From 34bd8a5d606ea39cf84b79e0b2df3db754bab051 Mon Sep 17 00:00:00 2001 From: VaishnaviHire Date: Mon, 16 Sep 2024 12:43:56 -0400 Subject: [PATCH] Update manifests for 2.14 --- Makefile | 2 +- ...er.opendatahub.io_datascienceclusters.yaml | 333 +++++---- ...ion.opendatahub.io_dscinitializations.yaml | 174 ++--- ...atures.opendatahub.io_featuretrackers.yaml | 44 +- .../rhods-operator.clusterserviceversion.yaml | 642 ++++++++++++++++- ...er.opendatahub.io_datascienceclusters.yaml | 334 +++++---- ...ion.opendatahub.io_dscinitializations.yaml | 175 ++--- ...atures.opendatahub.io_featuretrackers.yaml | 45 +- .../external/route.openshift.io_routes.yaml | 486 +++++++------ .../external/user.openshift.io_groups.yaml | 27 +- .../user.openshift.io_identities.yaml | 80 +-- ...ser.openshift.io_useridentitymappings.yaml | 105 ++- .../crd/external/user.openshift.io_users.yaml | 43 +- config/rbac/role.yaml | 646 +++++++++++++++++- get_all_manifests.sh | 26 +- 15 files changed, 2137 insertions(+), 1025 deletions(-) diff --git a/Makefile b/Makefile index 8480a284036..eeaa787efcd 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ # To re-generate a bundle for another specific version without changing the standard setup, you can: # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) # - use environment variables to overwrite this value (e.g export VERSION=0.0.2) -VERSION ?= 2.12.0 +VERSION ?= 2.14.0 # IMAGE_TAG_BASE defines the opendatahub.io namespace and part of the image name for remote images. # This variable is used to construct full image tags for bundle and catalog images. # diff --git a/bundle/manifests/datasciencecluster.opendatahub.io_datascienceclusters.yaml b/bundle/manifests/datasciencecluster.opendatahub.io_datascienceclusters.yaml index 170e103a5b5..6972bf35135 100644 --- a/bundle/manifests/datasciencecluster.opendatahub.io_datascienceclusters.yaml +++ b/bundle/manifests/datasciencecluster.opendatahub.io_datascienceclusters.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: datascienceclusters.datasciencecluster.opendatahub.io spec: @@ -23,19 +23,14 @@ spec: API. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -46,9 +41,9 @@ spec: description: Override and fine tune specific component configurations. properties: codeflare: - description: |- - CodeFlare component configuration. - If CodeFlare Operator has been installed in the cluster, it should be uninstalled first before enabled component. + description: CodeFlare component configuration. If CodeFlare Operator + has been installed in the cluster, it should be uninstalled + first before enabled component. properties: devFlags: description: Add developer fields @@ -79,14 +74,12 @@ spec: type: array type: object managementState: - description: |- - Set to one of the following values: - - - "Managed" : the operator is actively managing the component and trying to keep it active. - It will only upgrade the component if it is safe to do so - - - "Removed" : the operator is actively managing the component and will not install it, - or if it is installed, the operator will try to remove it + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" enum: - Managed - Removed @@ -125,14 +118,12 @@ spec: type: array type: object managementState: - description: |- - Set to one of the following values: - - - "Managed" : the operator is actively managing the component and trying to keep it active. - It will only upgrade the component if it is safe to do so - - - "Removed" : the operator is actively managing the component and will not install it, - or if it is installed, the operator will try to remove it + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" enum: - Managed - Removed @@ -140,9 +131,8 @@ spec: type: string type: object datasciencepipelines: - description: |- - DataServicePipeline component configuration. - Require OpenShift Pipelines Operator to be installed before enable component + description: DataServicePipeline component configuration. Require + OpenShift Pipelines Operator to be installed before enable component properties: devFlags: description: Add developer fields @@ -173,14 +163,12 @@ spec: type: array type: object managementState: - description: |- - Set to one of the following values: - - - "Managed" : the operator is actively managing the component and trying to keep it active. - It will only upgrade the component if it is safe to do so - - - "Removed" : the operator is actively managing the component and will not install it, - or if it is installed, the operator will try to remove it + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" enum: - Managed - Removed @@ -188,16 +176,18 @@ spec: type: string type: object kserve: - description: |- - Kserve component configuration. - Require OpenShift Serverless and OpenShift Service Mesh Operators to be installed before enable component - Does not support enabled ModelMeshServing at the same time + description: Kserve component configuration. Require OpenShift + Serverless and OpenShift Service Mesh Operators to be installed + before enable component Does not support enabled ModelMeshServing + at the same time properties: defaultDeploymentMode: - description: |- - Configures the default deployment mode for Kserve. This can be set to 'Serverless' or 'RawDeployment'. - The value specified in this field will be used to set the default deployment mode in the 'inferenceservice-config' configmap for Kserve. - This field is optional. If no default deployment mode is specified, Kserve will use Serverless mode. + description: Configures the default deployment mode for Kserve. + This can be set to 'Serverless' or 'RawDeployment'. The + value specified in this field will be used to set the default + deployment mode in the 'inferenceservice-config' configmap + for Kserve. This field is optional. If no default deployment + mode is specified, Kserve will use Serverless mode. enum: - Serverless - RawDeployment @@ -232,47 +222,48 @@ spec: type: array type: object managementState: - description: |- - Set to one of the following values: - - - "Managed" : the operator is actively managing the component and trying to keep it active. - It will only upgrade the component if it is safe to do so - - - "Removed" : the operator is actively managing the component and will not install it, - or if it is installed, the operator will try to remove it + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" enum: - Managed - Removed pattern: ^(Managed|Unmanaged|Force|Removed)$ type: string serving: - description: |- - Serving configures the KNative-Serving stack used for model serving. A Service - Mesh (Istio) is prerequisite, since it is used as networking layer. + description: Serving configures the KNative-Serving stack + used for model serving. A Service Mesh (Istio) is prerequisite, + since it is used as networking layer. properties: ingressGateway: - description: |- - IngressGateway allows to customize some parameters for the Istio Ingress Gateway - that is bound to KNative-Serving. + description: IngressGateway allows to customize some parameters + for the Istio Ingress Gateway that is bound to KNative-Serving. properties: certificate: - description: |- - Certificate specifies configuration of the TLS certificate securing communication - for the gateway. + description: Certificate specifies configuration of + the TLS certificate securing communication for the + gateway. properties: secretName: - description: |- - SecretName specifies the name of the Kubernetes Secret resource that contains a - TLS certificate secure HTTP communications for the KNative network. + description: SecretName specifies the name of + the Kubernetes Secret resource that contains + a TLS certificate secure HTTP communications + for the KNative network. type: string type: default: OpenshiftDefaultIngress - description: |- - Type specifies if the TLS certificate should be generated automatically, or if the certificate - is provided by the user. Allowed values are: - * SelfSigned: A certificate is going to be generated using an own private key. - * Provided: Pre-existence of the TLS Secret (see SecretName) with a valid certificate is assumed. - * OpenshiftDefaultIngress: Default ingress certificate configured for OpenShift + description: 'Type specifies if the TLS certificate + should be generated automatically, or if the + certificate is provided by the user. Allowed + values are: * SelfSigned: A certificate is going + to be generated using an own private key. * + Provided: Pre-existence of the TLS Secret (see + SecretName) with a valid certificate is assumed. + * OpenshiftDefaultIngress: Default ingress certificate + configured for OpenShift' enum: - SelfSigned - Provided @@ -280,11 +271,12 @@ spec: type: string type: object domain: - description: |- - Domain specifies the host name for intercepting incoming requests. - Most likely, you will want to use a wildcard name, like *.example.com. - If not set, the domain of the OpenShift Ingress is used. - If you choose to generate a certificate, this is the domain used for the certificate request. + description: Domain specifies the host name for intercepting + incoming requests. Most likely, you will want to + use a wildcard name, like *.example.com. If not + set, the domain of the OpenShift Ingress is used. + If you choose to generate a certificate, this is + the domain used for the certificate request. type: string type: object managementState: @@ -297,9 +289,9 @@ spec: type: string name: default: knative-serving - description: |- - Name specifies the name of the KNativeServing resource that is going to be - created to instruct the KNative Operator to deploy KNative serving components. + description: Name specifies the name of the KNativeServing + resource that is going to be created to instruct the + KNative Operator to deploy KNative serving components. This resource is created in the "knative-serving" namespace. type: string type: object @@ -336,14 +328,12 @@ spec: type: array type: object managementState: - description: |- - Set to one of the following values: - - - "Managed" : the operator is actively managing the component and trying to keep it active. - It will only upgrade the component if it is safe to do so - - - "Removed" : the operator is actively managing the component and will not install it, - or if it is installed, the operator will try to remove it + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" enum: - Managed - Removed @@ -351,9 +341,8 @@ spec: type: string type: object modelmeshserving: - description: |- - ModelMeshServing component configuration. - Does not support enabled Kserve at the same time + description: ModelMeshServing component configuration. Does not + support enabled Kserve at the same time properties: devFlags: description: Add developer fields @@ -384,14 +373,12 @@ spec: type: array type: object managementState: - description: |- - Set to one of the following values: - - - "Managed" : the operator is actively managing the component and trying to keep it active. - It will only upgrade the component if it is safe to do so - - - "Removed" : the operator is actively managing the component and will not install it, - or if it is installed, the operator will try to remove it + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" enum: - Managed - Removed @@ -430,14 +417,12 @@ spec: type: array type: object managementState: - description: |- - Set to one of the following values: - - - "Managed" : the operator is actively managing the component and trying to keep it active. - It will only upgrade the component if it is safe to do so - - - "Removed" : the operator is actively managing the component and will not install it, - or if it is installed, the operator will try to remove it + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" enum: - Managed - Removed @@ -476,14 +461,12 @@ spec: type: array type: object managementState: - description: |- - Set to one of the following values: - - - "Managed" : the operator is actively managing the component and trying to keep it active. - It will only upgrade the component if it is safe to do so - - - "Removed" : the operator is actively managing the component and will not install it, - or if it is installed, the operator will try to remove it + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" enum: - Managed - Removed @@ -522,14 +505,12 @@ spec: type: array type: object managementState: - description: |- - Set to one of the following values: - - - "Managed" : the operator is actively managing the component and trying to keep it active. - It will only upgrade the component if it is safe to do so - - - "Removed" : the operator is actively managing the component and will not install it, - or if it is installed, the operator will try to remove it + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" enum: - Managed - Removed @@ -568,14 +549,12 @@ spec: type: array type: object managementState: - description: |- - Set to one of the following values: - - - "Managed" : the operator is actively managing the component and trying to keep it active. - It will only upgrade the component if it is safe to do so - - - "Removed" : the operator is actively managing the component and will not install it, - or if it is installed, the operator will try to remove it + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" enum: - Managed - Removed @@ -591,9 +570,8 @@ spec: description: Conditions describes the state of the DataScienceCluster resource. items: - description: |- - Condition represents the state of the operator's - reconciliation functionality. + description: Condition represents the state of the operator's reconciliation + functionality. properties: lastHeartbeatTime: format: date-time @@ -624,55 +602,72 @@ spec: description: List of components with status if installed or not type: object phase: - description: |- - Phase describes the Phase of DataScienceCluster reconciliation state - This is used by OLM UI to provide status information to the user + description: Phase describes the Phase of DataScienceCluster reconciliation + state This is used by OLM UI to provide status information to the + user type: string relatedObjects: - description: |- - RelatedObjects is a list of objects created and maintained by this operator. - Object references will be added to this list after they have been created AND found in the cluster. + description: RelatedObjects is a list of objects created and maintained + by this operator. Object references will be added to this list after + they have been created AND found in the cluster. items: - description: ObjectReference contains enough information to let - you inspect or modify the referred object. + description: "ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many fields + which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. Invalid + usage help. It is impossible to add specific help for individual + usage. In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which + makes it hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual struct + is irrelevant. 