/storage/artifacts/) is used. + When specified, at least one store must be provided. + items: + description: AdditionalArtifactStore defines an additional storage + location for Open Container Initiative (OCI) artifacts. + properties: + path: + description: |- + path is the absolute path to the additional artifact store location. + + The path must exist on the node before configuration is applied. + When an Open Container Initiative (OCI) artifact is requested, artifacts found at this location will be used instead of + retrieving from the registry. + + This field is required and must: + - Have length between 1 and 256 characters + - Start with '/' (absolute path) + - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters) + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + required: + - path + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalArtifactStores must not contain duplicate + paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + additionalImageStores: + description: |- + additionalImageStores configures additional read-only container image store + locations for complete Open Container Initiative (OCI) images. + + Images are checked in order: additional stores first, then default location. + Stores are read-only. + Maximum of 10 stores allowed. + Each path must be unique. + + When omitted, only the default image location is used. + When specified, at least one store must be provided. + items: + description: AdditionalImageStore defines an additional read-only + storage location for complete container images. + properties: + path: + description: |- + path is the absolute path to the additional image store location. + + The path must exist on the node before configuration is applied. + When a container image is requested, images found at this location will be used instead of + retrieving from the registry. + + This field is required and must: + - Have length between 1 and 256 characters + - Start with '/' (absolute path) + - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters) + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + required: + - path + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalImageStores must not contain duplicate paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + additionalLayerStores: + description: |- + additionalLayerStores configures additional layer store locations. + + Stores are checked in order until a layer is found. + Maximum of 5 stores allowed. + Each path must be unique. + + When omitted, no additional layer stores are configured. + When specified, at least one store must be provided. + items: + description: AdditionalLayerStore defines a storage location + for container image layers. + properties: + path: + description: |- + path is the absolute path to the additional layer store location. + + The path must exist on the node before configuration is applied. + When a container image is requested, layers found at this location will be used instead of + retrieving from the registry. + + This field is required and must: + - Have length between 1 and 256 characters + - Start with '/' (absolute path) + - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters) + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + required: + - path + type: object + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalLayerStores must not contain duplicate paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + defaultRuntime: + description: |- + defaultRuntime is the name of the OCI runtime to be used as the default for containers. + Allowed values are `runc` and `crun`. + When set to `runc`, OpenShift will use runc to execute the container + When set to `crun`, OpenShift will use crun to execute the container + When omitted, this means no opinion and the platform is left to choose a reasonable default, + which is subject to change over time. Currently, the default is `crun`. + enum: + - crun + - runc + type: string + logLevel: + description: |- + logLevel specifies the verbosity of the logs based on the level it is set to. + Options are fatal, panic, error, warn, info, and debug. + type: string + logSizeMax: + anyOf: + - type: integer + - type: string + description: |- + logSizeMax specifies the Maximum size allowed for the container log file. + Negative numbers indicate that no size limit is imposed. + If it is positive, it must be >= 8192 to match/exceed conmon's read buffer. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + overlaySize: + anyOf: + - type: integer + - type: string + description: |- + overlaySize specifies the maximum size of a container image. + This flag can be used to set quota on the size of container images. (default: 10GB) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + pidsLimit: + description: pidsLimit specifies the maximum number of processes + allowed in a container + format: int64 + type: integer + type: object + machineConfigPoolSelector: + description: |- + machineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to. + A nil selector will result in no pools being selected. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - containerRuntimeConfig + type: object + status: + description: status contains observed information about the container + runtime configuration. + properties: + conditions: + description: conditions represents the latest available observations + of current state. + items: + description: ContainerRuntimeConfigCondition defines the state of + the ContainerRuntimeConfig + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status object. + format: date-time + nullable: true + type: string + message: + description: |- + message provides additional information about the current condition. + This is only to be consumed by humans. + type: string + reason: + description: reason is the reason for the condition's last transition. Reasons + are PascalCase + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the state of the operator's reconciliation + functionality. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-Default.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-Default.crd.yaml new file mode 100644 index 00000000000..a983664180f --- /dev/null +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-Default.crd.yaml @@ -0,0 +1,197 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: Default + labels: + openshift.io/operator-managed: "" + name: containerruntimeconfigs.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: ContainerRuntimeConfig + listKind: ContainerRuntimeConfigList + plural: containerruntimeconfigs + shortNames: + - ctrcfg + singular: containerruntimeconfig + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + ContainerRuntimeConfig describes a customized Container Runtime configuration. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec contains the desired container runtime configuration. + properties: + containerRuntimeConfig: + description: containerRuntimeConfig defines the tuneables of the container + runtime. + properties: + defaultRuntime: + description: |- + defaultRuntime is the name of the OCI runtime to be used as the default for containers. + Allowed values are `runc` and `crun`. + When set to `runc`, OpenShift will use runc to execute the container + When set to `crun`, OpenShift will use crun to execute the container + When omitted, this means no opinion and the platform is left to choose a reasonable default, + which is subject to change over time. Currently, the default is `crun`. + enum: + - crun + - runc + type: string + logLevel: + description: |- + logLevel specifies the verbosity of the logs based on the level it is set to. + Options are fatal, panic, error, warn, info, and debug. + type: string + logSizeMax: + anyOf: + - type: integer + - type: string + description: |- + logSizeMax specifies the Maximum size allowed for the container log file. + Negative numbers indicate that no size limit is imposed. + If it is positive, it must be >= 8192 to match/exceed conmon's read buffer. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + overlaySize: + anyOf: + - type: integer + - type: string + description: |- + overlaySize specifies the maximum size of a container image. + This flag can be used to set quota on the size of container images. (default: 10GB) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + pidsLimit: + description: pidsLimit specifies the maximum number of processes + allowed in a container + format: int64 + type: integer + type: object + machineConfigPoolSelector: + description: |- + machineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to. + A nil selector will result in no pools being selected. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - containerRuntimeConfig + type: object + status: + description: status contains observed information about the container + runtime configuration. + properties: + conditions: + description: conditions represents the latest available observations + of current state. + items: + description: ContainerRuntimeConfigCondition defines the state of + the ContainerRuntimeConfig + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status object. + format: date-time + nullable: true + type: string + message: + description: |- + message provides additional information about the current condition. + This is only to be consumed by humans. + type: string + reason: + description: reason is the reason for the condition's last transition. Reasons + are PascalCase + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the state of the operator's reconciliation + functionality. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..d4326d05625 --- /dev/null +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,331 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + labels: + openshift.io/operator-managed: "" + name: containerruntimeconfigs.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: ContainerRuntimeConfig + listKind: ContainerRuntimeConfigList + plural: containerruntimeconfigs + shortNames: + - ctrcfg + singular: containerruntimeconfig + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + ContainerRuntimeConfig describes a customized Container Runtime configuration. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec contains the desired container runtime configuration. + properties: + containerRuntimeConfig: + description: containerRuntimeConfig defines the tuneables of the container + runtime. + properties: + additionalArtifactStores: + description: |- + additionalArtifactStores configures additional read-only artifact storage + locations for Open Container Initiative (OCI) artifacts. + + Artifacts are checked in order: additional stores first, then default location. + Stores are read-only. + Maximum of 10 stores allowed. + Each path must be unique. + + When omitted, only the default artifact location (/var/lib/containers/storage/artifacts/) is used. + When specified, at least one store must be provided. + items: + description: AdditionalArtifactStore defines an additional storage + location for Open Container Initiative (OCI) artifacts. + properties: + path: + description: |- + path is the absolute path to the additional artifact store location. + + The path must exist on the node before configuration is applied. + When an Open Container Initiative (OCI) artifact is requested, artifacts found at this location will be used instead of + retrieving from the registry. + + This field is required and must: + - Have length between 1 and 256 characters + - Start with '/' (absolute path) + - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters) + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + required: + - path + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalArtifactStores must not contain duplicate + paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + additionalImageStores: + description: |- + additionalImageStores configures additional read-only container image store + locations for complete Open Container Initiative (OCI) images. + + Images are checked in order: additional stores first, then default location. + Stores are read-only. + Maximum of 10 stores allowed. + Each path must be unique. + + When omitted, only the default image location is used. + When specified, at least one store must be provided. + items: + description: AdditionalImageStore defines an additional read-only + storage location for complete container images. + properties: + path: + description: |- + path is the absolute path to the additional image store location. + + The path must exist on the node before configuration is applied. + When a container image is requested, images found at this location will be used instead of + retrieving from the registry. + + This field is required and must: + - Have length between 1 and 256 characters + - Start with '/' (absolute path) + - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters) + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + required: + - path + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalImageStores must not contain duplicate paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + additionalLayerStores: + description: |- + additionalLayerStores configures additional layer store locations. + + Stores are checked in order until a layer is found. + Maximum of 5 stores allowed. + Each path must be unique. + + When omitted, no additional layer stores are configured. + When specified, at least one store must be provided. + items: + description: AdditionalLayerStore defines a storage location + for container image layers. + properties: + path: + description: |- + path is the absolute path to the additional layer store location. + + The path must exist on the node before configuration is applied. + When a container image is requested, layers found at this location will be used instead of + retrieving from the registry. + + This field is required and must: + - Have length between 1 and 256 characters + - Start with '/' (absolute path) + - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters) + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + required: + - path + type: object + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalLayerStores must not contain duplicate paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + defaultRuntime: + description: |- + defaultRuntime is the name of the OCI runtime to be used as the default for containers. + Allowed values are `runc` and `crun`. + When set to `runc`, OpenShift will use runc to execute the container + When set to `crun`, OpenShift will use crun to execute the container + When omitted, this means no opinion and the platform is left to choose a reasonable default, + which is subject to change over time. Currently, the default is `crun`. + enum: + - crun + - runc + type: string + logLevel: + description: |- + logLevel specifies the verbosity of the logs based on the level it is set to. + Options are fatal, panic, error, warn, info, and debug. + type: string + logSizeMax: + anyOf: + - type: integer + - type: string + description: |- + logSizeMax specifies the Maximum size allowed for the container log file. + Negative numbers indicate that no size limit is imposed. + If it is positive, it must be >= 8192 to match/exceed conmon's read buffer. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + overlaySize: + anyOf: + - type: integer + - type: string + description: |- + overlaySize specifies the maximum size of a container image. + This flag can be used to set quota on the size of container images. (default: 10GB) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + pidsLimit: + description: pidsLimit specifies the maximum number of processes + allowed in a container + format: int64 + type: integer + type: object + machineConfigPoolSelector: + description: |- + machineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to. + A nil selector will result in no pools being selected. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - containerRuntimeConfig + type: object + status: + description: status contains observed information about the container + runtime configuration. + properties: + conditions: + description: conditions represents the latest available observations + of current state. + items: + description: ContainerRuntimeConfigCondition defines the state of + the ContainerRuntimeConfig + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status object. + format: date-time + nullable: true + type: string + message: + description: |- + message provides additional information about the current condition. + This is only to be consumed by humans. + type: string + reason: + description: reason is the reason for the condition's last transition. Reasons + are PascalCase + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the state of the operator's reconciliation + functionality. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-OKD.crd.yaml similarity index 99% rename from machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs.crd.yaml rename to machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-OKD.crd.yaml index 0ef5e23370c..db82f1a1418 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-OKD.crd.yaml @@ -6,6 +6,7 @@ metadata: api.openshift.io/merged-by-featuregates: "true" include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: OKD labels: openshift.io/operator-managed: "" name: containerruntimeconfigs.machineconfiguration.openshift.io diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..0409a6c4ee3 --- /dev/null +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,331 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + labels: + openshift.io/operator-managed: "" + name: containerruntimeconfigs.