From aa426beb1930f1dd8b6c17c0ea5ebf7c92d4883e Mon Sep 17 00:00:00 2001 From: Wen Zhou Date: Mon, 26 Aug 2024 20:07:42 +0200 Subject: [PATCH] deps: regenerate after upgrade version Signed-off-by: Wen Zhou --- .../v1/zz_generated.deepcopy.go | 1 - .../v1/zz_generated.deepcopy.go | 1 - apis/features/v1/zz_generated.deepcopy.go | 1 - .../v1/zz_generated.deepcopy.go | 1 - components/codeflare/zz_generated.deepcopy.go | 1 - components/dashboard/zz_generated.deepcopy.go | 1 - .../zz_generated.deepcopy.go | 1 - components/kserve/zz_generated.deepcopy.go | 1 - components/kueue/zz_generated.deepcopy.go | 1 - .../modelmeshserving/zz_generated.deepcopy.go | 1 - .../modelregistry/zz_generated.deepcopy.go | 1 - components/ray/zz_generated.deepcopy.go | 1 - .../trainingoperator/zz_generated.deepcopy.go | 1 - components/trustyai/zz_generated.deepcopy.go | 1 - .../workbenches/zz_generated.deepcopy.go | 1 - components/zz_generated.deepcopy.go | 1 - ...er.opendatahub.io_datascienceclusters.yaml | 365 +++++----- ...ion.opendatahub.io_dscinitializations.yaml | 195 +++--- ...atures.opendatahub.io_featuretrackers.yaml | 45 +- .../external/route.openshift.io_routes.yaml | 486 ++++++------- .../external/user.openshift.io_groups.yaml | 27 +- .../user.openshift.io_identities.yaml | 80 ++- ...ser.openshift.io_useridentitymappings.yaml | 105 +-- .../crd/external/user.openshift.io_users.yaml | 43 +- config/rbac/role.yaml | 644 +----------------- config/webhook/manifests.yaml | 1 - pkg/cluster/zz_generated.deepcopy.go | 1 - 27 files changed, 722 insertions(+), 1286 deletions(-) diff --git a/apis/datasciencecluster/v1/zz_generated.deepcopy.go b/apis/datasciencecluster/v1/zz_generated.deepcopy.go index fc0e13ce62f..cf315a2ee0a 100644 --- a/apis/datasciencecluster/v1/zz_generated.deepcopy.go +++ b/apis/datasciencecluster/v1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2023. diff --git a/apis/dscinitialization/v1/zz_generated.deepcopy.go b/apis/dscinitialization/v1/zz_generated.deepcopy.go index bb8d3139e7e..4f9bb201778 100644 --- a/apis/dscinitialization/v1/zz_generated.deepcopy.go +++ b/apis/dscinitialization/v1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2023. diff --git a/apis/features/v1/zz_generated.deepcopy.go b/apis/features/v1/zz_generated.deepcopy.go index 1b62f0ce915..6da1067b623 100644 --- a/apis/features/v1/zz_generated.deepcopy.go +++ b/apis/features/v1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2023. diff --git a/apis/infrastructure/v1/zz_generated.deepcopy.go b/apis/infrastructure/v1/zz_generated.deepcopy.go index 3c0cae523fd..e0bf63ff9c9 100644 --- a/apis/infrastructure/v1/zz_generated.deepcopy.go +++ b/apis/infrastructure/v1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2023. diff --git a/components/codeflare/zz_generated.deepcopy.go b/components/codeflare/zz_generated.deepcopy.go index 2de3746fcd8..f761b2dbbd5 100644 --- a/components/codeflare/zz_generated.deepcopy.go +++ b/components/codeflare/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2023. diff --git a/components/dashboard/zz_generated.deepcopy.go b/components/dashboard/zz_generated.deepcopy.go index b03c8cc3554..9e4b4fc3a9d 100644 --- a/components/dashboard/zz_generated.deepcopy.go +++ b/components/dashboard/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2023. diff --git a/components/datasciencepipelines/zz_generated.deepcopy.go b/components/datasciencepipelines/zz_generated.deepcopy.go index 83d66b16af5..11c4e758555 100644 --- a/components/datasciencepipelines/zz_generated.deepcopy.go +++ b/components/datasciencepipelines/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2023. diff --git a/components/kserve/zz_generated.deepcopy.go b/components/kserve/zz_generated.deepcopy.go index 0f22d6fb461..da6e99960b7 100644 --- a/components/kserve/zz_generated.deepcopy.go +++ b/components/kserve/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2023. diff --git a/components/kueue/zz_generated.deepcopy.go b/components/kueue/zz_generated.deepcopy.go index 2acbd510ffa..9ab2279f9bf 100644 --- a/components/kueue/zz_generated.deepcopy.go +++ b/components/kueue/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2023. diff --git a/components/modelmeshserving/zz_generated.deepcopy.go b/components/modelmeshserving/zz_generated.deepcopy.go index 6dac684c861..fee91980836 100644 --- a/components/modelmeshserving/zz_generated.deepcopy.go +++ b/components/modelmeshserving/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2023. diff --git a/components/modelregistry/zz_generated.deepcopy.go b/components/modelregistry/zz_generated.deepcopy.go index 3ed241dd7f1..86c4a17e14c 100644 --- a/components/modelregistry/zz_generated.deepcopy.go +++ b/components/modelregistry/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2023. diff --git a/components/ray/zz_generated.deepcopy.go b/components/ray/zz_generated.deepcopy.go index 1629ba08cb0..f7688cd81a5 100644 --- a/components/ray/zz_generated.deepcopy.go +++ b/components/ray/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2023. diff --git a/components/trainingoperator/zz_generated.deepcopy.go b/components/trainingoperator/zz_generated.deepcopy.go index 994a849c318..57245a95044 100644 --- a/components/trainingoperator/zz_generated.deepcopy.go +++ b/components/trainingoperator/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2023. diff --git a/components/trustyai/zz_generated.deepcopy.go b/components/trustyai/zz_generated.deepcopy.go index 22617c11860..98dab130477 100644 --- a/components/trustyai/zz_generated.deepcopy.go +++ b/components/trustyai/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2023. diff --git a/components/workbenches/zz_generated.deepcopy.go b/components/workbenches/zz_generated.deepcopy.go index 04de9307fe2..61045d7db98 100644 --- a/components/workbenches/zz_generated.deepcopy.go +++ b/components/workbenches/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2023. diff --git a/components/zz_generated.deepcopy.go b/components/zz_generated.deepcopy.go index e7968282dc9..92a766ebc26 100644 --- a/components/zz_generated.deepcopy.go +++ b/components/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2023. diff --git a/config/crd/bases/datasciencecluster.opendatahub.io_datascienceclusters.yaml b/config/crd/bases/datasciencecluster.opendatahub.io_datascienceclusters.yaml index 38f3fc9749d..97686c3c3a9 100644 --- a/config/crd/bases/datasciencecluster.opendatahub.io_datascienceclusters.yaml +++ b/config/crd/bases/datasciencecluster.opendatahub.io_datascienceclusters.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.1 name: datascienceclusters.datasciencecluster.opendatahub.io spec: group: datasciencecluster.opendatahub.io @@ -24,14 +23,19 @@ spec: API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -42,9 +46,9 @@ spec: description: Override and fine tune specific component configurations. properties: codeflare: - description: CodeFlare component configuration. If CodeFlare Operator - has been installed in the cluster, it should be uninstalled - first before enabled component. + description: |- + CodeFlare component configuration. + If CodeFlare Operator has been installed in the cluster, it should be uninstalled first before enabled component. properties: devFlags: description: Add developer fields @@ -75,12 +79,14 @@ spec: type: array type: object managementState: - description: "Set to one of the following values: \n - \"Managed\" - : the operator is actively managing the component and trying - to keep it active. It will only upgrade the component if - it is safe to do so \n - \"Removed\" : the operator is actively - managing the component and will not install it, or if it - is installed, the operator will try to remove it" + description: |- + Set to one of the following values: + + - "Managed" : the operator is actively managing the component and trying to keep it active. + It will only upgrade the component if it is safe to do so + + - "Removed" : the operator is actively managing the component and will not install it, + or if it is installed, the operator will try to remove it enum: - Managed - Removed @@ -119,12 +125,14 @@ spec: type: array type: object managementState: - description: "Set to one of the following values: \n - \"Managed\" - : the operator is actively managing the component and trying - to keep it active. It will only upgrade the component if - it is safe to do so \n - \"Removed\" : the operator is actively - managing the component and will not install it, or if it - is