5. We cannot easily change it. Because this type + is embedded in many locations, updates to this type will affect + numerous schemas. Don't make new APIs embed an underspecified + API type they do not control. \n Instead of using this type, create + a locally provided and used type that is well-focused on your + reference. For example, ServiceReferences for admission registration: + https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." properties: apiVersion: description: API version of the referent. type: string fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' type: string kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' type: string uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object x-kubernetes-map-type: atomic diff --git a/bundle/manifests/dscinitialization.opendatahub.io_dscinitializations.yaml b/bundle/manifests/dscinitialization.opendatahub.io_dscinitializations.yaml index 7ab80a3d8ac..79f74ab8124 100644 --- a/bundle/manifests/dscinitialization.opendatahub.io_dscinitializations.yaml +++ b/bundle/manifests/dscinitialization.opendatahub.io_dscinitializations.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: dscinitializations.dscinitialization.opendatahub.io spec: @@ -33,19 +33,14 @@ spec: description: DSCInitialization is the Schema for the dscinitializations API. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -61,8 +56,7 @@ spec: - message: ApplicationsNamespace is immutable rule: self == oldSelf devFlags: - description: |- - Internal development useful field to test customizations. + description: Internal development useful field to test customizations. This is not recommended to be used in production environment. properties: logmode: @@ -81,12 +75,12 @@ spec: description: Enable monitoring on specified namespace properties: managementState: - description: |- - Set to one of the following values: - - "Managed" : the operator is actively managing the component and trying to keep it active. - It will only upgrade the component if it is safe to do so. - - "Removed" : the operator is actively managing the component and will not install it, - or if it is installed, the operator will try to remove it. + description: 'Set to one of the following values: - "Managed" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if it + is safe to do so. - "Removed" : the operator is actively managing + the component and will not install it, or if it is installed, + the operator will try to remove it.' enum: - Managed - Removed @@ -98,34 +92,33 @@ spec: type: string type: object serviceMesh: - description: |- - Configures Service Mesh as networking layer for Data Science Clusters components. - The Service Mesh is a mandatory prerequisite for single model serving (KServe) and - you should review this configuration if you are planning to use KServe. - For other components, it enhances user experience; e.g. it provides unified - authentication giving a Single Sign On experience. + description: Configures Service Mesh as networking layer for Data + Science Clusters components. The Service Mesh is a mandatory prerequisite + for single model serving (KServe) and you should review this configuration + if you are planning to use KServe. For other components, it enhances + user experience; e.g. it provides unified authentication giving + a Single Sign On experience. properties: auth: - description: |- - Auth holds configuration of authentication and authorization services - used by Service Mesh in Opendatahub. + description: Auth holds configuration of authentication and authorization + services used by Service Mesh in Opendatahub. properties: audiences: default: - https://kubernetes.default.svc - description: |- - Audiences is a list of the identifiers that the resource server presented - with the token identifies as. Audience-aware token authenticators will verify - that the token was intended for at least one of the audiences in this list. - If no audiences are provided, the audience will default to the audience of the - Kubernetes apiserver (kubernetes.default.svc). + description: Audiences is a list of the identifiers that the + resource server presented with the token identifies as. + Audience-aware token authenticators will verify that the + token was intended for at least one of the audiences in + this list. If no audiences are provided, the audience will + default to the audience of the Kubernetes apiserver (kubernetes.default.svc). items: type: string type: array namespace: - description: |- - Namespace where it is deployed. If not provided, the default is to - use '-auth-provider' suffix on the ApplicationsNamespace of the DSCI. + description: Namespace where it is deployed. If not provided, + the default is to use '-auth-provider' suffix on the ApplicationsNamespace + of the DSCI. type: string type: object controlPlane: @@ -134,10 +127,10 @@ spec: properties: metricsCollection: default: Istio - description: |- - MetricsCollection specifies if metrics from components on the Mesh namespace - should be collected. Setting the value to "Istio" will collect metrics from the - control plane and any proxies on the Mesh namespace (like gateway pods). Setting + description: MetricsCollection specifies if metrics from components + on the Mesh namespace should be collected. Setting the value + to "Istio" will collect metrics from the control plane and + any proxies on the Mesh namespace (like gateway pods). Setting to "None" will disable metrics collection. enum: - Istio @@ -164,17 +157,17 @@ spec: type: string type: object trustedCABundle: - description: |- - When set to `Managed`, adds odh-trusted-ca-bundle Configmap to all namespaces that includes - cluster-wide Trusted CA Bundle in .data["ca-bundle.crt"]. - Additionally, this fields allows admins to add custom CA bundles to the configmap using the .CustomCABundle field. + description: When set to `Managed`, adds odh-trusted-ca-bundle Configmap + to all namespaces that includes cluster-wide Trusted CA Bundle in + .data["ca-bundle.crt"]. Additionally, this fields allows admins + to add custom CA bundles to the configmap using the .CustomCABundle + field. properties: customCABundle: default: "" - description: |- - A custom CA bundle that will be available for all components in the - Data Science Cluster(DSC). This bundle will be stored in odh-trusted-ca-bundle - ConfigMap .data.odh-ca-bundle.crt . + description: A custom CA bundle that will be available for all components + in the Data Science Cluster(DSC). This bundle will be stored + in odh-trusted-ca-bundle ConfigMap .data.odh-ca-bundle.crt . type: string managementState: default: Removed @@ -200,9 +193,8 @@ spec: description: Conditions describes the state of the DSCInitializationStatus resource items: - description: |- - Condition represents the state of the operator's - reconciliation functionality. + description: Condition represents the state of the operator's reconciliation + functionality. properties: lastHeartbeatTime: format: date-time @@ -228,55 +220,71 @@ spec: errorMessage: type: string phase: - description: |- - Phase describes the Phase of DSCInitializationStatus + description: Phase describes the Phase of DSCInitializationStatus This is used by OLM UI to provide status information to the user type: string relatedObjects: - description: |- - RelatedObjects is a list of objects created and maintained by this operator. - Object references will be added to this list after they have been created AND found in the cluster + description: RelatedObjects is a list of objects created and maintained + by this operator. Object references will be added to this list after + they have been created AND found in the cluster items: - description: ObjectReference contains enough information to let - you inspect or modify the referred object. + description: "ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many fields + which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. Invalid + usage help. It is impossible to add specific help for individual + usage. In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which + makes it hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual struct + is irrelevant. 5. We cannot easily change it. Because this type + is embedded in many locations, updates to this type will affect + numerous schemas. Don't make new APIs embed an underspecified + API type they do not control. \n Instead of using this type, create + a locally provided and used type that is well-focused on your + reference. For example, ServiceReferences for admission registration: + https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." properties: apiVersion: description: API version of the referent. type: string fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' type: string kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' type: string uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object x-kubernetes-map-type: atomic diff --git a/bundle/manifests/features.opendatahub.io_featuretrackers.yaml b/bundle/manifests/features.opendatahub.io_featuretrackers.yaml index 7feb376897e..7ffc31f992b 100644 --- a/bundle/manifests/features.opendatahub.io_featuretrackers.yaml +++ b/bundle/manifests/features.opendatahub.io_featuretrackers.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: featuretrackers.features.opendatahub.io spec: @@ -17,29 +17,24 @@ spec: - name: v1 schema: openAPIV3Schema: - description: |- - FeatureTracker represents a cluster-scoped resource in the Data Science Cluster, - specifically designed for monitoring and managing objects created via the internal Features API. - This resource serves a crucial role in cross-namespace resource management, acting as - an owner reference for various resources. The primary purpose of the FeatureTracker - is to enable efficient garbage collection by Kubernetes. This is essential for - ensuring that resources are automatically cleaned up and reclaimed when they are + description: FeatureTracker represents a cluster-scoped resource in the Data + Science Cluster, specifically designed for monitoring and managing objects + created via the internal Features API. This resource serves a crucial role + in cross-namespace resource management, acting as an owner reference for + various resources. The primary purpose of the FeatureTracker is to enable + efficient garbage collection by Kubernetes. This is essential for ensuring + that resources are automatically cleaned up and reclaimed when they are no longer required. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -63,9 +58,8 @@ spec: properties: conditions: items: - description: |- - Condition represents the state of the operator's - reconciliation functionality. + description: Condition represents the state of the operator's reconciliation + functionality. properties: lastHeartbeatTime: format: date-time @@ -89,9 +83,9 @@ spec: type: object type: array phase: - description: |- - Phase describes the Phase of FeatureTracker reconciliation state. - This is used by OLM UI to provide status information to the user. + description: Phase describes the Phase of FeatureTracker reconciliation + state. This is used by OLM UI to provide status information to the + user. type: string type: object type: object diff --git a/bundle/manifests/rhods-operator.clusterserviceversion.yaml b/bundle/manifests/rhods-operator.clusterserviceversion.yaml index 5f334201a7b..8580c6b2fec 100644 --- a/bundle/manifests/rhods-operator.clusterserviceversion.yaml +++ b/bundle/manifests/rhods-operator.clusterserviceversion.yaml @@ -99,7 +99,7 @@ metadata: categories: AI/Machine Learning, Big Data certified: "False" containerImage: quay.io/opendatahub/opendatahub-operator:v2.0.0 - createdAt: "2024-08-01T14:26:51Z" + createdAt: "2024-09-16T16:41:56Z" features.operators.openshift.io/disconnected: "true" features.operators.openshift.io/fips-compliant: "false" features.operators.openshift.io/proxy-aware: "false" @@ -169,7 +169,7 @@ metadata: operators.operatorframework.io/builder: operator-sdk-v1.31.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/red-hat-data-services/rhods-operator - name: rhods-operator.v2.12.0 + name: rhods-operator.v2.14.0 namespace: placeholder spec: apiservicedefinitions: {} @@ -264,7 +264,17 @@ spec: - '*' resources: - deployments + verbs: + - '*' + - apiGroups: + - '*' + resources: - replicasets + verbs: + - '*' + - apiGroups: + - '*' + resources: - services verbs: - '*' @@ -290,6 +300,17 @@ spec: - admissionregistration.k8s.io resources: - mutatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - admissionregistration.k8s.io + resources: - validatingwebhookconfigurations verbs: - create @@ -326,8 +347,23 @@ spec: - apps resources: - deployments + verbs: + - '*' + - apiGroups: + - apps + resources: - deployments/finalizers + verbs: + - '*' + - apiGroups: + - apps + resources: - replicasets + verbs: + - '*' + - apiGroups: + - apps + resources: - statefulsets verbs: - '*' @@ -359,11 +395,25 @@ spec: - get - apiGroups: - authorization.openshift.io - - rbac.authorization.k8s.io resources: - clusterrolebindings + verbs: + - '*' + - apiGroups: + - authorization.openshift.io + resources: - clusterroles + verbs: + - '*' + - apiGroups: + - authorization.openshift.io + resources: - rolebindings + verbs: + - '*' + - apiGroups: + - authorization.openshift.io + resources: - roles verbs: - '*' @@ -381,9 +431,16 @@ spec: - watch - apiGroups: - autoscaling.openshift.io - - machine.openshift.io resources: - machineautoscalers + verbs: + - delete + - get + - list + - patch + - apiGroups: + - autoscaling.openshift.io + resources: - machinesets verbs: - delete @@ -394,7 +451,6 @@ spec: - batch resources: - cronjobs - - jobs/status verbs: - create - delete @@ -409,11 +465,43 @@ spec: - jobs verbs: - '*' + - apiGroups: + - batch + resources: + - jobs/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - build.openshift.io resources: - buildconfigs + verbs: + - create + - delete + - get + - list + - patch + - watch + - apiGroups: + - build.openshift.io + resources: - buildconfigs/instantiate + verbs: + - create + - delete + - get + - list + - patch + - watch + - apiGroups: + - build.openshift.io + resources: - builds verbs: - create @@ -488,7 +576,6 @@ spec: - "" resources: - clusterversions - - rhmis verbs: - get - list @@ -497,12 +584,6 @@ spec: - "" resources: - configmaps - - events - - namespaces - - secrets - - secrets/finalizers - - serviceaccounts - - services/finalizers verbs: - create - delete @@ -524,29 +605,122 @@ spec: - "" resources: - deployments + verbs: + - '*' + - apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - namespaces/finalizers + verbs: + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: - persistentvolumeclaims + verbs: + - '*' + - apiGroups: + - "" + resources: - persistentvolumes + verbs: + - '*' + - apiGroups: + - "" + resources: - pods + verbs: + - '*' + - apiGroups: + - "" + resources: - pods/exec + verbs: + - '*' + - apiGroups: + - "" + resources: - pods/log verbs: - '*' - apiGroups: - "" resources: - - endpoints + - rhmis + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets verbs: - create - delete - get - list + - patch - update - watch - apiGroups: - "" resources: - - namespaces/finalizers + - secrets/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - serviceaccounts verbs: + - create - delete - get - list @@ -566,6 +740,18 @@ spec: - patch - update - watch + - apiGroups: + - "" + resources: + - services/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - custom.tekton.dev resources: @@ -576,7 +762,25 @@ spec: - dashboard.opendatahub.io resources: - acceleratorprofiles + verbs: + - create + - delete + - get + - list + - patch + - apiGroups: + - dashboard.opendatahub.io + resources: - odhapplications + verbs: + - create + - delete + - get + - list + - patch + - apiGroups: + - dashboard.opendatahub.io + resources: - odhdocuments verbs: - create @@ -627,6 +831,13 @@ spec: - datasciencepipelinesapplications.opendatahub.io resources: - datasciencepipelinesapplications/finalizers + verbs: + - get + - patch + - update + - apiGroups: + - datasciencepipelinesapplications.opendatahub.io + resources: - datasciencepipelinesapplications/status verbs: - get @@ -648,6 +859,14 @@ spec: - dscinitialization.opendatahub.io resources: - dscinitializations/finalizers + verbs: + - delete + - get + - patch + - update + - apiGroups: + - dscinitialization.opendatahub.io + resources: - dscinitializations/status verbs: - delete @@ -668,7 +887,6 @@ spec: - extensions resources: - deployments - - replicasets verbs: - '*' - apiGroups: @@ -681,6 +899,12 @@ spec: - list - patch - watch + - apiGroups: + - extensions + resources: + - replicasets + verbs: + - '*' - apiGroups: - features.opendatahub.io resources: @@ -718,6 +942,11 @@ spec: - image.openshift.io resources: - imagestreamtags + verbs: + - get + - apiGroups: + - image.openshift.io + resources: - registry/metrics verbs: - get @@ -732,7 +961,25 @@ spec: - patch - watch - apiGroups: - - machinelearning.seldon.io + - machine.openshift.io + resources: + - machineautoscalers + verbs: + - delete + - get + - list + - patch + - apiGroups: + - machine.openshift.io + resources: + - machinesets + verbs: + - delete + - get + - list + - patch + - apiGroups: + - machinelearning.seldon.io resources: - seldondeployments verbs: @@ -741,8 +988,41 @@ spec: - maistra.io resources: - servicemeshcontrolplanes + verbs: + - create + - get + - list + - patch + - update + - use + - watch + - apiGroups: + - maistra.io + resources: - servicemeshmemberrolls + verbs: + - create + - get + - list + - patch + - update + - use + - watch + - apiGroups: + - maistra.io + resources: - servicemeshmembers + verbs: + - create + - get + - list + - patch + - update + - use + - watch + - apiGroups: + - maistra.io + resources: - servicemeshmembers/finalizers verbs: - create @@ -756,17 +1036,36 @@ spec: - monitoring.coreos.com resources: - alertmanagerconfigs + verbs: + - create + - delete + - deletecollection + - get + - patch + - apiGroups: + - monitoring.coreos.com + resources: - alertmanagers + verbs: + - create + - delete + - deletecollection + - get + - patch + - apiGroups: + - monitoring.coreos.com + resources: - alertmanagers/finalizers + verbs: + - create + - delete + - deletecollection + - get + - patch + - apiGroups: + - monitoring.coreos.com + resources: - alertmanagers/status - - probes - - prometheuses - - prometheuses/finalizers - - prometheuses/status - - prometheusrules - - thanosrulers - - thanosrulers/finalizers - - thanosrulers/status verbs: - create - delete @@ -785,6 +1084,56 @@ spec: - patch - update - watch + - apiGroups: + - monitoring.coreos.com + resources: + - probes + verbs: + - create + - delete + - deletecollection + - get + - patch + - apiGroups: + - monitoring.coreos.com + resources: + - prometheuses + verbs: + - create + - delete + - deletecollection + - get + - patch + - apiGroups: + - monitoring.coreos.com + resources: + - prometheuses/finalizers + verbs: + - create + - delete + - deletecollection + - get + - patch + - apiGroups: + - monitoring.coreos.com + resources: + - prometheuses/status + verbs: + - create + - delete + - deletecollection + - get + - patch + - apiGroups: + - monitoring.coreos.com + resources: + - prometheusrules + verbs: + - create + - delete + - deletecollection + - get + - patch - apiGroups: - monitoring.coreos.com resources: @@ -798,11 +1147,51 @@ spec: - patch - update - watch + - apiGroups: + - monitoring.coreos.com + resources: + - thanosrulers + verbs: + - create + - delete + - deletecollection + - get + - patch + - apiGroups: + - monitoring.coreos.com + resources: + - thanosrulers/finalizers + verbs: + - create + - delete + - deletecollection + - get + - patch + - apiGroups: + - monitoring.coreos.com + resources: + - thanosrulers/status + verbs: + - create + - delete + - deletecollection + - get + - patch - apiGroups: - networking.istio.io resources: - envoyfilters + verbs: + - '*' + - apiGroups: + - networking.istio.io + resources: - gateways + verbs: + - '*' + - apiGroups: + - networking.istio.io + resources: - virtualservices verbs: - '*' @@ -831,6 +1220,17 @@ spec: - networking.k8s.io resources: - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.k8s.io + resources: - networkpolicies verbs: - create @@ -900,7 +1300,6 @@ spec: - operators.coreos.com resources: - catalogsources - - operatorconditions verbs: - get - list @@ -924,6 +1323,14 @@ spec: - delete - get - patch + - apiGroups: + - operators.coreos.com + resources: + - operatorconditions + verbs: + - get + - list + - watch - apiGroups: - operators.coreos.com resources: @@ -947,6 +1354,17 @@ spec: - ray.io resources: - rayjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ray.io + resources: - rayservices verbs: - create @@ -956,10 +1374,39 @@ spec: - patch - update - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - '*' - apiGroups: - route.openshift.io resources: - routers/federate + verbs: + - get + - apiGroups: + - route.openshift.io + resources: - routers/metrics verbs: - get @@ -1007,6 +1454,17 @@ spec: - serving.knative.dev resources: - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.knative.dev + resources: - services/finalizers verbs: - create @@ -1029,13 +1487,72 @@ spec: - serving.kserve.io resources: - clusterservingruntimes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: - clusterservingruntimes/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - clusterservingruntimes/status + verbs: + - delete + - get + - patch + - update + - apiGroups: + - serving.kserve.io + resources: - inferencegraphs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - inferencegraphs/status + verbs: + - delete + - get + - patch + - update + - apiGroups: + - serving.kserve.io + resources: - inferenceservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: - inferenceservices/finalizers - - predictors - - servingruntimes/finalizers - - trainedmodels verbs: - create - delete @@ -1047,31 +1564,88 @@ spec: - apiGroups: - serving.kserve.io resources: - - clusterservingruntimes/status - - inferencegraphs/status - inferenceservices/status - - predictors/status - - trainedmodels/status verbs: - delete - get - patch - update + - apiGroups: + - serving.kserve.io + resources: + - predictors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - serving.kserve.io resources: - predictors/finalizers - - servingruntimes/status verbs: - get - patch - update + - apiGroups: + - serving.kserve.io + resources: + - predictors/status + verbs: + - delete + - get + - patch + - update - apiGroups: - serving.kserve.io resources: - servingruntimes verbs: - '*' + - apiGroups: + - serving.kserve.io + resources: + - servingruntimes/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - servingruntimes/status + verbs: + - get + - patch + - update + - apiGroups: + - serving.kserve.io + resources: + - trainedmodels + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - trainedmodels/status + verbs: + - delete + - get + - patch + - update - apiGroups: - snapshot.storage.k8s.io resources: @@ -1217,7 +1791,7 @@ spec: minKubeVersion: 1.25.0 provider: name: Red Hat - version: 2.12.0 + version: 2.14.0 webhookdefinitions: - admissionReviewVersions: - v1 diff --git a/config/crd/bases/datasciencecluster.opendatahub.io_datascienceclusters.yaml b/config/crd/bases/datasciencecluster.opendatahub.io_datascienceclusters.yaml index 4590dcfe9d1..601118bb015 100644 --- a/config/crd/bases/datasciencecluster.opendatahub.io_datascienceclusters.yaml +++ b/config/crd/bases/datasciencecluster.opendatahub.io_datascienceclusters.yaml @@ -3,7 +3,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null name: datascienceclusters.datasciencecluster.opendatahub.io spec: group: datasciencecluster.opendatahub.io @@ -23,19 +24,14 @@ spec: API. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -46,9 +42,9 @@ spec: description: Override and fine tune specific component configurations. properties: codeflare: - description: |- - CodeFlare component configuration. - If CodeFlare Operator has been installed in the cluster, it should be uninstalled first before enabled component. + description: CodeFlare component configuration. If CodeFlare Operator + has been installed in the cluster, it should be uninstalled + first before enabled component. properties: devFlags: description: Add developer fields @@ -79,14 +75,12 @@ spec: type: array type: object managementState: - description: |- - Set to one of the following values: - - - "Managed" : the operator is actively managing the component and trying to keep it active. - It will only upgrade the component if it is safe to do so - - - "Removed" : the operator is actively managing the component and will not install it, - or if it is installed, the operator will try to remove it + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" enum: - Managed - Removed @@ -125,14 +119,12 @@ spec: type: array type: object managementState: - description: |- - Set to one of the following values: - - - "Managed" : the operator is actively managing the component and trying to keep it active. - It will only upgrade the component if it is safe to do so - - - "Removed" : the operator is actively managing the component and will not install it, - or if it is installed, the operator will try to remove it + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" enum: - Managed - Removed @@ -140,9 +132,8 @@ spec: type: string type: object datasciencepipelines: - description: |- - DataServicePipeline component configuration. - Require OpenShift Pipelines Operator to be installed before enable component + description: DataServicePipeline component configuration. Require + OpenShift Pipelines Operator to be installed before enable component properties: devFlags: description: Add developer fields @@ -173,14 +164,12 @@ spec: type: array type: object managementState: - description: |- - Set to one of the following values: - - - "Managed" : the operator is actively managing the component and trying to keep it active. - It will only upgrade the component if it is safe to do so - - - "Removed" : the operator is actively managing the component and will not install it, - or if it is installed, the operator will try to remove it + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" enum: - Managed - Removed @@ -188,16 +177,18 @@ spec: type: string type: object kserve: - description: |- - Kserve component configuration. - Require OpenShift Serverless and OpenShift Service Mesh Operators to be installed before enable component - Does not support enabled ModelMeshServing at the same time + description: Kserve component configuration. Require OpenShift + Serverless and OpenShift Service Mesh Operators to be installed + before enable component Does not support enabled ModelMeshServing + at the same time properties: defaultDeploymentMode: - description: |- - Configures the default deployment mode for Kserve. This can be set to 'Serverless' or 'RawDeployment'. - The value specified in this field will be used to set the default deployment mode in the 'inferenceservice-config' configmap for Kserve. - This field is optional. If no default deployment mode is specified, Kserve will use Serverless mode. + description: Configures the default deployment mode for Kserve. + This can be set to 'Serverless' or 'RawDeployment'. The + value specified in this field will be used to set the default + deployment mode in the 'inferenceservice-config' configmap + for Kserve. This field is optional. If no default deployment + mode is specified, Kserve will use Serverless mode. enum: - Serverless - RawDeployment @@ -232,47 +223,48 @@ spec: type: array type: object managementState: - description: |- - Set to one of the following values: - - - "Managed" : the operator is actively managing the component and trying to keep it active. - It will only upgrade the component if it is safe to do so - - - "Removed" : the operator is actively managing the component and will not install it, - or if it is installed, the operator will try to remove it + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" enum: - Managed - Removed pattern: ^(Managed|Unmanaged|Force|Removed)$ type: string serving: - description: |- - Serving configures the KNative-Serving stack used for model serving. A Service - Mesh (Istio) is prerequisite, since it is used as networking layer. + description: Serving configures the KNative-Serving stack + used for model serving. A Service Mesh (Istio) is prerequisite, + since it is used as networking layer. properties: ingressGateway: - description: |- - IngressGateway allows to customize some parameters for the Istio Ingress Gateway - that is bound to KNative-Serving. + description: IngressGateway allows to customize some parameters + for the Istio Ingress Gateway that is bound to KNative-Serving. properties: certificate: - description: |- - Certificate specifies configuration of the TLS certificate securing communication - for the gateway. + description: Certificate specifies configuration of + the TLS certificate securing communication for the + gateway. properties: secretName: - description: |- - SecretName specifies the name of the Kubernetes Secret resource that contains a - TLS certificate secure