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: ContainerRuntimeConfig + listKind: ContainerRuntimeConfigList + plural: containerruntimeconfigs + shortNames: + - ctrcfg + singular: containerruntimeconfig + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + ContainerRuntimeConfig describes a customized Container Runtime configuration. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec contains the desired container runtime configuration. + properties: + containerRuntimeConfig: + description: containerRuntimeConfig defines the tuneables of the container + runtime. + properties: + additionalArtifactStores: + description: |- + additionalArtifactStores configures additional read-only artifact storage + locations for Open Container Initiative (OCI) artifacts. + + Artifacts are checked in order: additional stores first, then default location. + Stores are read-only. + Maximum of 10 stores allowed. + Each path must be unique. + + When omitted, only the default artifact location (/var/lib/containers/storage/artifacts/) is used. + When specified, at least one store must be provided. + items: + description: AdditionalArtifactStore defines an additional storage + location for Open Container Initiative (OCI) artifacts. + properties: + path: + description: |- + path is the absolute path to the additional artifact store location. + + The path must exist on the node before configuration is applied. + When an Open Container Initiative (OCI) artifact is requested, artifacts found at this location will be used instead of + retrieving from the registry. + + This field is required and must: + - Have length between 1 and 256 characters + - Start with '/' (absolute path) + - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters) + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + required: + - path + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalArtifactStores must not contain duplicate + paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + additionalImageStores: + description: |- + additionalImageStores configures additional read-only container image store + locations for complete Open Container Initiative (OCI) images. + + Images are checked in order: additional stores first, then default location. + Stores are read-only. + Maximum of 10 stores allowed. + Each path must be unique. + + When omitted, only the default image location is used. + When specified, at least one store must be provided. + items: + description: AdditionalImageStore defines an additional read-only + storage location for complete container images. + properties: + path: + description: |- + path is the absolute path to the additional image store location. + + The path must exist on the node before configuration is applied. + When a container image is requested, images found at this location will be used instead of + retrieving from the registry. + + This field is required and must: + - Have length between 1 and 256 characters + - Start with '/' (absolute path) + - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters) + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + required: + - path + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalImageStores must not contain duplicate paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + additionalLayerStores: + description: |- + additionalLayerStores configures additional layer store locations. + + Stores are checked in order until a layer is found. + Maximum of 5 stores allowed. + Each path must be unique. + + When omitted, no additional layer stores are configured. + When specified, at least one store must be provided. + items: + description: AdditionalLayerStore defines a storage location + for container image layers. + properties: + path: + description: |- + path is the absolute path to the additional layer store location. + + The path must exist on the node before configuration is applied. + When a container image is requested, layers found at this location will be used instead of + retrieving from the registry. + + This field is required and must: + - Have length between 1 and 256 characters + - Start with '/' (absolute path) + - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters) + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + required: + - path + type: object + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalLayerStores must not contain duplicate paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + defaultRuntime: + description: |- + defaultRuntime is the name of the OCI runtime to be used as the default for containers. + Allowed values are `runc` and `crun`. + When set to `runc`, OpenShift will use runc to execute the container + When set to `crun`, OpenShift will use crun to execute the container + When omitted, this means no opinion and the platform is left to choose a reasonable default, + which is subject to change over time. Currently, the default is `crun`. + enum: + - crun + - runc + type: string + logLevel: + description: |- + logLevel specifies the verbosity of the logs based on the level it is set to. + Options are fatal, panic, error, warn, info, and debug. + type: string + logSizeMax: + anyOf: + - type: integer + - type: string + description: |- + logSizeMax specifies the Maximum size allowed for the container log file. + Negative numbers indicate that no size limit is imposed. + If it is positive, it must be >= 8192 to match/exceed conmon's read buffer. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + overlaySize: + anyOf: + - type: integer + - type: string + description: |- + overlaySize specifies the maximum size of a container image. + This flag can be used to set quota on the size of container images. (default: 10GB) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + pidsLimit: + description: pidsLimit specifies the maximum number of processes + allowed in a container + format: int64 + type: integer + type: object + machineConfigPoolSelector: + description: |- + machineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to. + A nil selector will result in no pools being selected. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - containerRuntimeConfig + type: object + status: + description: status contains observed information about the container + runtime configuration. + properties: + conditions: + description: conditions represents the latest available observations + of current state. + items: + description: ContainerRuntimeConfigCondition defines the state of + the ContainerRuntimeConfig + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status object. + format: date-time + nullable: true + type: string + message: + description: |- + message provides additional information about the current condition. + This is only to be consumed by humans. + type: string + reason: + description: reason is the reason for the condition's last transition. Reasons + are PascalCase + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the state of the operator's reconciliation + functionality. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/machineconfiguration/v1/zz_generated.deepcopy.go b/machineconfiguration/v1/zz_generated.deepcopy.go index 5061d8b822e..a42a2f36ed0 100644 --- a/machineconfiguration/v1/zz_generated.deepcopy.go +++ b/machineconfiguration/v1/zz_generated.deepcopy.go @@ -13,6 +13,54 @@ import ( intstr "k8s.io/apimachinery/pkg/util/intstr" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdditionalArtifactStore) DeepCopyInto(out *AdditionalArtifactStore) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdditionalArtifactStore. +func (in *AdditionalArtifactStore) DeepCopy() *AdditionalArtifactStore { + if in == nil { + return nil + } + out := new(AdditionalArtifactStore) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdditionalImageStore) DeepCopyInto(out *AdditionalImageStore) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdditionalImageStore. +func (in *AdditionalImageStore) DeepCopy() *AdditionalImageStore { + if in == nil { + return nil + } + out := new(AdditionalImageStore) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdditionalLayerStore) DeepCopyInto(out *AdditionalLayerStore) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdditionalLayerStore. +func (in *AdditionalLayerStore) DeepCopy() *AdditionalLayerStore { + if in == nil { + return nil + } + out := new(AdditionalLayerStore) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CertExpiry) DeepCopyInto(out *CertExpiry) { *out = *in @@ -178,6 +226,21 @@ func (in *ContainerRuntimeConfiguration) DeepCopyInto(out *ContainerRuntimeConfi x := (*in).DeepCopy() *out = &x } + if in.AdditionalLayerStores != nil { + in, out := &in.AdditionalLayerStores, &out.AdditionalLayerStores + *out = make([]AdditionalLayerStore, len(*in)) + copy(*out, *in) + } + if in.AdditionalImageStores != nil { + in, out := &in.AdditionalImageStores, &out.AdditionalImageStores + *out = make([]AdditionalImageStore, len(*in)) + copy(*out, *in) + } + if in.AdditionalArtifactStores != nil { + in, out := &in.AdditionalArtifactStores, &out.AdditionalArtifactStores + *out = make([]AdditionalArtifactStore, len(*in)) + copy(*out, *in) + } return } diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml index 1d96519e7e5..f82db003fc7 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml @@ -4,7 +4,8 @@ containerruntimeconfigs.machineconfiguration.openshift.io: CRDName: containerruntimeconfigs.machineconfiguration.openshift.io Capability: "" Category: "" - FeatureGates: [] + FeatureGates: + - AdditionalStorageConfig FilenameOperatorName: machine-config FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_80" diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/containerruntimeconfigs.machineconfiguration.openshift.io/AdditionalStorageConfig.