installed, the operator will try to remove it" + description: |- + Set to one of the following values: + + - "Managed" : the operator is actively managing the component and trying to keep it active. + It will only upgrade the component if it is safe to do so + + - "Removed" : the operator is actively managing the component and will not install it, + or if it is installed, the operator will try to remove it enum: - Managed - Removed @@ -132,8 +140,9 @@ spec: type: string type: object datasciencepipelines: - description: DataServicePipeline component configuration. Require - OpenShift Pipelines Operator to be installed before enable component + description: |- + DataServicePipeline component configuration. + Require OpenShift Pipelines Operator to be installed before enable component properties: devFlags: description: Add developer fields @@ -164,12 +173,14 @@ spec: type: array type: object managementState: - description: "Set to one of the following values: \n - \"Managed\" - : the operator is actively managing the component and trying - to keep it active. It will only upgrade the component if - it is safe to do so \n - \"Removed\" : the operator is actively - managing the component and will not install it, or if it - is installed, the operator will try to remove it" + description: |- + Set to one of the following values: + + - "Managed" : the operator is actively managing the component and trying to keep it active. + It will only upgrade the component if it is safe to do so + + - "Removed" : the operator is actively managing the component and will not install it, + or if it is installed, the operator will try to remove it enum: - Managed - Removed @@ -177,18 +188,16 @@ spec: type: string type: object kserve: - description: Kserve component configuration. Require OpenShift - Serverless and OpenShift Service Mesh Operators to be installed - before enable component Does not support enabled ModelMeshServing - at the same time + description: |- + Kserve component configuration. + Require OpenShift Serverless and OpenShift Service Mesh Operators to be installed before enable component + Does not support enabled ModelMeshServing at the same time properties: defaultDeploymentMode: - description: Configures the default deployment mode for Kserve. - This can be set to 'Serverless' or 'RawDeployment'. The - value specified in this field will be used to set the default - deployment mode in the 'inferenceservice-config' configmap - for Kserve. This field is optional. If no default deployment - mode is specified, Kserve will use Serverless mode. + description: |- + Configures the default deployment mode for Kserve. This can be set to 'Serverless' or 'RawDeployment'. + The value specified in this field will be used to set the default deployment mode in the 'inferenceservice-config' configmap for Kserve. + This field is optional. If no default deployment mode is specified, Kserve will use Serverless mode. enum: - Serverless - RawDeployment @@ -223,48 +232,47 @@ spec: type: array type: object managementState: - description: "Set to one of the following values: \n - \"Managed\" - : the operator is actively managing the component and trying - to keep it active. It will only upgrade the component if - it is safe to do so \n - \"Removed\" : the operator is actively - managing the component and will not install it, or if it - is installed, the operator will try to remove it" + description: |- + Set to one of the following values: + + - "Managed" : the operator is actively managing the component and trying to keep it active. + It will only upgrade the component if it is safe to do so + + - "Removed" : the operator is actively managing the component and will not install it, + or if it is installed, the operator will try to remove it enum: - Managed - Removed pattern: ^(Managed|Unmanaged|Force|Removed)$ type: string serving: - description: Serving configures the KNative-Serving stack - used for model serving. A Service Mesh (Istio) is prerequisite, - since it is used as networking layer. + description: |- + Serving configures the KNative-Serving stack used for model serving. A Service + Mesh (Istio) is prerequisite, since it is used as networking layer. properties: ingressGateway: - description: IngressGateway allows to customize some parameters - for the Istio Ingress Gateway that is bound to KNative-Serving. + description: |- + IngressGateway allows to customize some parameters for the Istio Ingress Gateway + that is bound to KNative-Serving. properties: certificate: - description: Certificate specifies configuration of - the TLS certificate securing communication for the - gateway. + description: |- + Certificate specifies configuration of the TLS certificate securing communication + for the gateway. properties: secretName: - description: SecretName specifies the name of - the Kubernetes Secret resource that contains - a TLS certificate secure HTTP communications - for the KNative network. + description: |- + SecretName specifies the name of the Kubernetes Secret resource that contains a + TLS certificate secure HTTP communications for the KNative network. type: string type: default: OpenshiftDefaultIngress - description: 'Type specifies if the TLS certificate - should be generated automatically, or if the - certificate is provided by the user. Allowed - values are: * SelfSigned: A certificate is going - to be generated using an own private key. * - Provided: Pre-existence of the TLS Secret (see - SecretName) with a valid certificate is assumed. - * OpenshiftDefaultIngress: Default ingress certificate - configured for OpenShift' + description: |- + Type specifies if the TLS certificate should be generated automatically, or if the certificate + is provided by the user. Allowed values are: + * SelfSigned: A certificate is going to be generated using an own private key. + * Provided: Pre-existence of the TLS Secret (see SecretName) with a valid certificate is assumed. + * OpenshiftDefaultIngress: Default ingress certificate configured for OpenShift enum: - SelfSigned - Provided @@ -272,12 +280,11 @@ spec: type: string type: object domain: - description: Domain specifies the host name for intercepting - incoming requests. Most likely, you will want to - use a wildcard name, like *.example.com. If not - set, the domain of the OpenShift Ingress is used. - If you choose to generate a certificate, this is - the domain used for the certificate request. + description: |- + Domain specifies the host name for intercepting incoming requests. + Most likely, you will want to use a wildcard name, like *.example.com. + If not set, the domain of the OpenShift Ingress is used. + If you choose to generate a certificate, this is the domain used for the certificate request. type: string type: object managementState: @@ -290,9 +297,9 @@ spec: type: string name: default: knative-serving - description: Name specifies the name of the KNativeServing - resource that is going to be created to instruct the - KNative Operator to deploy KNative serving components. + description: |- + Name specifies the name of the KNativeServing resource that is going to be + created to instruct the KNative Operator to deploy KNative serving components. This resource is created in the "knative-serving" namespace. type: string type: object @@ -329,12 +336,14 @@ spec: type: array type: object managementState: - description: "Set to one of the following values: \n - \"Managed\" - : the operator is actively managing the component and trying - to keep it active. It will only upgrade the component if - it is safe to do so \n - \"Removed\" : the operator is actively - managing the component and will not install it, or if it - is installed, the operator will try to remove it" + description: |- + Set to one of the following values: + + - "Managed" : the operator is actively managing the component and trying to keep it active. + It will only upgrade the component if it is safe to do so + + - "Removed" : the operator is actively managing the component and will not install it, + or if it is installed, the operator will try to remove it enum: - Managed - Removed @@ -342,8 +351,9 @@ spec: type: string type: object modelmeshserving: - description: ModelMeshServing component configuration. Does not - support enabled Kserve at the same time + description: |- + ModelMeshServing component configuration. + Does not support enabled Kserve at the same time properties: devFlags: description: Add developer fields @@ -374,12 +384,14 @@ spec: type: array type: object managementState: - description: "Set to one of the following values: \n - \"Managed\" - : the operator is actively managing the component and trying - to keep it active. It will only upgrade the component if - it is safe to do so \n - \"Removed\" : the operator is actively - managing the component and will not install it, or if it - is installed, the operator will try to remove it" + description: |- + Set to one of the following values: + + - "Managed" : the operator is actively managing the component and trying to keep it active. + It will only upgrade the component if it is safe to do so + + - "Removed" : the operator is actively managing the component and will not install it, + or if it is installed, the operator will try to remove it enum: - Managed - Removed @@ -418,12 +430,14 @@ spec: type: array type: object managementState: - description: "Set to one of the following values: \n - \"Managed\" - : the operator is actively managing the component and trying - to keep it active. It will only upgrade the component if - it is safe to do so \n - \"Removed\" : the operator is actively - managing the component and will not install it, or if it - is installed, the operator will try to remove it" + description: |- + Set to one of the following values: + + - "Managed" : the operator is actively managing the component and trying to keep it active. + It will only upgrade the component if it is safe to do so + + - "Removed" : the operator is actively managing the component and will not install it, + or if it is installed, the operator will try to remove it enum: - Managed - Removed @@ -462,12 +476,14 @@ spec: type: array type: object managementState: - description: "Set to one of the following values: \n - \"Managed\" - : the operator is actively managing the component and trying - to keep it active. It will only upgrade the component if - it is safe to do so \n - \"Removed\" : the operator is actively - managing the component and will not install it, or if it - is installed, the operator will try to remove it" + description: |- + Set to one of the following values: + + - "Managed" : the operator is actively managing the component and trying to keep it active. + It will only upgrade the component if it is safe to do so + + - "Removed" : the operator is actively managing the component and will not install it, + or if it is installed, the operator will try to remove it enum: - Managed - Removed @@ -506,12 +522,14 @@ spec: type: array type: object managementState: - description: "Set to one of the following values: \n - \"Managed\" - : the operator is actively managing the component and trying - to keep it active. It will only upgrade the component if - it is safe to do so \n - \"Removed\" : the operator is actively - managing the component and will not install it, or if it - is installed, the operator will try to remove it" + description: |- + Set to one of the following values: + + - "Managed" : the operator is actively managing the component and trying to keep it active. + It will only upgrade the component if it is safe to do so + + - "Removed" : the operator is actively managing the component and will not install it, + or if it is installed, the operator will try to remove it enum: - Managed - Removed @@ -550,12 +568,14 @@ spec: type: array type: object managementState: - description: "Set to one of the following values: \n - \"Managed\" - : the operator is actively managing the component and trying - to keep it active. It will only upgrade the component if - it is safe to do so \n - \"Removed\" : the operator is actively - managing the component and will not install it, or if it - is installed, the operator will try to remove it" + description: |- + Set to one of the following values: + + - "Managed" : the operator is actively managing the component and trying to keep it active. + It will only upgrade the component if it is safe to do so + + - "Removed" : the operator is actively managing the component and will not install it, + or if it is installed, the operator will try to remove it enum: - Managed - Removed @@ -594,12 +614,14 @@ spec: type: array type: object managementState: - description: "Set to one of the following values: \n - \"Managed\" - : the operator is actively managing the component and trying - to keep it active. It will only upgrade the component if - it is safe to do so \n - \"Removed\" : the operator is actively - managing the component and will not install it, or if it - is installed, the operator will try to remove it" + description: |- + Set to one of the following values: + + - "Managed" : the operator is actively managing the component and trying to keep it active. + It will only upgrade the component if it is safe to do so + + - "Removed" : the operator is actively managing the component and will not install it, + or if it is installed, the operator will try to remove it enum: - Managed - Removed @@ -612,13 +634,14 @@ spec: description: DataScienceClusterStatus defines the observed state of DataScienceCluster. properties: conditions: - description: 'Conditions describes the state of the DataScienceCluster - resource. standard known .status.conditions.type are: "Available", - "Progressing", "Degraded" Extra .status.conditions.type are : "ReconcileSuccess" - "CapabilityDSPv2Argo" and Ready' + description: |- + Conditions describes the state of the DataScienceCluster resource. + standard known .status.conditions.type are: "Available", "Progressing", "Degraded" + Extra .status.conditions.type are : "ReconcileSuccess" "CapabilityDSPv2Argo" and Ready items: - description: Condition represents the state of the operator's reconciliation - functionality. + description: |- + Condition represents the state of the operator's + reconciliation functionality. properties: lastHeartbeatTime: format: date-time @@ -649,78 +672,58 @@ spec: description: List of components with status if installed or not type: object phase: - description: 'Phase describes the Phase of DataScienceCluster reconciliation - state This is used by OLM UI to provide status information to the - user Newer API types should use conditions instead. Phase was essentially - a state-machine enumeration field, that contradicted system-design - principles and hampered evolution, since adding new enum values - breaks backward compatibility. Rather than encouraging clients to - infer implicit properties from phases, we prefer to explicitly expose - the individual conditions that clients need to monitor. Known .status.phase - are: "Created", "Error", "Ready" "Deleting"' + description: |- + Phase describes the Phase of DataScienceCluster reconciliation state + This is used by OLM UI to provide status information to the user + Newer API types should use conditions instead. Phase was essentially a state-machine enumeration field, that contradicted system-design principles and hampered evolution, since adding new enum values breaks backward compatibility. + Rather than encouraging clients to infer implicit properties from phases, we prefer to explicitly expose the individual conditions that clients need to monitor. + Known .status.phase are: "Created", "Error", "Ready" "Deleting" type: string relatedObjects: - description: RelatedObjects is a list of objects created and maintained - by this operator. Object references will be added to this list after - they have been created AND found in the cluster. + description: |- + RelatedObjects is a list of objects created and maintained by this operator. + Object references will be added to this list after they have been created AND found in the cluster. items: - description: "ObjectReference contains enough information to let - you inspect or modify the referred object. --- New uses of this - type are discouraged because of difficulty describing its usage - when embedded in APIs. 1. Ignored fields. It includes many fields - which are not generally honored. For instance, ResourceVersion - and FieldPath are both very rarely valid in actual usage. 2. Invalid - usage help. It is impossible to add specific help for individual - usage. In most embedded usages, there are particular restrictions - like, \"must refer only to types A and B\" or \"UID not honored\" - or \"name must be restricted\". Those cannot be well described - when embedded. 3. Inconsistent validation. Because the usages - are different, the validation rules are different by usage, which - makes it hard for users to predict what will happen. 