HTTP communications for the KNative network. + description: SecretName specifies the name of + the Kubernetes Secret resource that contains + a TLS certificate secure HTTP communications + for the KNative network. type: string type: default: OpenshiftDefaultIngress - description: |- - Type specifies if the TLS certificate should be generated automatically, or if the certificate - is provided by the user. Allowed values are: - * SelfSigned: A certificate is going to be generated using an own private key. - * Provided: Pre-existence of the TLS Secret (see SecretName) with a valid certificate is assumed. - * OpenshiftDefaultIngress: Default ingress certificate configured for OpenShift + description: 'Type specifies if the TLS certificate + should be generated automatically, or if the + certificate is provided by the user. Allowed + values are: * SelfSigned: A certificate is going + to be generated using an own private key. * + Provided: Pre-existence of the TLS Secret (see + SecretName) with a valid certificate is assumed. + * OpenshiftDefaultIngress: Default ingress certificate + configured for OpenShift' enum: - SelfSigned - Provided @@ -280,11 +272,12 @@ spec: type: string type: object domain: - description: |- - Domain specifies the host name for intercepting incoming requests. - Most likely, you will want to use a wildcard name, like *.example.com. - If not set, the domain of the OpenShift Ingress is used. - If you choose to generate a certificate, this is the domain used for the certificate request. + description: Domain specifies the host name for intercepting + incoming requests. Most likely, you will want to + use a wildcard name, like *.example.com. If not + set, the domain of the OpenShift Ingress is used. + If you choose to generate a certificate, this is + the domain used for the certificate request. type: string type: object managementState: @@ -297,9 +290,9 @@ spec: type: string name: default: knative-serving - description: |- - Name specifies the name of the KNativeServing resource that is going to be - created to instruct the KNative Operator to deploy KNative serving components. + description: Name specifies the name of the KNativeServing + resource that is going to be created to instruct the + KNative Operator to deploy KNative serving components. This resource is created in the "knative-serving" namespace. type: string type: object @@ -336,14 +329,12 @@ spec: type: array type: object managementState: - description: |- - Set to one of the following values: - - - "Managed" : the operator is actively managing the component and trying to keep it active. - It will only upgrade the component if it is safe to do so - - - "Removed" : the operator is actively managing the component and will not install it, - or if it is installed, the operator will try to remove it + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" enum: - Managed - Removed @@ -351,9 +342,8 @@ spec: type: string type: object modelmeshserving: - description: |- - ModelMeshServing component configuration. - Does not support enabled Kserve at the same time + description: ModelMeshServing component configuration. Does not + support enabled Kserve at the same time properties: devFlags: description: Add developer fields @@ -384,14 +374,12 @@ spec: type: array type: object managementState: - description: |- - Set to one of the following values: - - - "Managed" : the operator is actively managing the component and trying to keep it active. - It will only upgrade the component if it is safe to do so - - - "Removed" : the operator is actively managing the component and will not install it, - or if it is installed, the operator will try to remove it + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" enum: - Managed - Removed @@ -430,14 +418,12 @@ spec: type: array type: object managementState: - description: |- - Set to one of the following values: - - - "Managed" : the operator is actively managing the component and trying to keep it active. - It will only upgrade the component if it is safe to do so - - - "Removed" : the operator is actively managing the component and will not install it, - or if it is installed, the operator will try to remove it + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" enum: - Managed - Removed @@ -476,14 +462,12 @@ spec: type: array type: object managementState: - description: |- - Set to one of the following values: - - - "Managed" : the operator is actively managing the component and trying to keep it active. - It will only upgrade the component if it is safe to do so - - - "Removed" : the operator is actively managing the component and will not install it, - or if it is installed, the operator will try to remove it + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" enum: - Managed - Removed @@ -522,14 +506,12 @@ spec: type: array type: object managementState: - description: |- - Set to one of the following values: - - - "Managed" : the operator is actively managing the component and trying to keep it active. - It will only upgrade the component if it is safe to do so - - - "Removed" : the operator is actively managing the component and will not install it, - or if it is installed, the operator will try to remove it + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" enum: - Managed - Removed @@ -568,14 +550,12 @@ spec: type: array type: object managementState: - description: |- - Set to one of the following values: - - - "Managed" : the operator is actively managing the component and trying to keep it active. - It will only upgrade the component if it is safe to do so - - - "Removed" : the operator is actively managing the component and will not install it, - or if it is installed, the operator will try to remove it + description: "Set to one of the following values: \n - \"Managed\" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if + it is safe to do so \n - \"Removed\" : the operator is actively + managing the component and will not install it, or if it + is installed, the operator will try to remove it" enum: - Managed - Removed @@ -591,9 +571,8 @@ spec: description: Conditions describes the state of the DataScienceCluster resource. items: - description: |- - Condition represents the state of the operator's - reconciliation functionality. + description: Condition represents the state of the operator's reconciliation + functionality. properties: lastHeartbeatTime: format: date-time @@ -624,55 +603,72 @@ spec: description: List of components with status if installed or not type: object phase: - description: |- - Phase describes the Phase of DataScienceCluster reconciliation state - This is used by OLM UI to provide status information to the user + description: Phase describes the Phase of DataScienceCluster reconciliation + state This is used by OLM UI to provide status information to the + user type: string relatedObjects: - description: |- - RelatedObjects is a list of objects created and maintained by this operator. - Object references will be added to this list after they have been created AND found in the cluster. + description: RelatedObjects is a list of objects created and maintained + by this operator. Object references will be added to this list after + they have been created AND found in the cluster. items: - description: ObjectReference contains enough information to let - you inspect or modify the referred object. + description: "ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many fields + which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. Invalid + usage help. It is impossible to add specific help for individual + usage. In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which + makes it hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual struct + is irrelevant. 5. We cannot easily change it. Because this type + is embedded in many locations, updates to this type will affect + numerous schemas. Don't make new APIs embed an underspecified + API type they do not control. \n Instead of using this type, create + a locally provided and used type that is well-focused on your + reference. For example, ServiceReferences for admission registration: + https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." properties: apiVersion: description: API version of the referent. type: string fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' type: string kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' type: string uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object x-kubernetes-map-type: atomic diff --git a/config/crd/bases/dscinitialization.opendatahub.io_dscinitializations.yaml b/config/crd/bases/dscinitialization.opendatahub.io_dscinitializations.yaml index fae3c846fda..fe49f577929 100644 --- a/config/crd/bases/dscinitialization.opendatahub.io_dscinitializations.yaml +++ b/config/crd/bases/dscinitialization.opendatahub.io_dscinitializations.yaml @@ -3,7 +3,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null name: dscinitializations.dscinitialization.opendatahub.io spec: group: dscinitialization.opendatahub.io @@ -33,19 +34,14 @@ spec: description: DSCInitialization is the Schema for the dscinitializations API. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -61,8 +57,7 @@ spec: - message: ApplicationsNamespace is immutable rule: self == oldSelf devFlags: - description: |- - Internal development useful field to test customizations. + description: Internal development useful field to test customizations. This is not recommended to be used in production environment. properties: logmode: @@ -81,12 +76,12 @@ spec: description: Enable monitoring on specified namespace properties: managementState: - description: |- - Set to one of the following values: - - "Managed" : the operator is actively managing the component and trying to keep it active. - It will only upgrade the component if it is safe to do so. - - "Removed" : the operator is actively managing the component and will not install it, - or if it is installed, the operator will try to remove it. + description: 'Set to one of the following values: - "Managed" + : the operator is actively managing the component and trying + to keep it active. It will only upgrade the component if it + is safe to do so. - "Removed" : the operator is actively managing + the component and will not install it, or if it is installed, + the operator will try to remove it.' enum: - Managed - Removed @@ -98,34 +93,33 @@ spec: type: string type: object serviceMesh: - description: |- - Configures Service Mesh as networking layer for Data Science Clusters components. - The Service Mesh is a mandatory prerequisite for single model serving (KServe) and - you should review this configuration if you are planning to use KServe. - For other components, it enhances user experience; e.g. it provides unified - authentication giving a Single Sign On experience. + description: Configures Service Mesh as networking layer for Data + Science Clusters components. The Service Mesh is a mandatory prerequisite + for single model serving (KServe) and you should review this configuration + if you are planning to use KServe. For other components, it enhances + user experience; e.g. it provides unified authentication giving + a Single Sign On experience. properties: auth: - description: |- - Auth holds configuration of authentication and authorization services - used by Service Mesh in Opendatahub. + description: Auth holds configuration of authentication and authorization + services used by Service Mesh in Opendatahub. properties: audiences: default: - https://kubernetes.default.svc - description: |- - Audiences is a list of the identifiers that the resource server presented - with the token identifies as. Audience-aware token authenticators will verify - that the token was intended for at least one of the audiences in this list. - If no audiences are provided, the audience will default to the audience of the - Kubernetes apiserver (kubernetes.default.svc). + description: Audiences is a list of the identifiers that the + resource server presented with the token identifies as. + Audience-aware token authenticators will verify that the + token was intended for at least one of the audiences in + this list. If no audiences are provided, the audience will + default to the audience of the Kubernetes apiserver (kubernetes.default.svc). items: type: string type: array namespace: - description: |- - Namespace where it is deployed. If not provided, the default is to - use '-auth-provider' suffix on the ApplicationsNamespace of the DSCI. + description: Namespace where it is deployed. If not provided, + the default is to use '-auth-provider' suffix on the ApplicationsNamespace + of the DSCI. type: string type: object controlPlane: @@ -134,10 +128,10 @@ spec: properties: metricsCollection: default: Istio - description: |- - MetricsCollection specifies if metrics from components on the Mesh namespace - should be collected. Setting the value to "Istio" will collect metrics from the - control plane and any proxies on the Mesh namespace (like gateway pods). Setting + description: MetricsCollection specifies if metrics from components + on the Mesh namespace should be collected. Setting the value + to "Istio" will collect metrics from the control plane and + any proxies on the Mesh namespace (like gateway pods). Setting to "None" will disable metrics collection. enum: - Istio @@ -164,17 +158,17 @@ spec: type: string type: object trustedCABundle: - description: |- - When set to `Managed`, adds odh-trusted-ca-bundle Configmap to all namespaces that includes - cluster-wide Trusted CA Bundle in .data["ca-bundle.crt"]. - Additionally, this fields allows admins to add custom CA bundles to the configmap using the .CustomCABundle field. + description: When set to `Managed`, adds odh-trusted-ca-bundle Configmap + to all namespaces that includes cluster-wide Trusted CA Bundle in + .data["ca-bundle.crt"]. Additionally, this fields allows admins + to add custom CA bundles to the configmap using the .CustomCABundle + field. properties: customCABundle: default: "" - description: |- - A custom CA bundle that will be available for all components in the - Data Science Cluster(DSC). This bundle will be stored in odh-trusted-ca-bundle - ConfigMap .data.odh-ca-bundle.crt . + description: A custom CA bundle that will be available for all components + in the Data Science Cluster(DSC). This bundle will be stored + in odh-trusted-ca-bundle ConfigMap .data.odh-ca-bundle.crt . type: string managementState: default: Removed @@ -200,9 +194,8 @@ spec: description: Conditions describes the state of the DSCInitializationStatus resource items: - description: |- - Condition represents the state of the operator's - reconciliation functionality. + description: Condition represents the state of the operator's reconciliation + functionality. properties: lastHeartbeatTime: format: date-time @@ -228,55 +221,71 @@ spec: errorMessage: type: string phase: - description: |- - Phase describes the Phase of DSCInitializationStatus + description: Phase describes the Phase of DSCInitializationStatus This is used by OLM UI to provide status information to the user type: string relatedObjects: - description: |- - RelatedObjects is a list of objects created and maintained by this operator. - Object references will be added to this list after they have been created AND found in the cluster + description: RelatedObjects is a list of objects created and maintained + by this operator. Object references will be added to this list after + they have been created AND found in the cluster items: - description: ObjectReference contains enough information to let - you inspect or modify the referred object. + description: "ObjectReference contains enough information to let + you inspect or modify the referred object. --- New uses of this + type are discouraged because of difficulty describing its usage + when embedded in APIs. 1. Ignored fields. It includes many fields + which are not generally honored. For instance, ResourceVersion + and FieldPath are both very rarely valid in actual usage. 