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/containerruntimeconfigs.machineconfiguration.openshift.io/AdditionalStorageConfig.yaml new file mode 100644 index 00000000000..dbd221dc685 --- /dev/null +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/containerruntimeconfigs.machineconfiguration.openshift.io/AdditionalStorageConfig.yaml @@ -0,0 +1,331 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/filename-cvo-runlevel: "0000_80" + api.openshift.io/filename-operator: machine-config + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/AdditionalStorageConfig: "true" + labels: + openshift.io/operator-managed: "" + name: containerruntimeconfigs.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: ContainerRuntimeConfig + listKind: ContainerRuntimeConfigList + plural: containerruntimeconfigs + shortNames: + - ctrcfg + singular: containerruntimeconfig + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + ContainerRuntimeConfig describes a customized Container Runtime configuration. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec contains the desired container runtime configuration. + properties: + containerRuntimeConfig: + description: containerRuntimeConfig defines the tuneables of the container + runtime. + properties: + additionalArtifactStores: + description: |- + additionalArtifactStores configures additional read-only artifact storage + locations for Open Container Initiative (OCI) artifacts. + + Artifacts are checked in order: additional stores first, then default location. + Stores are read-only. + Maximum of 10 stores allowed. + Each path must be unique. + + When omitted, only the default artifact location (/var/lib/containers/storage/artifacts/) is used. + When specified, at least one store must be provided. + items: + description: AdditionalArtifactStore defines an additional storage + location for Open Container Initiative (OCI) artifacts. + properties: + path: + description: |- + path is the absolute path to the additional artifact store location. + + The path must exist on the node before configuration is applied. + When an Open Container Initiative (OCI) artifact is requested, artifacts found at this location will be used instead of + retrieving from the registry. + + This field is required and must: + - Have length between 1 and 256 characters + - Start with '/' (absolute path) + - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters) + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + required: + - path + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalArtifactStores must not contain duplicate + paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + additionalImageStores: + description: |- + additionalImageStores configures additional read-only container image store + locations for complete Open Container Initiative (OCI) images. + + Images are checked in order: additional stores first, then default location. + Stores are read-only. + Maximum of 10 stores allowed. + Each path must be unique. + + When omitted, only the default image location is used. + When specified, at least one store must be provided. + items: + description: AdditionalImageStore defines an additional read-only + storage location for complete container images. + properties: + path: + description: |- + path is the absolute path to the additional image store location. + + The path must exist on the node before configuration is applied. + When a container image is requested, images found at this location will be used instead of + retrieving from the registry. + + This field is required and must: + - Have length between 1 and 256 characters + - Start with '/' (absolute path) + - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters) + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + required: + - path + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalImageStores must not contain duplicate paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + additionalLayerStores: + description: |- + additionalLayerStores configures additional layer store locations. + + Stores are checked in order until a layer is found. + Maximum of 5 stores allowed. + Each path must be unique. + + When omitted, no additional layer stores are configured. + When specified, at least one store must be provided. + items: + description: AdditionalLayerStore defines a storage location + for container image layers. + properties: + path: + description: |- + path is the absolute path to the additional layer store location. + + The path must exist on the node before configuration is applied. + When a container image is requested, layers found at this location will be used instead of + retrieving from the registry. + + This field is required and must: + - Have length between 1 and 256 characters + - Start with '/' (absolute path) + - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters) + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + required: + - path + type: object + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalLayerStores must not contain duplicate paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + defaultRuntime: + description: |- + defaultRuntime is the name of the OCI runtime to be used as the default for containers. + Allowed values are `runc` and `crun`. + When set to `runc`, OpenShift will use runc to execute the container + When set to `crun`, OpenShift will use crun to execute the container + When omitted, this means no opinion and the platform is left to choose a reasonable default, + which is subject to change over time. Currently, the default is `crun`. + enum: + - crun + - runc + type: string + logLevel: + description: |- + logLevel specifies the verbosity of the logs based on the level it is set to. + Options are fatal, panic, error, warn, info, and debug. + type: string + logSizeMax: + anyOf: + - type: integer + - type: string + description: |- + logSizeMax specifies the Maximum size allowed for the container log file. + Negative numbers indicate that no size limit is imposed. + If it is positive, it must be >= 8192 to match/exceed conmon's read buffer. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + overlaySize: + anyOf: + - type: integer + - type: string + description: |- + overlaySize specifies the maximum size of a container image. + This flag can be used to set quota on the size of container images. (default: 10GB) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + pidsLimit: + description: pidsLimit specifies the maximum number of processes + allowed in a container + format: int64 + type: integer + type: object + machineConfigPoolSelector: + description: |- + machineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to. + A nil selector will result in no pools being selected. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - containerRuntimeConfig + type: object + status: + description: status contains observed information about the container + runtime configuration. + properties: + conditions: + description: conditions represents the latest available observations + of current state. + items: + description: ContainerRuntimeConfigCondition defines the state of + the ContainerRuntimeConfig + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status object. + format: date-time + nullable: true + type: string + message: + description: |- + message provides additional information about the current condition. + This is only to be consumed by humans. + type: string + reason: + description: reason is the reason for the condition's last transition. Reasons + are PascalCase + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the state of the operator's reconciliation + functionality. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/machineconfiguration/v1/zz_generated.swagger_doc_generated.go b/machineconfiguration/v1/zz_generated.swagger_doc_generated.go index 650fc1709da..b86257ecac0 100644 --- a/machineconfiguration/v1/zz_generated.swagger_doc_generated.go +++ b/machineconfiguration/v1/zz_generated.swagger_doc_generated.go @@ -11,6 +11,33 @@ package v1 // Those methods can be generated by using hack/update-swagger-docs.sh // AUTO-GENERATED FUNCTIONS START HERE +var map_AdditionalArtifactStore = map[string]string{ + "": "AdditionalArtifactStore defines an additional storage location for Open Container Initiative (OCI) artifacts.", + "path": "path is the absolute path to the additional artifact store location.\n\nThe path must exist on the node before configuration is applied. When an Open Container Initiative (OCI) artifact is requested, artifacts found at this location will be used instead of retrieving from the registry.\n\nThis field is required and must:\n - Have length between 1 and 256 characters\n - Start with '/' (absolute path)\n - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)", +} + +func (AdditionalArtifactStore) SwaggerDoc() map[string]string { + return map_AdditionalArtifactStore +} + +var map_AdditionalImageStore = map[string]string{ + "": "AdditionalImageStore defines an additional read-only storage location for complete container images.", + "path": "path is the absolute path to the additional image store location.\n\nThe path must exist on the node before configuration is applied. When a container image is requested, images found at this location will be used instead of retrieving from the registry.\n\nThis field is required and must:\n - Have length between 1 and 256 characters\n - Start with '/' (absolute path)\n - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)", +} + +func (AdditionalImageStore) SwaggerDoc() map[string]string { + return map_AdditionalImageStore +} + +var map_AdditionalLayerStore = map[string]string{ + "": "AdditionalLayerStore defines a storage location for container image layers.", + "path": "path is the absolute path to the additional layer store location.\n\nThe path must exist on the node before configuration is applied. When a container image is requested, layers found at this location will be used instead of retrieving from the registry.\n\nThis field is required and must:\n - Have length between 1 and 256 characters\n - Start with '/' (absolute path)\n - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters)", +} + +func (AdditionalLayerStore) SwaggerDoc() map[string]string { + return map_AdditionalLayerStore +} + var map_CertExpiry = map[string]string{ "": "ceryExpiry contains the bundle name and the expiry date", "bundle": "bundle is the name of the bundle in which the subject certificate resides", @@ -74,12 +101,15 @@ func (ContainerRuntimeConfigStatus) SwaggerDoc() map[string]string { } var map_ContainerRuntimeConfiguration = map[string]string{ - "": "ContainerRuntimeConfiguration defines the tuneables of the container runtime", - "pidsLimit": "pidsLimit specifies the maximum number of processes allowed in a container", - "logLevel": "logLevel specifies the verbosity of the logs based on the level it is set to. Options are fatal, panic, error, warn, info, and debug.", - "logSizeMax": "logSizeMax specifies the Maximum size allowed for the container log file. Negative numbers indicate that no size limit is imposed. If it is positive, it must be >= 8192 to match/exceed conmon's read buffer.", - "overlaySize": "overlaySize specifies the maximum size of a container image. This flag can be used to set quota on the size of container images. (default: 10GB)", - "defaultRuntime": "defaultRuntime is the name of the OCI runtime to be used as the default for containers. Allowed values are `runc` and `crun`. When set to `runc`, OpenShift will use runc to execute the container When set to `crun`, OpenShift will use crun to execute the container When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Currently, the default is `crun`.", + "": "ContainerRuntimeConfiguration defines the tuneables of the container runtime", + "pidsLimit": "pidsLimit specifies the maximum number of processes allowed in a container", + "logLevel": "logLevel specifies the verbosity of the logs based on the level it is set to. Options are fatal, panic, error, warn, info, and debug.", + "logSizeMax": "logSizeMax specifies the Maximum size allowed for the container log file. Negative numbers indicate that no size limit is imposed. If it is positive, it must be >= 8192 to match/exceed conmon's read buffer.", + "overlaySize": "overlaySize specifies the maximum size of a container image. This flag can be used to set quota on the size of container images. (default: 10GB)", + "defaultRuntime": "defaultRuntime is the name of the OCI runtime to be used as the default for containers. Allowed values are `runc` and `crun`. When set to `runc`, OpenShift will use runc to execute the container When set to `crun`, OpenShift will use crun to execute the container When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Currently, the default is `crun`.", + "additionalLayerStores": "additionalLayerStores configures additional layer store locations.\n\nStores are checked in order until a layer is found. Maximum of 5 stores allowed. Each path must be unique.\n\nWhen omitted, no additional layer stores are configured. When specified, at least one store must be provided.", + "additionalImageStores": "additionalImageStores configures additional read-only container image store locations for complete Open Container Initiative (OCI) images.\n\nImages are checked in order: additional stores first, then default location. Stores are read-only. Maximum of 10 stores allowed. Each path must be unique.\n\nWhen omitted, only the default image location is used. When specified, at least one store must be provided.", + "additionalArtifactStores": "additionalArtifactStores configures additional read-only artifact storage locations for Open Container Initiative (OCI) artifacts.\n\nArtifacts are checked in order: additional stores first, then default location. Stores are read-only. Maximum of 10 stores allowed. Each path must be unique.\n\nWhen omitted, only the default artifact location (/var/lib/containers/storage/artifacts/) is used. When specified, at least one store must be provided.", } func (ContainerRuntimeConfiguration) SwaggerDoc() map[string]string { diff --git a/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-CustomNoUpgrade.crd.yaml new file mode 100644 index 00000000000..fed15794b44 --- /dev/null +++ b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-CustomNoUpgrade.crd.yaml @@ -0,0 +1,331 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: CustomNoUpgrade + labels: + openshift.io/operator-managed: "" + name: containerruntimeconfigs.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: ContainerRuntimeConfig + listKind: ContainerRuntimeConfigList + plural: containerruntimeconfigs + shortNames: + - ctrcfg + singular: containerruntimeconfig + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + ContainerRuntimeConfig describes a customized Container Runtime configuration. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec contains the desired container runtime configuration. + properties: + containerRuntimeConfig: + description: containerRuntimeConfig defines the tuneables of the container + runtime. + properties: + additionalArtifactStores: + description: |- + additionalArtifactStores configures additional read-only artifact storage + locations for Open Container Initiative (OCI) artifacts. + + Artifacts are checked in order: additional stores first, then default location. + Stores are read-only. + Maximum of 10 stores allowed. + Each path must be unique. + + When omitted, only the default artifact location (/var/lib/containers/storage/artifacts/) is used. + When specified, at least one store must be provided. + items: + description: AdditionalArtifactStore defines an additional storage + location for Open Container Initiative (OCI) artifacts. + properties: + path: + description: |- + path is the absolute path to the additional artifact store location. + + The path must exist on the node before configuration is applied. + When an Open Container Initiative (OCI) artifact is requested, artifacts found at this location will be used instead of + retrieving from the registry. + + This field is required and must: + - Have length between 1 and 256 characters + - Start with '/' (absolute path) + - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters) + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + required: + - path + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalArtifactStores must not contain duplicate + paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + additionalImageStores: + description: |- + additionalImageStores configures additional read-only container image store + locations for complete Open Container Initiative (OCI) images. + + Images