4. The fields - are both imprecise and overly precise. Kind is not a precise - mapping to a URL. This can produce ambiguity during interpretation - and require a REST mapping. In most cases, the dependency is - on the group,resource tuple and the version of the actual struct - is irrelevant. 5. We cannot easily change it. Because this type - is embedded in many locations, updates to this type will affect - numerous schemas. Don't make new APIs embed an underspecified - API type they do not control. \n Instead of using this type, create - a locally provided and used type that is well-focused on your - reference. For example, ServiceReferences for admission registration: - https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - ." + description: ObjectReference contains enough information to let + you inspect or modify the referred object. properties: apiVersion: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic diff --git a/config/crd/bases/dscinitialization.opendatahub.io_dscinitializations.yaml b/config/crd/bases/dscinitialization.opendatahub.io_dscinitializations.yaml index 5b005fba05c..e2c0a1716e7 100644 --- a/config/crd/bases/dscinitialization.opendatahub.io_dscinitializations.yaml +++ b/config/crd/bases/dscinitialization.opendatahub.io_dscinitializations.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.1 name: dscinitializations.dscinitialization.opendatahub.io spec: group: dscinitialization.opendatahub.io @@ -34,14 +33,19 @@ spec: description: DSCInitialization is the Schema for the dscinitializations API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -54,7 +58,8 @@ spec: default to "opendatahub" type: string devFlags: - description: Internal development useful field to test customizations. + description: |- + Internal development useful field to test customizations. This is not recommended to be used in production environment. properties: logmode: @@ -73,12 +78,12 @@ spec: description: Enable monitoring on specified namespace properties: managementState: - description: 'Set to one of the following values: - "Managed" - : the operator is actively managing the component and trying - to keep it active. It will only upgrade the component if it - is safe to do so. - "Removed" : the operator is actively managing - the component and will not install it, or if it is installed, - the operator will try to remove it.' + description: |- + Set to one of the following values: + - "Managed" : the operator is actively managing the component and trying to keep it active. + It will only upgrade the component if it is safe to do so. + - "Removed" : the operator is actively managing the component and will not install it, + or if it is installed, the operator will try to remove it. enum: - Managed - Removed @@ -90,33 +95,34 @@ spec: type: string type: object serviceMesh: - description: Configures Service Mesh as networking layer for Data - Science Clusters components. The Service Mesh is a mandatory prerequisite - for single model serving (KServe) and you should review this configuration - if you are planning to use KServe. For other components, it enhances - user experience; e.g. it provides unified authentication giving - a Single Sign On experience. + description: |- + Configures Service Mesh as networking layer for Data Science Clusters components. + The Service Mesh is a mandatory prerequisite for single model serving (KServe) and + you should review this configuration if you are planning to use KServe. + For other components, it enhances user experience; e.g. it provides unified + authentication giving a Single Sign On experience. properties: auth: - description: Auth holds configuration of authentication and authorization - services used by Service Mesh in Opendatahub. + description: |- + Auth holds configuration of authentication and authorization services + used by Service Mesh in Opendatahub. properties: audiences: default: - https://kubernetes.default.svc - description: Audiences is a list of the identifiers that the - resource server presented with the token identifies as. - Audience-aware token authenticators will verify that the - token was intended for at least one of the audiences in - this list. If no audiences are provided, the audience will - default to the audience of the Kubernetes apiserver (kubernetes.default.svc). + description: |- + Audiences is a list of the identifiers that the resource server presented + with the token identifies as. Audience-aware token authenticators will verify + that the token was intended for at least one of the audiences in this list. + If no audiences are provided, the audience will default to the audience of the + Kubernetes apiserver (kubernetes.default.svc). items: type: string type: array namespace: - description: Namespace where it is deployed. If not provided, - the default is to use '-auth-provider' suffix on the ApplicationsNamespace - of the DSCI. + description: |- + Namespace where it is deployed. If not provided, the default is to + use '-auth-provider' suffix on the ApplicationsNamespace of the DSCI. type: string type: object controlPlane: @@ -125,10 +131,10 @@ spec: properties: metricsCollection: default: Istio - description: MetricsCollection specifies if metrics from components - on the Mesh namespace should be collected. Setting the value - to "Istio" will collect metrics from the control plane and - any proxies on the Mesh namespace (like gateway pods). Setting + description: |- + MetricsCollection specifies if metrics from components on the Mesh namespace + should be collected. Setting the value to "Istio" will collect metrics from the + control plane and any proxies on the Mesh namespace (like gateway pods). Setting to "None" will disable metrics collection. enum: - Istio @@ -155,17 +161,17 @@ spec: type: string type: object trustedCABundle: - description: When set to `Managed`, adds odh-trusted-ca-bundle Configmap - to all namespaces that includes cluster-wide Trusted CA Bundle in - .data["ca-bundle.crt"]. Additionally, this fields allows admins - to add custom CA bundles to the configmap using the .CustomCABundle - field. + description: |- + When set to `Managed`, adds odh-trusted-ca-bundle Configmap to all namespaces that includes + cluster-wide Trusted CA Bundle in .data["ca-bundle.crt"]. + Additionally, this fields allows admins to add custom CA bundles to the configmap using the .CustomCABundle field. properties: customCABundle: default: "" - description: A custom CA bundle that will be available for all components - in the Data Science Cluster(DSC). This bundle will be stored - in odh-trusted-ca-bundle ConfigMap .data.odh-ca-bundle.crt . + description: |- + A custom CA bundle that will be available for all components in the + Data Science Cluster(DSC). This bundle will be stored in odh-trusted-ca-bundle + ConfigMap .data.odh-ca-bundle.crt . type: string managementState: default: Removed @@ -188,13 +194,14 @@ spec: description: DSCInitializationStatus defines the observed state of DSCInitialization. properties: conditions: - description: 'Conditions describes the state of the DSCInitializationStatus - resource standard known .status.conditions.type are: "Available", - "Progressing", "Degraded" Extra .status.conditions.type are : "ReconcileSuccess", - "CapabilityServiceMesh", "CapabilityServiceMeshAuthorization"' + description: |- + Conditions describes the state of the DSCInitializationStatus resource + standard known .status.conditions.type are: "Available", "Progressing", "Degraded" + Extra .status.conditions.type are : "ReconcileSuccess", "CapabilityServiceMesh", "CapabilityServiceMeshAuthorization" items: - description: Condition represents the state of the operator's reconciliation - functionality. + description: |- + Condition represents the state of the operator's + reconciliation functionality. properties: lastHeartbeatTime: format: date-time @@ -220,79 +227,59 @@ spec: errorMessage: type: string phase: - description: 'Phase describes the Phase of DSCInitializationStatus + description: |- + Phase describes the Phase of DSCInitializationStatus This is used by OLM UI to provide status information to the user - The pattern of using phase is deprecated. Newer API types should - use conditions instead. Phase was essentially a state-machine enumeration - field, that contradicted system-design principles and hampered evolution, - since adding new enum values breaks backward compatibility. Rather - than encouraging clients to infer implicit