2. Invalid + usage help. It is impossible to add specific help for individual + usage. In most embedded usages, there are particular restrictions + like, \"must refer only to types A and B\" or \"UID not honored\" + or \"name must be restricted\". Those cannot be well described + when embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, which + makes it hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency is + on the group,resource tuple and the version of the actual struct + is irrelevant. 5. We cannot easily change it. Because this type + is embedded in many locations, updates to this type will affect + numerous schemas. Don't make new APIs embed an underspecified + API type they do not control. \n Instead of using this type, create + a locally provided and used type that is well-focused on your + reference. For example, ServiceReferences for admission registration: + https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." properties: apiVersion: description: API version of the referent. type: string fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' type: string kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' type: string uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object x-kubernetes-map-type: atomic diff --git a/config/crd/bases/features.opendatahub.io_featuretrackers.yaml b/config/crd/bases/features.opendatahub.io_featuretrackers.yaml index c0110c7f757..93c3eff33b5 100644 --- a/config/crd/bases/features.opendatahub.io_featuretrackers.yaml +++ b/config/crd/bases/features.opendatahub.io_featuretrackers.yaml @@ -3,7 +3,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null name: featuretrackers.features.opendatahub.io spec: group: features.opendatahub.io @@ -17,29 +18,24 @@ spec: - name: v1 schema: openAPIV3Schema: - description: |- - FeatureTracker represents a cluster-scoped resource in the Data Science Cluster, - specifically designed for monitoring and managing objects created via the internal Features API. - This resource serves a crucial role in cross-namespace resource management, acting as - an owner reference for various resources. The primary purpose of the FeatureTracker - is to enable efficient garbage collection by Kubernetes. This is essential for - ensuring that resources are automatically cleaned up and reclaimed when they are + description: FeatureTracker represents a cluster-scoped resource in the Data + Science Cluster, specifically designed for monitoring and managing objects + created via the internal Features API. This resource serves a crucial role + in cross-namespace resource management, acting as an owner reference for + various resources. The primary purpose of the FeatureTracker is to enable + efficient garbage collection by Kubernetes. This is essential for ensuring + that resources are automatically cleaned up and reclaimed when they are no longer required. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -63,9 +59,8 @@ spec: properties: conditions: items: - description: |- - Condition represents the state of the operator's - reconciliation functionality. + description: Condition represents the state of the operator's reconciliation + functionality. properties: lastHeartbeatTime: format: date-time @@ -89,9 +84,9 @@ spec: type: object type: array phase: - description: |- - Phase describes the Phase of FeatureTracker reconciliation state. - This is used by OLM UI to provide status information to the user. + description: Phase describes the Phase of FeatureTracker reconciliation + state. This is used by OLM UI to provide status information to the + user. type: string type: object type: object diff --git a/config/crd/external/route.openshift.io_routes.yaml b/config/crd/external/route.openshift.io_routes.yaml index 61f3c3b0b9b..2a2f92b027f 100644 --- a/config/crd/external/route.openshift.io_routes.yaml +++ b/config/crd/external/route.openshift.io_routes.yaml @@ -3,7 +3,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null name: routes.route.openshift.io spec: group: route.openshift.io @@ -17,49 +18,38 @@ spec: - name: v1 schema: openAPIV3Schema: - description: |- - A route allows developers to expose services through an HTTP(S) aware load balancing and proxy - layer via a public DNS entry. The route may further specify TLS options and a certificate, or - specify a public CNAME that the router should also accept for HTTP and HTTPS traffic. An - administrator typically configures their router to be visible outside the cluster firewall, and - may also add additional security, caching, or traffic controls on the service content. Routers - usually talk directly to the service endpoints. - - Once a route is created, the `host` field may not be changed. Generally, routers use the oldest - route with a given host when resolving conflicts. - - Routers are subject to additional customization and may support additional controls via the - annotations field. - - Because administrators may configure multiple routers, the route status field is used to - return information to clients about the names and states of the route under each router. - If a client chooses a duplicate name, for instance, the route status conditions are used - to indicate the route cannot be chosen. - - To enable HTTP/2 ALPN on a route it requires a custom - (non-wildcard) certificate. This prevents connection coalescing by - clients, notably web browsers. We do not support HTTP/2 ALPN on - routes that use the default certificate because of the risk of - connection re-use/coalescing. Routes that do not have their own - custom certificate will not be HTTP/2 ALPN-enabled on either the - frontend or the backend. - - Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + description: "A route allows developers to expose services through an HTTP(S) + aware load balancing and proxy layer via a public DNS entry. The route may + further specify TLS options and a certificate, or specify a public CNAME + that the router should also accept for HTTP and HTTPS traffic. An administrator + typically configures their router to be visible outside the cluster firewall, + and may also add additional security, caching, or traffic controls on the + service content. Routers usually talk directly to the service endpoints. + \n Once a route is created, the `host` field may not be changed. Generally, + routers use the oldest route with a given host when resolving conflicts. + \n Routers are subject to additional customization and may support additional + controls via the annotations field. \n Because administrators may configure + multiple routers, the route status field is used to return information to + clients about the names and states of the route under each router. If a + client chooses a duplicate name, for instance, the route status conditions + are used to indicate the route cannot be chosen. \n To enable HTTP/2 ALPN + on a route it requires a custom (non-wildcard) certificate. This prevents + connection coalescing by clients, notably web browsers. We do not support + HTTP/2 ALPN on routes that use the default certificate because of the risk + of connection re-use/coalescing. Routes that do not have their own custom + certificate will not be HTTP/2 ALPN-enabled on either the frontend or the + backend. \n Compatibility level 1: Stable within a major release for a minimum + of 12 months or 3 minor releases (whichever is longer)." properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -67,14 +57,14 @@ spec: description: spec is the desired state of the route properties: alternateBackends: - description: |- - alternateBackends allows up to 3 additional backends to be assigned to the route. - Only the Service kind is allowed, and it will be defaulted to Service. - Use the weight field in RouteTargetReference object to specify relative preference. + description: alternateBackends allows up to 3 additional backends + to be assigned to the route. Only the Service kind is allowed, and + it will be defaulted to Service. Use the weight field in RouteTargetReference + object to specify relative preference. items: - description: |- - RouteTargetReference specifies the target that resolve into endpoints. Only the 'Service' - kind is allowed. Use 'weight' field to emphasize one over others. + description: RouteTargetReference specifies the target that resolve + into endpoints. Only the 'Service' kind is allowed. Use 'weight' + field to emphasize one over others. properties: kind: default: Service @@ -91,9 +81,9 @@ spec: type: string weight: default: 100 - description: |- - weight as an integer between 0 and 256, default 100, that specifies the target's relative weight - against other target reference objects. 0 suppresses requests to this backend. + description: weight as an integer between 0 and 256, default + 100, that specifies the target's relative weight against other + target reference objects. 0 suppresses requests to this backend. format: int32 maximum: 256 minimum: 0 @@ -105,10 +95,8 @@ spec: maxItems: 3 type: array host: - description: |- - host is an alias/DNS that points to the service. Optional. - If not specified a route name will typically be automatically - chosen. + description: host is an alias/DNS that points to the service. Optional. + If not specified a route name will typically be automatically chosen. Must follow DNS952 subdomain conventions. maxLength: 253 pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ @@ -117,51 +105,55 @@ spec: description: httpHeaders defines policy for HTTP headers. properties: actions: - description: |- - actions specifies options for modifying headers and their values. - Note that this option only applies to cleartext HTTP connections - and to secure HTTP connections for which the ingress controller - terminates encryption (that is, edge-terminated or reencrypt - connections). Headers cannot be modified for TLS passthrough - connections. - Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. - `Strict-Transport-Security` may only be configured using the "haproxy.router.openshift.io/hsts_header" - route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. - In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after - the actions specified in the IngressController's spec.httpHeaders.actions field. - In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be - executed after the actions specified in the Route's spec.httpHeaders.actions field. - The headers set via this API will not appear in access logs. - Any actions defined here are applied after any actions related to the following other fields: - cache-control, spec.clientTLS, - spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, - and spec.httpHeaders.headerNameCaseAdjustments. - The following header names are reserved and may not be modified via this API: - Strict-Transport-Security, Proxy, Cookie, Set-Cookie. - Note that the total size of all net added headers *after* interpolating dynamic values - must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the - IngressController. Please refer to the documentation - for that API field for more details. + description: 'actions specifies options for modifying headers + and their values. Note that this option only applies to cleartext + HTTP connections and to secure HTTP connections for which the + ingress controller terminates encryption (that is, edge-terminated + or reencrypt connections). Headers cannot be modified for TLS + passthrough connections. Setting the HSTS (`Strict-Transport-Security`) + header is not supported via actions. `Strict-Transport-Security` + may only be configured using the "haproxy.router.openshift.io/hsts_header" + route annotation, and only in accordance with the policy specified + in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request + headers, the actions specified in spec.httpHeaders.actions on + the Route will be executed after the actions specified in the + IngressController''s spec.httpHeaders.actions field. In case + of HTTP response headers, the actions specified in spec.httpHeaders.actions + on the IngressController will be executed after the actions + specified in the Route''s spec.httpHeaders.actions field. The + headers set via this API will not appear in access logs. Any + actions defined here are applied after any actions related to + the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, + spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. + The following header names are reserved and may not be modified + via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. + Note that the total size of all net added headers *after* interpolating + dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes + on the IngressController. Please refer to the documentation + for that API field for more details.' properties: request: - description: |- - request is a list of HTTP request headers to modify. - Currently, actions may define to either `Set` or `Delete` headers values. - Actions defined here will modify the request headers of all requests made through a route. - These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. - Currently, actions may define to either `Set` or `Delete` headers values. - Route actions will be executed after IngressController actions for request headers. - Actions are applied in sequence as defined in this list. - A maximum of 20 request header actions may be configured. - You can use this field to specify HTTP request headers that should be set or deleted - when forwarding connections from the client to your application. - Sample fetchers allowed are "req.hdr" and "ssl_c_der". - Converters allowed are "lower" and "base64". - Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". - Any request header configuration applied directly via a Route resource using this API - will override header configuration for a header of the same name applied via - spec.httpHeaders.actions on the IngressController or route annotation. - Note: This field cannot be used if your route uses TLS passthrough. + description: 'request is a list of HTTP request headers to + modify. Currently, actions may define to either `Set` or + `Delete` headers values. Actions defined here will modify + the request headers of all requests made through a route. + These actions are applied to a specific Route defined within + a cluster i.e. connections made through a route. Currently, + actions may define to either `Set` or `Delete` headers values. + Route actions will be executed after IngressController actions + for request headers. Actions are applied in sequence as + defined in this list. A maximum of 20 request header actions + may be configured. You can use this field to specify HTTP + request headers that should be set or deleted when forwarding + connections from the client to your application. Sample + fetchers allowed are "req.hdr" and "ssl_c_der". Converters + allowed are "lower" and "base64". Example header values: + "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + Any request header configuration applied directly via a + Route resource using this API will override header configuration + for a header of the same name applied via spec.httpHeaders.actions + on the IngressController or route annotation. Note: This + field cannot be used if your route uses TLS passthrough.' items: description: RouteHTTPHeader specifies configuration for setting or deleting an HTTP header. @@ -171,20 +163,25 @@ spec: headers, such as setting or deleting headers. properties: set: - description: |- - set defines the HTTP header that should be set: added if it doesn't exist or replaced if it does. - This field is required when type is Set and forbidden otherwise. + description: 'set defines the HTTP header that should + be set: added if it doesn''t exist or replaced + if it does. This field is required when type is + Set and forbidden otherwise.' properties: value: - description: |- - value specifies a header value. - Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in - http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and - otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than 16384 characters in length. - Note that the total size of all net added headers *after* interpolating dynamic values - must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the - IngressController. + description: value specifies a header value. + Dynamic values can be added. The value will + be interpreted as an HAProxy format string + as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 + and may use HAProxy's %[] syntax and otherwise + must be a valid HTTP header value as defined + in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + The value of this field must be no more than + 16384 characters in length. Note that the + total size of all net added headers *after* + interpolating dynamic values must not exceed + the value of spec.tuningOptions.headerBufferMaxRewriteBytes + on the IngressController. maxLength: 16384 minLength: 1 type: string @@ -192,11 +189,11 @@ spec: - value type: object type: - description: |- - type defines the type of the action to be applied on the header. - Possible values are Set or Delete. - Set allows you to set HTTP request and response headers. - Delete allows you to delete HTTP request and response headers. + description: type defines the type of the action + to be applied on the header. Possible values are + Set or Delete. Set allows you to set HTTP request + and response headers. Delete allows you to delete + HTTP request and response headers. enum: - Set - Delete @@ -210,14 +207,15 @@ spec: rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' name: - description: |- - name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header - name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". - The following header names are reserved and may not be modified via this API: - Strict-Transport-Security, Proxy, Cookie, Set-Cookie. - It must be no more than 255 characters in length. - Header name must be unique. + description: 'name specifies the name of a header on + which to perform an action. Its value must be a valid + HTTP header name as defined in RFC 2616 section 4.2. + The name must consist only of alphanumeric and the + following special characters, "-!#$%&''*+.^_`". The + following header names are reserved and may not be + modified via this API: Strict-Transport-Security, + Proxy, Cookie, Set-Cookie. It must be no more than + 255 characters in length. Header name must be unique.' maxLength: 255 minLength: 1 pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ @@ -256,20 +254,22 @@ spec: rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) response: - description: |- - response is a list of HTTP response headers to modify. - Currently, actions may define to either `Set` or `Delete` headers values. - Actions defined here will modify the response headers of all requests made through a route. - These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. - Route actions will be executed before IngressController actions for response headers. - Actions are applied in sequence as defined in this list. - A maximum of 20 response header actions may be configured. - You can use this field to specify HTTP response headers that should be set or deleted - when forwarding responses from your application to the client. - Sample fetchers allowed are "res.hdr" and "ssl_c_der". - Converters allowed are "lower" and "base64". - Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". - Note: This field cannot be used if your route uses TLS passthrough. + description: 'response is a list of HTTP response headers + to modify. Currently, actions may define to either `Set` + or `Delete` headers values. Actions defined here will modify + the response headers of all requests made through a route. + These actions are applied to a specific Route defined within + a cluster i.e. connections made through a route. Route actions + will be executed before IngressController actions for response + headers. Actions are applied in sequence as defined in this + list. A maximum of 20 response header actions may be configured. + You can use this field to specify HTTP response headers + that should be set or deleted when forwarding responses + from your application to the client. Sample fetchers allowed + are "res.hdr" and "ssl_c_der". Converters allowed are "lower" + and "base64". Example header values: "%[res.hdr(X-target),lower]", + "%{+Q}[ssl_c_der,base64]". Note: This field cannot be used + if your route uses TLS passthrough.' items: description: RouteHTTPHeader specifies configuration for setting or deleting an HTTP header. @@ -279,20 +279,25 @@ spec: headers, such as setting or deleting headers. properties: set: - description: |- - set defines the HTTP header that should be set: added if it doesn't exist or replaced if it does. - This field is required when type is Set and forbidden otherwise. + description: 'set defines the HTTP header that should + be set: added if it doesn''t exist or replaced + if it does. This field is required when type is + Set and forbidden otherwise.' properties: value: - description: |- - value specifies a header value. - Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in - http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and - otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than 16384 characters in length. - Note that the total size of all net added headers *after* interpolating dynamic values - must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the - IngressController. + description: value specifies a header value. + Dynamic values can be added. The value will + be interpreted as an HAProxy format string + as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 + and may use HAProxy's %[] syntax and otherwise + must be a valid HTTP header value as defined + in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + The value of this field must be no more than + 16384 characters in length. Note that the + total size of all net added headers *after* + interpolating dynamic values must not exceed + the value of spec.tuningOptions.headerBufferMaxRewriteBytes + on the IngressController. maxLength: 16384 minLength: 1 type: string @@ -300,11 +305,11 @@ spec: - value type: object type: - description: |- - type defines the type of the action to be applied on the header. - Possible values are Set or Delete. - Set allows you to set HTTP request and response headers. - Delete allows you to delete HTTP request and response headers. + description: type defines the type of the action + to be applied on the header. Possible values are + Set or Delete. Set allows you to set HTTP request + and response headers. Delete allows you to delete + HTTP request and response headers. enum: - Set - Delete @@ -318,14 +323,15 @@ spec: rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' name: - description: |- - name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header - name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". - The following header names are reserved and may not be modified via this API: - Strict-Transport-Security, Proxy, Cookie, Set-Cookie. - It must be no more than 255 characters in length. - Header name must be unique. + description: 'name specifies the name of a header on + which to perform an action. Its value must be a valid + HTTP header name as defined in RFC 2616 section 4.2. + The name must consist only of alphanumeric and the + following special characters, "-!#$%&''*+.^_`". The + following header names are reserved and may not be + modified via this API: Strict-Transport-Security, + Proxy, Cookie, Set-Cookie. It must be no more than + 255 characters in length. Header name must be unique.' maxLength: 255 minLength: 1 pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ @@ -371,37 +377,35 @@ spec: pattern: ^/ type: string port: - description: |- - If specified, the port to be used by the router. Most routers will use all - endpoints exposed by the service by default - set this value to instruct routers - which port to use. + description: If specified, the port to be used by the router. Most + routers will use all endpoints exposed by the service by default + - set this value to instruct routers which port to use. properties: targetPort: anyOf: - type: integer - type: string - description: |- - The target port on pods selected by the service this route points to. - If this is a string, it will be looked up as a named port in the target - endpoints port list. Required + description: The target port on pods selected by the service this + route points to. If this is a string, it will be looked up as + a named port in the target endpoints port list. Required x-kubernetes-int-or-string: true required: - targetPort type: object subdomain: - description: |- - subdomain is a DNS subdomain that is requested within the ingress controller's - domain (as a subdomain). If host is set this field is ignored. An ingress - controller may choose to ignore this suggested name, in which case the controller - will report the assigned name in the status.ingress array or refuse to admit the - route. If this value is set and the server does not support this field host will - be populated automatically. Otherwise host is left empty. The field may have - multiple parts separated by a dot, but not all ingress controllers may honor - the request. This field may not be changed after creation except by a user with - the update routes/custom-host permission. - - Example: subdomain `frontend` automatically receives the router subdomain - `apps.mycluster.com` to have a full hostname `frontend.apps.mycluster.com`. + description: "subdomain is a DNS subdomain that is requested within + the ingress controller's domain (as a subdomain). If host is set + this field is ignored. An ingress controller may choose to ignore + this suggested name, in which case the controller will report the + assigned name in the status.ingress array or refuse to admit the + route. If this value is set and the server does not support this + field host will be populated automatically. Otherwise host is left + empty. The field may have multiple parts separated by a dot, but + not all ingress controllers may honor the request. This field may + not be changed after creation except by a user with the update routes/custom-host + permission. \n Example: subdomain `frontend` automatically receives + the router subdomain `apps.mycluster.com` to have a full hostname + `frontend.apps.mycluster.com`." maxLength: 253 pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ type: string @@ -414,41 +418,40 @@ spec: contents type: string certificate: - description: |- - certificate provides certificate contents. This should be a single serving certificate, not a certificate - chain. Do not include a CA certificate. + description: certificate provides certificate contents. This should + be a single serving certificate, not a certificate chain. Do + not include a CA certificate. type: string destinationCACertificate: - description: |- - destinationCACertificate provides the contents of the ca certificate of the final destination. When using reencrypt - termination this file should be provided in order to have routers use it for health checks on the secure connection. - If this field is not specified, the router may provide its own destination CA and perform hostname validation using - the short service name (service.namespace.svc), which allows infrastructure generated certificates to automatically - verify. + description: destinationCACertificate provides the contents of + the ca certificate of the final destination. When using reencrypt + termination this file should be provided in order to have routers + use it for health checks on the secure connection. If this field + is not specified, the router may provide its own destination + CA and perform hostname validation using the short service name + (service.namespace.svc), which allows infrastructure generated + certificates to automatically verify. type: string externalCertificate: - description: |- - externalCertificate provides certificate contents as a secret reference. - This should be a single serving certificate, not a certificate - chain. Do not