are checked in order: additional stores first, then default location. + Stores are read-only. + Maximum of 10 stores allowed. + Each path must be unique. + + When omitted, only the default image location is used. + When specified, at least one store must be provided. + items: + description: AdditionalImageStore defines an additional read-only + storage location for complete container images. + properties: + path: + description: |- + path is the absolute path to the additional image store location. + + The path must exist on the node before configuration is applied. + When a container image is requested, images found at this location will be used instead of + retrieving from the registry. + + This field is required and must: + - Have length between 1 and 256 characters + - Start with '/' (absolute path) + - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters) + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + required: + - path + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalImageStores must not contain duplicate paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + additionalLayerStores: + description: |- + additionalLayerStores configures additional layer store locations. + + Stores are checked in order until a layer is found. + Maximum of 5 stores allowed. + Each path must be unique. + + When omitted, no additional layer stores are configured. + When specified, at least one store must be provided. + items: + description: AdditionalLayerStore defines a storage location + for container image layers. + properties: + path: + description: |- + path is the absolute path to the additional layer store location. + + The path must exist on the node before configuration is applied. + When a container image is requested, layers found at this location will be used instead of + retrieving from the registry. + + This field is required and must: + - Have length between 1 and 256 characters + - Start with '/' (absolute path) + - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters) + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + required: + - path + type: object + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalLayerStores must not contain duplicate paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + defaultRuntime: + description: |- + defaultRuntime is the name of the OCI runtime to be used as the default for containers. + Allowed values are `runc` and `crun`. + When set to `runc`, OpenShift will use runc to execute the container + When set to `crun`, OpenShift will use crun to execute the container + When omitted, this means no opinion and the platform is left to choose a reasonable default, + which is subject to change over time. Currently, the default is `crun`. + enum: + - crun + - runc + type: string + logLevel: + description: |- + logLevel specifies the verbosity of the logs based on the level it is set to. + Options are fatal, panic, error, warn, info, and debug. + type: string + logSizeMax: + anyOf: + - type: integer + - type: string + description: |- + logSizeMax specifies the Maximum size allowed for the container log file. + Negative numbers indicate that no size limit is imposed. + If it is positive, it must be >= 8192 to match/exceed conmon's read buffer. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + overlaySize: + anyOf: + - type: integer + - type: string + description: |- + overlaySize specifies the maximum size of a container image. + This flag can be used to set quota on the size of container images. (default: 10GB) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + pidsLimit: + description: pidsLimit specifies the maximum number of processes + allowed in a container + format: int64 + type: integer + type: object + machineConfigPoolSelector: + description: |- + machineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to. + A nil selector will result in no pools being selected. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - containerRuntimeConfig + type: object + status: + description: status contains observed information about the container + runtime configuration. + properties: + conditions: + description: conditions represents the latest available observations + of current state. + items: + description: ContainerRuntimeConfigCondition defines the state of + the ContainerRuntimeConfig + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status object. + format: date-time + nullable: true + type: string + message: + description: |- + message provides additional information about the current condition. + This is only to be consumed by humans. + type: string + reason: + description: reason is the reason for the condition's last transition. Reasons + are PascalCase + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the state of the operator's reconciliation + functionality. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-Default.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-Default.crd.yaml new file mode 100644 index 00000000000..a983664180f --- /dev/null +++ b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-Default.crd.yaml @@ -0,0 +1,197 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: Default + labels: + openshift.io/operator-managed: "" + name: containerruntimeconfigs.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: ContainerRuntimeConfig + listKind: ContainerRuntimeConfigList + plural: containerruntimeconfigs + shortNames: + - ctrcfg + singular: containerruntimeconfig + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + ContainerRuntimeConfig describes a customized Container Runtime configuration. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec contains the desired container runtime configuration. + properties: + containerRuntimeConfig: + description: containerRuntimeConfig defines the tuneables of the container + runtime. + properties: + defaultRuntime: + description: |- + defaultRuntime is the name of the OCI runtime to be used as the default for containers. + Allowed values are `runc` and `crun`. + When set to `runc`, OpenShift will use runc to execute the container + When set to `crun`, OpenShift will use crun to execute the container + When omitted, this means no opinion and the platform is left to choose a reasonable default, + which is subject to change over time. Currently, the default is `crun`. + enum: + - crun + - runc + type: string + logLevel: + description: |- + logLevel specifies the verbosity of the logs based on the level it is set to. + Options are fatal, panic, error, warn, info, and debug. + type: string + logSizeMax: + anyOf: + - type: integer + - type: string + description: |- + logSizeMax specifies the Maximum size allowed for the container log file. + Negative numbers indicate that no size limit is imposed. + If it is positive, it must be >= 8192 to match/exceed conmon's read buffer. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + overlaySize: + anyOf: + - type: integer + - type: string + description: |- + overlaySize specifies the maximum size of a container image. + This flag can be used to set quota on the size of container images. (default: 10GB) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + pidsLimit: + description: pidsLimit specifies the maximum number of processes + allowed in a container + format: int64 + type: integer + type: object + machineConfigPoolSelector: + description: |- + machineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to. + A nil selector will result in no pools being selected. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - containerRuntimeConfig + type: object + status: + description: status contains observed information about the container + runtime configuration. + properties: + conditions: + description: conditions represents the latest available observations + of current state. + items: + description: ContainerRuntimeConfigCondition defines the state of + the ContainerRuntimeConfig + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status object. + format: date-time + nullable: true + type: string + message: + description: |- + message provides additional information about the current condition. + This is only to be consumed by humans. + type: string + reason: + description: reason is the reason for the condition's last transition. Reasons + are PascalCase + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the state of the operator's reconciliation + functionality. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..d4326d05625 --- /dev/null +++ b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,331 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + labels: + openshift.io/operator-managed: "" + name: containerruntimeconfigs.