properties from phases, - we prefer to explicitly expose the individual conditions that clients - need to monitor. Known .status.phase are: "Created", "Error", "Ready" - "Deleting"' + The pattern of using phase is deprecated. + Newer API types should use conditions instead. Phase was essentially a state-machine enumeration field, that contradicted system-design principles and hampered evolution, since adding new enum values breaks backward compatibility. + Rather than encouraging clients to infer implicit properties from phases, we prefer to explicitly expose the individual conditions that clients need to monitor. + Known .status.phase are: "Created", "Error", "Ready" "Deleting" type: string relatedObjects: - description: RelatedObjects is a list of objects created and maintained - by this operator. Object references will be added to this list after - they have been created AND found in the cluster + description: |- + RelatedObjects is a list of objects created and maintained by this operator. + Object references will be added to this list after they have been created AND found in the cluster items: - description: "ObjectReference contains enough information to let - you inspect or modify the referred object. --- New uses of this - type are discouraged because of difficulty describing its usage - when embedded in APIs. 1. Ignored fields. It includes many fields - which are not generally honored. For instance, ResourceVersion - and FieldPath are both very rarely valid in actual usage. 2. Invalid - usage help. It is impossible to add specific help for individual - usage. In most embedded usages, there are particular restrictions - like, \"must refer only to types A and B\" or \"UID not honored\" - or \"name must be restricted\". Those cannot be well described - when embedded. 3. Inconsistent validation. Because the usages - are different, the validation rules are different by usage, which - makes it hard for users to predict what will happen. 4. The fields - are both imprecise and overly precise. Kind is not a precise - mapping to a URL. This can produce ambiguity during interpretation - and require a REST mapping. In most cases, the dependency is - on the group,resource tuple and the version of the actual struct - is irrelevant. 5. We cannot easily change it. Because this type - is embedded in many locations, updates to this type will affect - numerous schemas. Don't make new APIs embed an underspecified - API type they do not control. \n Instead of using this type, create - a locally provided and used type that is well-focused on your - reference. For example, ServiceReferences for admission registration: - https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - ." + description: ObjectReference contains enough information to let + you inspect or modify the referred object. properties: apiVersion: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic diff --git a/config/crd/bases/features.opendatahub.io_featuretrackers.yaml b/config/crd/bases/features.opendatahub.io_featuretrackers.yaml index 93c3eff33b5..c0110c7f757 100644 --- a/config/crd/bases/features.opendatahub.io_featuretrackers.yaml +++ b/config/crd/bases/features.opendatahub.io_featuretrackers.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.1 name: featuretrackers.features.opendatahub.io spec: group: features.opendatahub.io @@ -18,24 +17,29 @@ spec: - name: v1 schema: openAPIV3Schema: - description: FeatureTracker represents a cluster-scoped resource in the Data - Science Cluster, specifically designed for monitoring and managing objects - created via the internal Features API. This resource serves a crucial role - in cross-namespace resource management, acting as an owner reference for - various resources. The primary purpose of the FeatureTracker is to enable - efficient garbage collection by Kubernetes. This is essential for ensuring - that resources are automatically cleaned up and reclaimed when they are + description: |- + FeatureTracker represents a cluster-scoped resource in the Data Science Cluster, + specifically designed for monitoring and managing objects created via the internal Features API. + This resource serves a crucial role in cross-namespace resource management, acting as + an owner reference for various resources. The primary purpose of the FeatureTracker + is to enable efficient garbage collection by Kubernetes. This is essential for + ensuring that resources are automatically cleaned up and reclaimed when they are no longer required. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -59,8 +63,9 @@ spec: properties: conditions: items: - description: Condition represents the state of the operator's reconciliation - functionality. + description: |- + Condition represents the state of the operator's + reconciliation functionality. properties: lastHeartbeatTime: format: date-time @@ -84,9 +89,9 @@ spec: type: object type: array phase: - description: Phase describes the Phase of FeatureTracker reconciliation - state. This is used by OLM UI to provide status information to the - user. + description: |- + Phase describes the Phase of FeatureTracker reconciliation state. + This is used by OLM UI to provide status information to the user. type: string type: object type: object diff --git a/config/crd/external/route.openshift.io_routes.yaml b/config/crd/external/route.openshift.io_routes.yaml index 2a2f92b027f..61f3c3b0b9b 100644 --- a/config/crd/external/route.openshift.io_routes.yaml +++ b/config/crd/external/route.openshift.io_routes.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.1 name: routes.route.openshift.io spec: group: route.openshift.io @@ -18,38 +17,49 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "A route allows developers to expose services through an HTTP(S) - aware load balancing and proxy layer via a public DNS entry. The route may - further specify TLS options and a certificate, or specify a public CNAME - that the router should also accept for HTTP and HTTPS traffic. An administrator - typically configures their router to be visible outside the cluster firewall, - and may also add additional security, caching, or traffic controls on the - service content. Routers usually talk directly to the service endpoints. - \n Once a route is created, the `host` field may not be changed. Generally, - routers use the oldest route with a given host when resolving conflicts. - \n Routers are subject to additional customization and may support additional - controls via the annotations field. \n Because administrators may configure - multiple routers, the route status field is used to return information to - clients about the names and states of the route under each router. If a - client chooses a duplicate name, for instance, the route status conditions - are used to indicate the route cannot be chosen. \n To enable HTTP/2 ALPN - on a route it requires a custom (non-wildcard) certificate. This prevents - connection coalescing by clients, notably web browsers. We do not support - HTTP/2 ALPN on routes that use the default certificate because of the risk - of connection re-use/coalescing. Routes that do not have their own custom - certificate will not be HTTP/2 ALPN-enabled on either the frontend or the - backend. \n Compatibility level 1: Stable within a major release for a minimum - of 12 months or 3 minor releases (whichever is longer)." + description: |- + A route allows developers to expose services through an HTTP(S) aware load balancing and proxy + layer via a public DNS entry. The route may further specify TLS options and a certificate, or + specify a public CNAME that the router should also accept for HTTP and HTTPS traffic. An + administrator typically configures their router to be visible outside the cluster firewall, and + may also add additional security, caching, or traffic controls on the service content. Routers + usually talk directly to the service endpoints. + + Once a route is created, the `host` field may not be changed. Generally, routers use the oldest + route with a given host when resolving conflicts. + + Routers are subject to additional customization and may support additional controls via the + annotations field. + + Because administrators may configure multiple routers, the route status field is used to + return information to clients about the names and states of the route under each router. + If a client chooses a duplicate name, for instance, the route status conditions are used + to indicate the route cannot be chosen. + + To enable HTTP/2 ALPN on a route it requires a custom + (non-wildcard) certificate. This prevents connection coalescing by + clients, notably web browsers. We do not support HTTP/2 ALPN on + routes that use the default certificate because of the risk of + connection re-use/coalescing. Routes that do not have their own + custom certificate will not be HTTP/2 ALPN-enabled on either the + frontend or the backend. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -57,14 +67,14 @@ spec: description: spec is the desired state of the route properties: alternateBackends: - description: alternateBackends allows up to 3 additional backends - to be assigned to the route. Only the Service kind is allowed, and - it will be defaulted to Service. Use the weight field in RouteTargetReference - object to specify relative preference. + description: |- + alternateBackends allows up to 3 additional backends to be assigned to the route. + Only the Service kind is allowed, and it will be defaulted to Service. + Use the weight field in RouteTargetReference object to specify relative preference. items: - description: RouteTargetReference specifies the target that resolve - into endpoints. Only the 'Service' kind is allowed. Use 'weight' - field to emphasize one over others. + description: |- + RouteTargetReference specifies the target that resolve into endpoints. Only the 'Service' + kind is allowed. Use 'weight' field to emphasize one over others. properties: kind: default: Service @@ -81,9 +91,9 @@ spec: type: string weight: default: 100 - description: weight as an integer between 0 and 256, default - 100, that specifies the target's relative weight against other - target reference objects. 0 suppresses requests to this backend. + description: |- + weight as an integer between 0 and 256, default 100, that specifies the target's relative weight + against other target reference objects. 0 suppresses requests to this backend. format: int32 maximum: 256 minimum: 0 @@ -95,8 +105,10 @@ spec: maxItems: 3 type: array host: - description: host is an alias/DNS that points to the service. Optional. - If not specified a route name will typically be automatically chosen. + description: |- + host is an alias/DNS that points to the service. Optional. + If not specified a route name will typically be automatically + chosen. Must follow DNS952 subdomain conventions. maxLength: 253 pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ @@ -105,55 +117,51 @@ spec: description: httpHeaders defines policy for HTTP headers. properties: actions: - description: 'actions specifies options for modifying headers - and their values. Note that this option only applies to cleartext - HTTP connections and to secure HTTP connections for which the - ingress controller terminates encryption (that is, edge-terminated - or reencrypt connections). Headers cannot be modified for TLS - passthrough connections. Setting the HSTS (`Strict-Transport-Security`) - header is not supported via actions. `Strict-Transport-Security` - may only be configured using the "haproxy.router.openshift.io/hsts_header" - route annotation, and only in accordance with the policy specified - in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request - headers, the actions specified in spec.httpHeaders.actions on - the Route will be executed after the actions specified in the - IngressController''s spec.httpHeaders.actions field. In case - of HTTP response headers, the actions specified in spec.httpHeaders.actions - on the IngressController will be executed after the actions - specified in the Route''s spec.httpHeaders.actions field. The - headers set via this API will not appear in access logs. Any - actions defined here are applied after any actions related to - the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, - spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. - The following header names are reserved and may not be modified - via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. - Note that the total size of all net added headers *after* interpolating - dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. Please refer to the documentation - for that API field for more details.' + description: |- + actions specifies options for modifying headers and their values. + Note that this option only applies to cleartext HTTP connections + and to secure HTTP connections for which the ingress controller + terminates encryption (that is, edge-terminated or reencrypt + connections). Headers cannot be modified for TLS passthrough + connections. + Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. + `Strict-Transport-Security` may only be configured using the "haproxy.router.openshift.io/hsts_header" + route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. + In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after + the actions specified in the IngressController's spec.httpHeaders.actions field. + In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be + executed after the actions specified in the Route's spec.httpHeaders.actions field. + The headers set via this API will not appear in access logs. + Any actions defined here are applied after any actions related to the following other fields: + cache-control, spec.clientTLS, + spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, + and spec.httpHeaders.headerNameCaseAdjustments. + The following header names are reserved and may not be modified via this API: + Strict-Transport-Security, Proxy, Cookie, Set-Cookie. + Note that the total size of all net added headers *after* interpolating dynamic values + must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + IngressController. Please refer to the documentation + for that API field for more details. properties: request: - description: 'request is a list of HTTP request headers to - modify. Currently, actions may define to either `Set` or - `Delete` headers values. Actions defined here will modify - the request headers of all requests made through a route. - These actions are applied to a specific Route defined within - a cluster i.e. connections made through a route. Currently, - actions may define to either `Set` or `Delete` headers values. - Route actions will be executed after IngressController actions - for request headers. Actions are applied in sequence as - defined in this list. A maximum of 20 request header actions - may be configured. You can use this field to specify HTTP - request headers that should be set or deleted when forwarding - connections from the client to your application. Sample - fetchers allowed are "req.hdr" and "ssl_c_der". Converters - allowed are "lower" and "base64". Example header values: - "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". - Any request header configuration applied directly via a - Route resource using this API will override header configuration - for a header of the same name applied via spec.httpHeaders.actions - on the IngressController or route annotation. Note: This - field cannot be used if your route uses TLS passthrough.' + description: |- + request is a list of HTTP request headers to modify. + Currently, actions may define to either `Set` or `Delete` headers values. + Actions defined here will modify the request headers of all requests made through a route. + These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. + Currently, actions may define to either `Set` or `Delete` headers values. + Route actions will be executed after IngressController actions for request headers. + Actions are applied in sequence as defined in this list. + A maximum of 20 request header actions may be configured. + You can use this field to specify HTTP request headers that should be set or deleted + when forwarding connections from the client to your application. + Sample fetchers allowed are "req.hdr" and "ssl_c_der". + Converters allowed are "lower" and "base64". + Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + Any request header configuration applied directly via a Route resource using this API + will override header configuration for a header of the same name applied via + spec.httpHeaders.actions on the IngressController or route annotation. + Note: This field cannot be used if your route uses TLS passthrough. items: description: RouteHTTPHeader specifies configuration for setting or deleting an HTTP header. @@ -163,25 +171,20 @@ spec: headers, such as setting or deleting headers. properties: set: - description: 