include a CA certificate. The secret referenced should - be present in the same namespace as that of the Route. - Forbidden when `certificate` is set. + description: externalCertificate provides certificate contents + as a secret reference. This should be a single serving certificate, + not a certificate chain. Do not include a CA certificate. The + secret referenced should be present in the same namespace as + that of the Route. Forbidden when `certificate` is set. properties: name: - description: |- - name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string type: object x-kubernetes-map-type: atomic insecureEdgeTerminationPolicy: - description: |- - insecureEdgeTerminationPolicy indicates the desired behavior for insecure connections to a route. While - each router may make its own decisions on which ports to expose, this is normally port 80. - - * Allow - traffic is sent to the server on the insecure port (edge/reencrypt terminations only) (default). - * None - no traffic is allowed on the insecure port. - * Redirect - clients are redirected to the secure port. + description: "insecureEdgeTerminationPolicy indicates the desired + behavior for insecure connections to a route. While each router + may make its own decisions on which ports to expose, this is + normally port 80. \n * Allow - traffic is sent to the server + on the insecure port (edge/reencrypt terminations only) (default). + * None - no traffic is allowed on the insecure port. * Redirect + - clients are redirected to the secure port." enum: - Allow - None @@ -459,14 +462,14 @@ spec: description: key provides key file contents type: string termination: - description: |- - termination indicates termination type. - - * edge - TLS termination is done by the router and http is used to communicate with the backend (default) - * passthrough - Traffic is sent straight to the destination without the router providing TLS termination - * reencrypt - TLS termination is done by the router and https is used to communicate with the backend - - Note: passthrough termination is incompatible with httpHeader actions + description: "termination indicates termination type. \n * edge + - TLS termination is done by the router and http is used to + communicate with the backend (default) * passthrough - Traffic + is sent straight to the destination without the router providing + TLS termination * reencrypt - TLS termination is done by the + router and https is used to communicate with the backend \n + Note: passthrough termination is incompatible with httpHeader + actions" enum: - edge - reencrypt @@ -482,10 +485,10 @@ spec: ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) : true' to: - description: |- - to is an object the route should use as the primary backend. Only the Service kind - is allowed, and it will be defaulted to Service. If the weight field (0-256 default 100) - is set to zero, no traffic will be sent to this backend. + description: to is an object the route should use as the primary backend. + Only the Service kind is allowed, and it will be defaulted to Service. + If the weight field (0-256 default 100) is set to zero, no traffic + will be sent to this backend. properties: kind: default: Service @@ -502,9 +505,9 @@ spec: type: string weight: default: 100 - description: |- - weight as an integer between 0 and 256, default 100, that specifies the target's relative weight - against other target reference objects. 0 suppresses requests to this backend. + description: weight as an integer between 0 and 256, default 100, + that specifies the target's relative weight against other target + reference objects. 0 suppresses requests to this backend. format: int32 maximum: 256 minimum: 0 @@ -515,9 +518,8 @@ spec: type: object wildcardPolicy: default: None - description: |- - Wildcard policy if any for the route. - Currently only 'Subdomain' or 'None' is allowed. + description: Wildcard policy if any for the route. Currently only + 'Subdomain' or 'None' is allowed. enum: - None - Subdomain @@ -534,10 +536,9 @@ spec: description: status is the current state of the route properties: ingress: - description: |- - ingress describes the places where the route may be exposed. The list of - ingress points may contain duplicate Host or RouterName values. Routes - are considered live once they are `Ready` + description: ingress describes the places where the route may be exposed. + The list of ingress points may contain duplicate Host or RouterName + values. Routes are considered live once they are `Ready` items: description: RouteIngress holds information about the places where a route is exposed. @@ -545,9 +546,8 @@ spec: conditions: description: Conditions is the state of the route, may be empty. items: - description: |- - RouteIngressCondition contains details for the current condition of this route on a particular - router. + description: RouteIngressCondition contains details for the + current condition of this route on a particular router. properties: lastTransitionTime: description: RFC 3339 date and time when this condition @@ -559,19 +559,16 @@ spec: about last transition. type: string reason: - description: |- - (brief) reason for the condition's last transition, and is usually a machine and human - readable constant + description: (brief) reason for the condition's last transition, + and is usually a machine and human readable constant type: string status: - description: |- - Status is the status of the condition. - Can be True, False, Unknown. + description: Status is the status of the condition. Can + be True, False, Unknown. type: string type: - description: |- - Type is the type of the condition. - Currently only Admitted. + description: Type is the type of the condition. Currently + only Admitted. type: string required: - status @@ -583,9 +580,10 @@ spec: exposed; this value is required type: string routerCanonicalHostname: - description: |- - CanonicalHostname is the external host name for the router that can be used as a CNAME - for the host requested for this route. This value is optional and may not be set in all cases. + description: CanonicalHostname is the external host name for + the router that can be used as a CNAME for the host requested + for this route. This value is optional and may not be set + in all cases. type: string routerName: description: Name is a name chosen by the router to identify diff --git a/config/crd/external/user.openshift.io_groups.yaml b/config/crd/external/user.openshift.io_groups.yaml index a72ff5ef947..452dd58d903 100644 --- a/config/crd/external/user.openshift.io_groups.yaml +++ b/config/crd/external/user.openshift.io_groups.yaml @@ -3,7 +3,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null name: groups.user.openshift.io spec: group: user.openshift.io @@ -17,25 +18,19 @@ spec: - name: v1 schema: openAPIV3Schema: - description: |- - Group represents a referenceable set of Users - - Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + description: "Group represents a referenceable set of Users \n Compatibility + level 1: Stable within a major release for a minimum of 12 months or 3 minor + releases (whichever is longer)." properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object diff --git a/config/crd/external/user.openshift.io_identities.yaml b/config/crd/external/user.openshift.io_identities.yaml index 891c81aebec..971f99052da 100644 --- a/config/crd/external/user.openshift.io_identities.yaml +++ b/config/crd/external/user.openshift.io_identities.yaml @@ -3,7 +3,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null name: identities.user.openshift.io spec: group: user.openshift.io @@ -17,21 +18,19 @@ spec: - name: v1 schema: openAPIV3Schema: - description: |- - Identity records a successful authentication of a user with an identity provider. The - information about the source of authentication is stored on the identity, and the identity - is then associated with a single user object. Multiple identities can reference a single - user. Information retrieved from the authentication provider is stored in the extra field - using a schema determined by the provider. - - Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + description: "Identity records a successful authentication of a user with + an identity provider. The information about the source of authentication + is stored on the identity, and the identity is then associated with a single + user object. Multiple identities can reference a single user. Information + retrieved from the authentication provider is stored in the extra field + using a schema determined by the provider. \n Compatibility level 1: Stable + within a major release for a minimum of 12 months or 3 minor releases (whichever + is longer)." properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string extra: additionalProperties: @@ -39,12 +38,9 @@ spec: description: Extra holds extra information about this identity type: object kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -56,47 +52,39 @@ spec: scope of the provider type: string user: - description: |- - User is a reference to the user this identity is associated with - Both Name and UID must be set + description: User is a reference to the user this identity is associated + with Both Name and UID must be set properties: apiVersion: description: API version of the referent. type: string fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. + description: 'If referring to a piece of an object instead of an entire + object, this string should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. For example, + if the object reference is to a container within a pod, this would + take on a value like: "spec.containers{name}" (where "name" refers + to the name of the container that triggered the event) or if no + container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design is not + final and this field is subject to change in the future.' type: string kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' type: string uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object x-kubernetes-map-type: atomic diff --git a/config/crd/external/user.openshift.io_useridentitymappings.yaml b/config/crd/external/user.openshift.io_useridentitymappings.yaml index bcf5c5ac424..41bf7b7837b 100644 --- a/config/crd/external/user.openshift.io_useridentitymappings.yaml +++ b/config/crd/external/user.openshift.io_useridentitymappings.yaml @@ -3,7 +3,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null name: useridentitymappings.user.openshift.io spec: group: user.openshift.io @@ -17,17 +18,14 @@ spec: - name: v1 schema: openAPIV3Schema: - description: |- - UserIdentityMapping maps a user to an identity - - Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + description: "UserIdentityMapping maps a user to an identity \n Compatibility + level 1: Stable within a major release for a minimum of 12 months or 3 minor + releases (whichever is longer)." properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string identity: description: Identity is a reference to an identity @@ -36,49 +34,39 @@ spec: description: API version of the referent. type: string fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. + description: 'If referring to a piece of an object instead of an entire + object, this string should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. For example, + if the object reference is to a container within a pod, this would + take on a value like: "spec.containers{name}" (where "name" refers + to the name of the container that triggered the event) or if no + container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design is not + final and this field is subject to change in the future.' type: string kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' type: string uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object x-kubernetes-map-type: atomic kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -89,39 +77,32 @@ spec: description: API version of the referent. type: string fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. + description: 'If referring to a piece of an object instead of an entire + object, this string should contain a valid JSON/Go field access + statement, such as desiredState.manifest.containers[2]. For example, + if the object reference is to a container within a pod, this would + take on a value like: "spec.containers{name}" (where "name" refers + to the name of the container that triggered the event) or if no + container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design is not + final and this field is subject to change in the future.' type: string kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' type: string uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object x-kubernetes-map-type: atomic diff --git a/config/crd/external/user.openshift.io_users.yaml b/config/crd/external/user.openshift.io_users.yaml index 2c9e80fa49b..c6315360048 100644 --- a/config/crd/external/user.openshift.io_users.yaml +++ b/config/crd/external/user.openshift.io_users.yaml @@ -3,7 +3,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null name: users.user.openshift.io spec: group: user.openshift.io @@ -17,30 +18,27 @@ spec: - name: v1 schema: openAPIV3Schema: - description: |- - Upon log in, every user of the system receives a User and Identity resource. Administrators - may directly manipulate the attributes of the users for their own tracking, or set groups - via the API. The user name is unique and is chosen based on the value provided by the - identity provider - if a user already exists with the incoming name, the user name may have - a number appended to it depending on the configuration of the system. - - Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + description: "Upon log in, every user of the system receives a User and Identity + resource. Administrators may directly manipulate the attributes of the users + for their own tracking, or set groups via the API. The user name is unique + and is chosen based on the value provided by the identity provider - if + a user already exists with the incoming name, the user name may have a number + appended to it depending on the configuration of the system. \n Compatibility + level 1: Stable within a major release for a minimum of 12 months or 3 minor + releases (whichever is longer)." properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string fullName: description: FullName is the full name of user type: string groups: - description: |- - Groups specifies group names this user is a member of. - This field is deprecated and will be removed in a future release. - Instead, create a Group object containing the name of this User. + description: Groups specifies group names this user is a