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: ContainerRuntimeConfig + listKind: ContainerRuntimeConfigList + plural: containerruntimeconfigs + shortNames: + - ctrcfg + singular: containerruntimeconfig + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + ContainerRuntimeConfig describes a customized Container Runtime configuration. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec contains the desired container runtime configuration. + properties: + containerRuntimeConfig: + description: containerRuntimeConfig defines the tuneables of the container + runtime. + properties: + additionalArtifactStores: + description: |- + additionalArtifactStores configures additional read-only artifact storage + locations for Open Container Initiative (OCI) artifacts. + + Artifacts are checked in order: additional stores first, then default location. + Stores are read-only. + Maximum of 10 stores allowed. + Each path must be unique. + + When omitted, only the default artifact location (/var/lib/containers/storage/artifacts/) is used. + When specified, at least one store must be provided. + items: + description: AdditionalArtifactStore defines an additional storage + location for Open Container Initiative (OCI) artifacts. + properties: + path: + description: |- + path is the absolute path to the additional artifact store location. + + The path must exist on the node before configuration is applied. + When an Open Container Initiative (OCI) artifact is requested, artifacts found at this location will be used instead of + retrieving from the registry. + + This field is required and must: + - Have length between 1 and 256 characters + - Start with '/' (absolute path) + - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters) + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + required: + - path + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalArtifactStores must not contain duplicate + paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + additionalImageStores: + description: |- + additionalImageStores configures additional read-only container image store + locations for complete Open Container Initiative (OCI) images. + + Images are checked in order: additional stores first, then default location. + Stores are read-only. + Maximum of 10 stores allowed. + Each path must be unique. + + When omitted, only the default image location is used. + When specified, at least one store must be provided. + items: + description: AdditionalImageStore defines an additional read-only + storage location for complete container images. + properties: + path: + description: |- + path is the absolute path to the additional image store location. + + The path must exist on the node before configuration is applied. + When a container image is requested, images found at this location will be used instead of + retrieving from the registry. + + This field is required and must: + - Have length between 1 and 256 characters + - Start with '/' (absolute path) + - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters) + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + required: + - path + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalImageStores must not contain duplicate paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + additionalLayerStores: + description: |- + additionalLayerStores configures additional layer store locations. + + Stores are checked in order until a layer is found. + Maximum of 5 stores allowed. + Each path must be unique. + + When omitted, no additional layer stores are configured. + When specified, at least one store must be provided. + items: + description: AdditionalLayerStore defines a storage location + for container image layers. + properties: + path: + description: |- + path is the absolute path to the additional layer store location. + + The path must exist on the node before configuration is applied. + When a container image is requested, layers found at this location will be used instead of + retrieving from the registry. + + This field is required and must: + - Have length between 1 and 256 characters + - Start with '/' (absolute path) + - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters) + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + required: + - path + type: object + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalLayerStores must not contain duplicate paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + defaultRuntime: + description: |- + defaultRuntime is the name of the OCI runtime to be used as the default for containers. + Allowed values are `runc` and `crun`. + When set to `runc`, OpenShift will use runc to execute the container + When set to `crun`, OpenShift will use crun to execute the container + When omitted, this means no opinion and the platform is left to choose a reasonable default, + which is subject to change over time. Currently, the default is `crun`. + enum: + - crun + - runc + type: string + logLevel: + description: |- + logLevel specifies the verbosity of the logs based on the level it is set to. + Options are fatal, panic, error, warn, info, and debug. + type: string + logSizeMax: + anyOf: + - type: integer + - type: string + description: |- + logSizeMax specifies the Maximum size allowed for the container log file. + Negative numbers indicate that no size limit is imposed. + If it is positive, it must be >= 8192 to match/exceed conmon's read buffer. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + overlaySize: + anyOf: + - type: integer + - type: string + description: |- + overlaySize specifies the maximum size of a container image. + This flag can be used to set quota on the size of container images. (default: 10GB) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + pidsLimit: + description: pidsLimit specifies the maximum number of processes + allowed in a container + format: int64 + type: integer + type: object + machineConfigPoolSelector: + description: |- + machineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to. + A nil selector will result in no pools being selected. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - containerRuntimeConfig + type: object + status: + description: status contains observed information about the container + runtime configuration. + properties: + conditions: + description: conditions represents the latest available observations + of current state. + items: + description: ContainerRuntimeConfigCondition defines the state of + the ContainerRuntimeConfig + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status object. + format: date-time + nullable: true + type: string + message: + description: |- + message provides additional information about the current condition. + This is only to be consumed by humans. + type: string + reason: + description: reason is the reason for the condition's last transition. Reasons + are PascalCase + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the state of the operator's reconciliation + functionality. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-OKD.crd.yaml similarity index 99% rename from payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs.crd.yaml rename to payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-OKD.crd.yaml index 0ef5e23370c..db82f1a1418 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-OKD.crd.yaml @@ -6,6 +6,7 @@ metadata: api.openshift.io/merged-by-featuregates: "true" include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: OKD labels: openshift.io/operator-managed: "" name: containerruntimeconfigs.machineconfiguration.openshift.io diff --git a/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..0409a6c4ee3 --- /dev/null +++ b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,331 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + labels: + openshift.io/operator-managed: "" + name: containerruntimeconfigs.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: ContainerRuntimeConfig + listKind: ContainerRuntimeConfigList + plural: containerruntimeconfigs + shortNames: + - ctrcfg + singular: containerruntimeconfig + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + ContainerRuntimeConfig describes a customized Container Runtime configuration. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec contains the desired container runtime configuration. + properties: + containerRuntimeConfig: + description: containerRuntimeConfig defines the tuneables of the container + runtime. + properties: + additionalArtifactStores: + description: |- + additionalArtifactStores configures additional read-only artifact storage + locations for Open Container Initiative (OCI) artifacts. + + Artifacts are checked in order: additional stores first, then default location. + Stores are read-only. + Maximum of 10 stores allowed. + Each path must be unique. + + When omitted, only the default artifact location (/var/lib/containers/storage/artifacts/) is used. + When specified, at least one store must be provided. + items: + description: AdditionalArtifactStore defines an additional storage + location for Open Container Initiative (OCI) artifacts. + properties: + path: + description: |- + path is the absolute path to the additional artifact store location. + + The path must exist on the node before configuration is applied. + When an Open Container Initiative (OCI) artifact is requested, artifacts found at this location will be used instead of + retrieving from the registry. + + This field is required and must: + - Have length between 1 and 256 characters + - Start with '/' (absolute path) + - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters) + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + required: + - path + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalArtifactStores must not contain duplicate + paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + additionalImageStores: + description: |- + additionalImageStores configures additional read-only container image store + locations for complete Open Container Initiative (OCI) images. + + Images are checked in order: additional stores first, then default location. + Stores are read-only. + Maximum of 10 stores allowed. + Each path must be unique. + + When omitted, only the default image location is used. + When specified, at least one store must be provided. + items: + description: AdditionalImageStore defines an additional read-only + storage location for complete container images. + properties: + path: + description: |- + path is the absolute path to the additional image store location. + + The path must exist on the node before configuration is applied. + When a container image is requested, images found at this location will be used instead of + retrieving from the registry. + + This field is required and must: + - Have length between 1 and 256 characters + - Start with '/' (absolute path) + - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters) + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + required: + - path + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalImageStores must not contain duplicate paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + additionalLayerStores: + description: |- + additionalLayerStores configures additional layer store locations. + + Stores are checked in order until a layer is found. + Maximum of 5 stores allowed. + Each path must be unique. + + When omitted, no additional layer stores are configured. + When specified, at least one store must be provided. + items: + description: AdditionalLayerStore defines a storage location + for container image layers. + properties: + path: + description: |- + path is the absolute path to the additional layer store location. + + The path must exist on the node before configuration is applied. + When a container image is requested, layers found at this location will be used instead of + retrieving from the registry. + + This field is required and must: + - Have length between 1 and 256 characters + - Start with '/' (absolute path) + - Contain only: a-z, A-Z, 0-9, '/', '.', '_', '-' (no spaces or special characters) + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + required: + - path + type: object + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalLayerStores must not contain duplicate paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + defaultRuntime: + description: |- + defaultRuntime is the name of the OCI runtime to be used as the default for containers. + Allowed values are `runc` and `crun`. + When set to `runc`, OpenShift will use runc to execute the container + When set to `crun`, OpenShift will use crun to execute the container + When omitted, this means no opinion and the platform is left to choose a reasonable default, + which is subject to change over time. Currently, the default is `crun`. + enum: + - crun + - runc + type: string + logLevel: + description: |- + logLevel specifies the verbosity of the logs based on the level it is set to. + Options are fatal, panic, error, warn, info, and debug. + type: string + logSizeMax: + anyOf: + - type: integer + - type: string + description: |- + logSizeMax specifies the Maximum size allowed for the container log file. + Negative numbers indicate that no size limit is imposed. + If it is positive, it must be >= 8192 to match/exceed conmon's read buffer. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + overlaySize: + anyOf: + - type: integer + - type: string + description: |- + overlaySize specifies the maximum size of a container image. + This flag can be used to set quota on the size of container images. (default: 10GB) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + pidsLimit: + description: pidsLimit specifies the maximum number of processes + allowed in a container + format: int64 + type: integer + type: object + machineConfigPoolSelector: + description: |- + machineConfigPoolSelector selects which pools the ContainerRuntimeConfig shoud apply to. + A nil selector will result in no pools being selected. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - containerRuntimeConfig + type: object + status: + description: status contains observed information about the container + runtime configuration. + properties: + conditions: + description: conditions represents the latest available observations + of current state. + items: + description: ContainerRuntimeConfigCondition defines the state of + the ContainerRuntimeConfig + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status object. + format: date-time + nullable: true + type: string + message: + description: |- + message provides additional information about the current condition. + This is only to be consumed by humans. + type: string + reason: + description: reason is the reason for the condition's last transition. Reasons + are PascalCase + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the state of the operator's reconciliation + functionality. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml b/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml index 326d875acd8..b253f70345c 100644 --- a/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml +++ b/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml @@ -27,6 +27,9 @@ { "name": "AWSServiceLBNetworkSecurityGroup" }, + { + "name": "AdditionalStorageConfig" + }, { "name": "AutomatedEtcdBackup" }, diff --git a/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml index 1897be7b3c5..bc038260f1b 100644 --- a/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml @@ -73,6 +73,9 @@ { "name": "AdditionalRoutingCapabilities" }, + { + "name": "AdditionalStorageConfig" + }, { "name": "AdminNetworkPolicy" }, diff --git a/payload-manifests/featuregates/featureGate-Hypershift-OKD.yaml b/payload-manifests/featuregates/featureGate-Hypershift-OKD.yaml index 91f2cd1e720..d4dfb51f0c2 100644 --- a/payload-manifests/featuregates/featureGate-Hypershift-OKD.yaml +++ b/payload-manifests/featuregates/featureGate-Hypershift-OKD.yaml @@ -29,6 +29,9 @@ { "name": "AWSServiceLBNetworkSecurityGroup" }, + { + "name": "AdditionalStorageConfig" + }, { "name": "AutomatedEtcdBackup" }, diff --git a/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml index 5853607c02b..07e9d3926a3 100644 --- a/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml @@ -100,6 +100,9 @@ { "name": "AdditionalRoutingCapabilities" }, + { + "name": "AdditionalStorageConfig" + }, { "name": "AdminNetworkPolicy" }, diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml index 43c5affe7e2..ef4e9d440b5 100644 --- a/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml +++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml @@ -27,6 +27,9 @@ { "name": "AWSServiceLBNetworkSecurityGroup" }, + { + "name": "AdditionalStorageConfig" + }, { "name": "AutomatedEtcdBackup" }, diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml index e9d704c6a35..3d048c6f497 100644 --- a/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml @@ -55,6 +55,9 @@ { "name": "AdditionalRoutingCapabilities" }, + { + "name": "AdditionalStorageConfig" + }, { "name": "AdminNetworkPolicy" }, diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-OKD.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-OKD.yaml index 9c72a8df94f..7a80e110eff 100644 --- a/payload-manifests/featuregates/featureGate-SelfManagedHA-OKD.yaml +++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-OKD.yaml @@ -29,6 +29,9 @@ { "name": "AWSServiceLBNetworkSecurityGroup" }, + { + "name": "AdditionalStorageConfig" + }, { "name": "AutomatedEtcdBackup" }, diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml index f3a7e2c225a..3715f9f20d9 100644 --- a/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml @@ -82,6 +82,9 @@ { "name": "AdditionalRoutingCapabilities" }, + { + "name": "AdditionalStorageConfig" + }, { "name": "AdminNetworkPolicy" },