'set defines the HTTP header that should - be set: added if it doesn''t exist or replaced - if it does. This field is required when type is - Set and forbidden otherwise.' + description: |- + set defines the HTTP header that should be set: added if it doesn't exist or replaced if it does. + This field is required when type is Set and forbidden otherwise. properties: value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. + description: |- + value specifies a header value. + Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in + http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and + otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + The value of this field must be no more than 16384 characters in length. + Note that the total size of all net added headers *after* interpolating dynamic values + must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + IngressController. maxLength: 16384 minLength: 1 type: string @@ -189,11 +192,11 @@ spec: - value type: object type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. + description: |- + type defines the type of the action to be applied on the header. + Possible values are Set or Delete. + Set allows you to set HTTP request and response headers. + Delete allows you to delete HTTP request and response headers. enum: - Set - Delete @@ -207,15 +210,14 @@ spec: rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Cookie, Set-Cookie. It must be no more than - 255 characters in length. Header name must be unique.' + description: |- + name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". + The following header names are reserved and may not be modified via this API: + Strict-Transport-Security, Proxy, Cookie, Set-Cookie. + It must be no more than 255 characters in length. + Header name must be unique. maxLength: 255 minLength: 1 pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ @@ -254,22 +256,20 @@ spec: rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) response: - description: 'response is a list of HTTP response headers - to modify. Currently, actions may define to either `Set` - or `Delete` headers values. Actions defined here will modify - the response headers of all requests made through a route. - These actions are applied to a specific Route defined within - a cluster i.e. connections made through a route. Route actions - will be executed before IngressController actions for response - headers. Actions are applied in sequence as defined in this - list. A maximum of 20 response header actions may be configured. - You can use this field to specify HTTP response headers - that should be set or deleted when forwarding responses - from your application to the client. Sample fetchers allowed - are "res.hdr" and "ssl_c_der". Converters allowed are "lower" - and "base64". Example header values: "%[res.hdr(X-target),lower]", - "%{+Q}[ssl_c_der,base64]". Note: This field cannot be used - if your route uses TLS passthrough.' + description: |- + response is a list of HTTP response headers to modify. + Currently, actions may define to either `Set` or `Delete` headers values. + Actions defined here will modify the response headers of all requests made through a route. + These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. + Route actions will be executed before IngressController actions for response headers. + Actions are applied in sequence as defined in this list. + A maximum of 20 response header actions may be configured. + You can use this field to specify HTTP response headers that should be set or deleted + when forwarding responses from your application to the client. + Sample fetchers allowed are "res.hdr" and "ssl_c_der". + Converters allowed are "lower" and "base64". + Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + Note: This field cannot be used if your route uses TLS passthrough. items: description: RouteHTTPHeader specifies configuration for setting or deleting an HTTP header. @@ -279,25 +279,20 @@ spec: headers, such as setting or deleting headers. properties: set: - description: 'set defines the HTTP header that should - be set: added if it doesn''t exist or replaced - if it does. This field is required when type is - Set and forbidden otherwise.' + description: |- + set defines the HTTP header that should be set: added if it doesn't exist or replaced if it does. + This field is required when type is Set and forbidden otherwise. properties: value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. + description: |- + value specifies a header value. + Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in + http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and + otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + The value of this field must be no more than 16384 characters in length. + Note that the total size of all net added headers *after* interpolating dynamic values + must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + IngressController. maxLength: 16384 minLength: 1 type: string @@ -305,11 +300,11 @@ spec: - value type: object type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. + description: |- + type defines the type of the action to be applied on the header. + Possible values are Set or Delete. + Set allows you to set HTTP request and response headers. + Delete allows you to delete HTTP request and response headers. enum: - Set - Delete @@ -323,15 +318,14 @@ spec: rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Cookie, Set-Cookie. It must be no more than - 255 characters in length. Header name must be unique.' + description: |- + name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". + The following header names are reserved and may not be modified via this API: + Strict-Transport-Security, Proxy, Cookie, Set-Cookie. + It must be no more than 255 characters in length. + Header name must be unique. maxLength: 255 minLength: 1 pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ @@ -377,35 +371,37 @@ spec: pattern: ^/ type: string port: - description: If specified, the port to be used by the router. Most - routers will use all endpoints exposed by the service by default - - set this value to instruct routers which port to use. + description: |- + If specified, the port to be used by the router. Most routers will use all + endpoints exposed by the service by default - set this value to instruct routers + which port to use. properties: targetPort: anyOf: - type: integer - type: string - description: The target port on pods selected by the service this - route points to. If this is a string, it will be looked up as - a named port in the target endpoints port list. Required + description: |- + The target port on pods selected by the service this route points to. + If this is a string, it will be looked up as a named port in the target + endpoints port list. Required x-kubernetes-int-or-string: true required: - targetPort type: object subdomain: - description: "subdomain is a DNS subdomain that is requested within - the ingress controller's domain (as a subdomain). If host is set - this field is ignored. An ingress controller may choose to ignore - this suggested name, in which case the controller will report the - assigned name in the status.ingress array or refuse to admit the - route. If this value is set and the server does not support this - field host will be populated automatically. Otherwise host is left - empty. The field may have multiple parts separated by a dot, but - not all ingress controllers may honor the request. This field may - not be changed after creation except by a user with the update routes/custom-host - permission. \n Example: subdomain `frontend` automatically receives - the router subdomain `apps.mycluster.com` to have a full hostname - `frontend.apps.mycluster.com`." + description: |- + subdomain is a DNS subdomain that is requested within the ingress controller's + domain (as a subdomain). If host is set this field is ignored. An ingress + controller may choose to ignore this suggested name, in which case the controller + will report the assigned name in the status.ingress array or refuse to admit the + route. If this value is set and the server does not support this field host will + be populated automatically. Otherwise host is left empty. The field may have + multiple parts separated by a dot, but not all ingress controllers may honor + the request. This field may not be changed after creation except by a user with + the update routes/custom-host