member of. This + field is deprecated and will be removed in a future release. Instead, + create a Group object containing the name of this User. items: type: string type: array @@ -50,12 +48,9 @@ spec: type: string type: array kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 8ddcba22058..c219b847dea 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -2,6 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: + creationTimestamp: null name: controller-manager-role rules: - apiGroups: @@ -16,7 +17,17 @@ rules: - '*' resources: - deployments + verbs: + - '*' +- apiGroups: + - '*' + resources: - replicasets + verbs: + - '*' +- apiGroups: + - '*' + resources: - services verbs: - '*' @@ -42,6 +53,17 @@ rules: - admissionregistration.k8s.io resources: - mutatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: - validatingwebhookconfigurations verbs: - create @@ -78,8 +100,23 @@ rules: - apps resources: - deployments + verbs: + - '*' +- apiGroups: + - apps + resources: - deployments/finalizers + verbs: + - '*' +- apiGroups: + - apps + resources: - replicasets + verbs: + - '*' +- apiGroups: + - apps + resources: - statefulsets verbs: - '*' @@ -111,11 +148,25 @@ rules: - get - apiGroups: - authorization.openshift.io - - rbac.authorization.k8s.io resources: - clusterrolebindings + verbs: + - '*' +- apiGroups: + - authorization.openshift.io + resources: - clusterroles + verbs: + - '*' +- apiGroups: + - authorization.openshift.io + resources: - rolebindings + verbs: + - '*' +- apiGroups: + - authorization.openshift.io + resources: - roles verbs: - '*' @@ -133,9 +184,16 @@ rules: - watch - apiGroups: - autoscaling.openshift.io - - machine.openshift.io resources: - machineautoscalers + verbs: + - delete + - get + - list + - patch +- apiGroups: + - autoscaling.openshift.io + resources: - machinesets verbs: - delete @@ -146,7 +204,6 @@ rules: - batch resources: - cronjobs - - jobs/status verbs: - create - delete @@ -161,11 +218,43 @@ rules: - jobs verbs: - '*' +- apiGroups: + - batch + resources: + - jobs/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - build.openshift.io resources: - buildconfigs + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - build.openshift.io + resources: - buildconfigs/instantiate + verbs: + - create + - delete + - get + - list + - patch + - watch +- apiGroups: + - build.openshift.io + resources: - builds verbs: - create @@ -240,7 +329,6 @@ rules: - "" resources: - clusterversions - - rhmis verbs: - get - list @@ -249,12 +337,6 @@ rules: - "" resources: - configmaps - - events - - namespaces - - secrets - - secrets/finalizers - - serviceaccounts - - services/finalizers verbs: - create - delete @@ -276,29 +358,122 @@ rules: - "" resources: - deployments + verbs: + - '*' +- apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces/finalizers + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: - persistentvolumeclaims + verbs: + - '*' +- apiGroups: + - "" + resources: - persistentvolumes + verbs: + - '*' +- apiGroups: + - "" + resources: - pods + verbs: + - '*' +- apiGroups: + - "" + resources: - pods/exec + verbs: + - '*' +- apiGroups: + - "" + resources: - pods/log verbs: - '*' - apiGroups: - "" resources: - - endpoints + - rhmis + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets verbs: - create - delete - get - list + - patch - update - watch - apiGroups: - "" resources: - - namespaces/finalizers + - secrets/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts verbs: + - create - delete - get - list @@ -318,6 +493,18 @@ rules: - patch - update - watch +- apiGroups: + - "" + resources: + - services/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - custom.tekton.dev resources: @@ -328,7 +515,25 @@ rules: - dashboard.opendatahub.io resources: - acceleratorprofiles + verbs: + - create + - delete + - get + - list + - patch +- apiGroups: + - dashboard.opendatahub.io + resources: - odhapplications + verbs: + - create + - delete + - get + - list + - patch +- apiGroups: + - dashboard.opendatahub.io + resources: - odhdocuments verbs: - create @@ -379,6 +584,13 @@ rules: - datasciencepipelinesapplications.opendatahub.io resources: - datasciencepipelinesapplications/finalizers + verbs: + - get + - patch + - update +- apiGroups: + - datasciencepipelinesapplications.opendatahub.io + resources: - datasciencepipelinesapplications/status verbs: - get @@ -400,6 +612,14 @@ rules: - dscinitialization.opendatahub.io resources: - dscinitializations/finalizers + verbs: + - delete + - get + - patch + - update +- apiGroups: + - dscinitialization.opendatahub.io + resources: - dscinitializations/status verbs: - delete @@ -420,7 +640,6 @@ rules: - extensions resources: - deployments - - replicasets verbs: - '*' - apiGroups: @@ -433,6 +652,12 @@ rules: - list - patch - watch +- apiGroups: + - extensions + resources: + - replicasets + verbs: + - '*' - apiGroups: - features.opendatahub.io resources: @@ -470,6 +695,11 @@ rules: - image.openshift.io resources: - imagestreamtags + verbs: + - get +- apiGroups: + - image.openshift.io + resources: - registry/metrics verbs: - get @@ -484,7 +714,25 @@ rules: - patch - watch - apiGroups: - - machinelearning.seldon.io + - machine.openshift.io + resources: + - machineautoscalers + verbs: + - delete + - get + - list + - patch +- apiGroups: + - machine.openshift.io + resources: + - machinesets + verbs: + - delete + - get + - list + - patch +- apiGroups: + - machinelearning.seldon.io resources: - seldondeployments verbs: @@ -493,8 +741,41 @@ rules: - maistra.io resources: - servicemeshcontrolplanes + verbs: + - create + - get + - list + - patch + - update + - use + - watch +- apiGroups: + - maistra.io + resources: - servicemeshmemberrolls + verbs: + - create + - get + - list + - patch + - update + - use + - watch +- apiGroups: + - maistra.io + resources: - servicemeshmembers + verbs: + - create + - get + - list + - patch + - update + - use + - watch +- apiGroups: + - maistra.io + resources: - servicemeshmembers/finalizers verbs: - create @@ -508,17 +789,36 @@ rules: - monitoring.coreos.com resources: - alertmanagerconfigs + verbs: + - create + - delete + - deletecollection + - get + - patch +- apiGroups: + - monitoring.coreos.com + resources: - alertmanagers + verbs: + - create + - delete + - deletecollection + - get + - patch +- apiGroups: + - monitoring.coreos.com + resources: - alertmanagers/finalizers + verbs: + - create + - delete + - deletecollection + - get + - patch +- apiGroups: + - monitoring.coreos.com + resources: - alertmanagers/status - - probes - - prometheuses - - prometheuses/finalizers - - prometheuses/status - - prometheusrules - - thanosrulers - - thanosrulers/finalizers - - thanosrulers/status verbs: - create - delete @@ -537,6 +837,56 @@ rules: - patch - update - watch +- apiGroups: + - monitoring.coreos.com + resources: + - probes + verbs: + - create + - delete + - deletecollection + - get + - patch +- apiGroups: + - monitoring.coreos.com + resources: + - prometheuses + verbs: + - create + - delete + - deletecollection + - get + - patch +- apiGroups: + - monitoring.coreos.com + resources: + - prometheuses/finalizers + verbs: + - create + - delete + - deletecollection + - get + - patch +- apiGroups: + - monitoring.coreos.com + resources: + - prometheuses/status + verbs: + - create + - delete + - deletecollection + - get + - patch +- apiGroups: + - monitoring.coreos.com + resources: + - prometheusrules + verbs: + - create + - delete + - deletecollection + - get + - patch - apiGroups: - monitoring.coreos.com resources: @@ -550,11 +900,51 @@ rules: - patch - update - watch +- apiGroups: + - monitoring.coreos.com + resources: + - thanosrulers + verbs: + - create + - delete + - deletecollection + - get + - patch +- apiGroups: + - monitoring.coreos.com + resources: + - thanosrulers/finalizers + verbs: + - create + - delete + - deletecollection + - get + - patch +- apiGroups: + - monitoring.coreos.com + resources: + - thanosrulers/status + verbs: + - create + - delete + - deletecollection + - get + - patch - apiGroups: - networking.istio.io resources: - envoyfilters + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: - gateways + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: - virtualservices verbs: - '*' @@ -583,6 +973,17 @@ rules: - networking.k8s.io resources: - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - networking.k8s.io + resources: - networkpolicies verbs: - create @@ -632,6 +1033,15 @@ rules: - operator.openshift.io resources: - consoles + verbs: + - delete + - get + - list + - patch + - watch +- apiGroups: + - operator.openshift.io + resources: - ingresscontrollers verbs: - delete @@ -643,7 +1053,6 @@ rules: - operators.coreos.com resources: - catalogsources - - operatorconditions verbs: - get - list @@ -667,6 +1076,14 @@ rules: - delete - get - patch +- apiGroups: + - operators.coreos.com + resources: + - operatorconditions + verbs: + - get + - list + - watch - apiGroups: - operators.coreos.com resources: @@ -690,6 +1107,17 @@ rules: - ray.io resources: - rayjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ray.io + resources: - rayservices verbs: - create @@ -699,10 +1127,39 @@ rules: - patch - update - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - '*' - apiGroups: - route.openshift.io resources: - routers/federate + verbs: + - get +- apiGroups: + - route.openshift.io + resources: - routers/metrics verbs: - get @@ -750,6 +1207,17 @@ rules: - serving.knative.dev resources: - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - serving.knative.dev + resources: - services/finalizers verbs: - create @@ -772,13 +1240,72 @@ rules: - serving.kserve.io resources: - clusterservingruntimes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - serving.kserve.io + resources: - clusterservingruntimes/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - serving.kserve.io + resources: + - clusterservingruntimes/status + verbs: + - delete + - get + - patch + - update +- apiGroups: + - serving.kserve.io + resources: - inferencegraphs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - serving.kserve.io + resources: + - inferencegraphs/status + verbs: + - delete + - get + - patch + - update +- apiGroups: + - serving.kserve.io + resources: - inferenceservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - serving.kserve.io + resources: - inferenceservices/finalizers - - predictors - - servingruntimes/finalizers - - trainedmodels verbs: - create - delete @@ -790,31 +1317,88 @@ rules: - apiGroups: - serving.kserve.io resources: - - clusterservingruntimes/status - - inferencegraphs/status - inferenceservices/status - - predictors/status - - trainedmodels/status verbs: - delete - get - patch - update +- apiGroups: + - serving.kserve.io + resources: + - predictors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - serving.kserve.io resources: - predictors/finalizers - - servingruntimes/status verbs: - get - patch - update +- apiGroups: + - serving.kserve.io + resources: + - predictors/status + verbs: + - delete + - get + - patch + - update - apiGroups: - serving.kserve.io resources: - servingruntimes verbs: - '*' +- apiGroups: + - serving.kserve.io + resources: + - servingruntimes/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - serving.kserve.io + resources: + - servingruntimes/status + verbs: + - get + - patch + - update +- apiGroups: + - serving.kserve.io + resources: + - trainedmodels + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - serving.kserve.io + resources: + - trainedmodels/status + verbs: + - delete + - get + - patch + - update - apiGroups: - snapshot.storage.k8s.io resources: diff --git a/get_all_manifests.sh b/get_all_manifests.sh index 80a8ff141c4..f2c709c49b7 100755 --- a/get_all_manifests.sh +++ b/get_all_manifests.sh @@ -8,19 +8,19 @@ MANIFEST_ORG="red-hat-data-services" # component: notebook, dsp, kserve, dashbaord, cf/ray/kueue/trainingoperator, trustyai, modelmesh. # in the format of "repo-org:repo-name:ref-name:source-folder:target-folder". declare -A COMPONENT_MANIFESTS=( - ["codeflare"]="red-hat-data-services:codeflare-operator:rhoai-2.13:config:codeflare" - ["ray"]="red-hat-data-services:kuberay:rhoai-2.13:ray-operator/config:ray" - ["kueue"]="red-hat-data-services:kueue:rhoai-2.13:config:kueue" - ["data-science-pipelines-operator"]="red-hat-data-services:data-science-pipelines-operator:rhoai-2.13:config:data-science-pipelines-operator" - ["kf-notebook-controller"]="red-hat-data-services:kubeflow:rhoai-2.13:components/notebook-controller/config:odh-notebook-controller/kf-notebook-controller" - ["odh-notebook-controller"]="red-hat-data-services:kubeflow:rhoai-2.13:components/odh-notebook-controller/config:odh-notebook-controller/odh-notebook-controller" - ["notebooks"]="red-hat-data-services:notebooks:rhoai-2.13:manifests:notebooks" - ["trustyai"]="red-hat-data-services:trustyai-service-operator:rhoai-2.13:config:trustyai-service-operator" - ["model-mesh"]="red-hat-data-services:modelmesh-serving:rhoai-2.13:config:model-mesh" - ["odh-model-controller"]="red-hat-data-services:odh-model-controller:rhoai-2.13:config:odh-model-controller" - ["kserve"]="red-hat-data-services:kserve:rhoai-2.13:config:kserve" - ["odh-dashboard"]="red-hat-data-services:odh-dashboard:rhoai-2.13:manifests:dashboard" - ["trainingoperator"]="red-hat-data-services:training-operator:rhoai-2.13:manifests:trainingoperator" + ["codeflare"]="red-hat-data-services:codeflare-operator:rhoai-2.14:config:codeflare" + ["ray"]="red-hat-data-services:kuberay:rhoai-2.14:ray-operator/config:ray" + ["kueue"]="red-hat-data-services:kueue:rhoai-2.14:config:kueue" + ["data-science-pipelines-operator"]="red-hat-data-services:data-science-pipelines-operator:rhoai-2.14:config:data-science-pipelines-operator" + ["kf-notebook-controller"]="red-hat-data-services:kubeflow:rhoai-2.14:components/notebook-controller/config:odh-notebook-controller/kf-notebook-controller" + ["odh-notebook-controller"]="red-hat-data-services:kubeflow:rhoai-2.14:components/odh-notebook-controller/config:odh-notebook-controller/odh-notebook-controller" + ["notebooks"]="red-hat-data-services:notebooks:rhoai-2.14:manifests:notebooks" + ["trustyai"]="red-hat-data-services:trustyai-service-operator:rhoai-2.14:config:trustyai-service-operator" + ["model-mesh"]="red-hat-data-services:modelmesh-serving:rhoai-2.14:config:model-mesh" + ["odh-model-controller"]="red-hat-data-services:odh-model-controller:rhoai-2.14:config:odh-model-controller" + ["kserve"]="red-hat-data-services:kserve:rhoai-2.14:config:kserve" + ["odh-dashboard"]="red-hat-data-services:odh-dashboard:rhoai-2.14:manifests:dashboard" + ["trainingoperator"]="red-hat-data-services:training-operator:rhoai-2.14:manifests:trainingoperator" ) # Allow overwriting repo using flags component=repo