permission. + + Example: subdomain `frontend` automatically receives the router subdomain + `apps.mycluster.com` to have a full hostname `frontend.apps.mycluster.com`. maxLength: 253 pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ type: string @@ -418,40 +414,41 @@ spec: contents type: string certificate: - description: certificate provides certificate contents. This should - be a single serving certificate, not a certificate chain. Do - not include a CA certificate. + description: |- + certificate provides certificate contents. This should be a single serving certificate, not a certificate + chain. Do not include a CA certificate. type: string destinationCACertificate: - description: destinationCACertificate provides the contents of - the ca certificate of the final destination. When using reencrypt - termination this file should be provided in order to have routers - use it for health checks on the secure connection. If this field - is not specified, the router may provide its own destination - CA and perform hostname validation using the short service name - (service.namespace.svc), which allows infrastructure generated - certificates to automatically verify. + description: |- + destinationCACertificate provides the contents of the ca certificate of the final destination. When using reencrypt + termination this file should be provided in order to have routers use it for health checks on the secure connection. + If this field is not specified, the router may provide its own destination CA and perform hostname validation using + the short service name (service.namespace.svc), which allows infrastructure generated certificates to automatically + verify. type: string externalCertificate: - description: externalCertificate provides certificate contents - as a secret reference. This should be a single serving certificate, - not a certificate chain. Do not include a CA certificate. The - secret referenced should be present in the same namespace as - that of the Route. Forbidden when `certificate` is set. + description: |- + externalCertificate provides certificate contents as a secret reference. + This should be a single serving certificate, not a certificate + chain. Do not include a CA certificate. The secret referenced should + be present in the same namespace as that of the Route. + Forbidden when `certificate` is set. properties: name: - description: 'name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic insecureEdgeTerminationPolicy: - description: "insecureEdgeTerminationPolicy indicates the desired - behavior for insecure connections to a route. While each router - may make its own decisions on which ports to expose, this is - normally port 80. \n * Allow - traffic is sent to the server - on the insecure port (edge/reencrypt terminations only) (default). - * None - no traffic is allowed on the insecure port. * Redirect - - clients are redirected to the secure port." + description: |- + insecureEdgeTerminationPolicy indicates the desired behavior for insecure connections to a route. While + each router may make its own decisions on which ports to expose, this is normally port 80. + + * Allow - traffic is sent to the server on the insecure port (edge/reencrypt terminations only) (default). + * None - no traffic is allowed on the insecure port. + * Redirect - clients are redirected to the secure port. enum: - Allow - None @@ -462,14 +459,14 @@ spec: description: key provides key file contents type: string termination: - description: "termination indicates termination type. \n * edge - - TLS termination is done by the router and http is used to - communicate with the backend (default) * passthrough - Traffic - is sent straight to the destination without the router providing - TLS termination * reencrypt - TLS termination is done by the - router and https is used to communicate with the backend \n - Note: passthrough termination is incompatible with httpHeader - actions" + description: |- + termination indicates termination type. + + * edge - TLS termination is done by the router and http is used to communicate with the backend (default) + * passthrough - Traffic is sent straight to the destination without the router providing TLS termination + * reencrypt - TLS termination is done by the router and https is used to communicate with the backend + + Note: passthrough termination is incompatible with httpHeader actions enum: - edge - reencrypt @@ -485,10 +482,10 @@ spec: ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) : true' to: - description: to is an object the route should use as the primary backend. - Only the Service kind is allowed, and it will be defaulted to Service. - If the weight field (0-256 default 100) is set to zero, no traffic - will be sent to this backend. + description: |- + to is an object the route should use as the primary backend. Only the Service kind + is allowed, and it will be defaulted to Service. If the weight field (0-256 default 100) + is set to zero, no traffic will be sent to this backend. properties: kind: default: Service @@ -505,9 +502,9 @@ spec: type: string weight: default: 100 - description: weight as an integer between 0 and 256, default 100, - that specifies the target's relative weight against other target - reference objects. 0 suppresses requests to this backend. + description: |- + weight as an integer between 0 and 256, default 100, that specifies the target's relative weight + against other target reference objects. 0 suppresses requests to this backend. format: int32 maximum: 256 minimum: 0 @@ -518,8 +515,9 @@ spec: type: object wildcardPolicy: default: None - description: Wildcard policy if any for the route. Currently only - 'Subdomain' or 'None' is allowed. + description: |- + Wildcard policy if any for the route. + Currently only 'Subdomain' or 'None' is allowed. enum: - None - Subdomain @@ -536,9 +534,10 @@ spec: description: status is the current state of the route properties: ingress: - description: ingress describes the places where the route may be exposed. - The list of ingress points may contain duplicate Host or RouterName - values. Routes are considered live once they are `Ready` + description: |- + ingress describes the places where the route may be exposed. The list of + ingress points may contain duplicate Host or RouterName values. Routes + are considered live once they are `Ready` items: description: RouteIngress holds information about the places where a route is exposed. @@ -546,8 +545,9 @@ spec: conditions: description: Conditions is the state of the route, may be empty. items: - description: RouteIngressCondition contains details for the - current condition of this route on a particular router. + description: |- + RouteIngressCondition contains details for the current condition of this route on a particular + router. properties: lastTransitionTime: description: RFC 3339 date and time when this condition @@ -559,16 +559,19 @@ spec: about last transition. type: string reason: - description: (brief) reason for the condition's last transition, - and is usually a machine and human readable constant + description: |- + (brief) reason for the condition's last transition, and is usually a machine and human + readable constant type: string status: - description: Status is the status of the condition. Can - be True, False, Unknown. + description: |- + Status is the status of the condition. + Can be True, False, Unknown. type: string type: - description: Type is the type of the condition. Currently - only Admitted. + description: |- + Type is the type of the condition. + Currently only Admitted. type: string required: - status @@ -580,10 +583,9 @@ spec: exposed; this value is required type: string routerCanonicalHostname: - description: CanonicalHostname is the external host name for - the router that can be used as a CNAME for the host requested - for this route. This value is optional and may not be set - in all cases. + description: |- + CanonicalHostname is the external host name for the router that can be used as a CNAME + for the host requested for this route. This value is optional and may not be set in all cases. type: string routerName: description: Name is a name chosen by the router to identify diff --git a/config/crd/external/user.openshift.io_groups.yaml b/config/crd/external/user.openshift.io_groups.yaml index 452dd58d903..a72ff5ef947 100644 --- a/config/crd/external/user.openshift.io_groups.yaml +++ b/config/crd/external/user.openshift.io_groups.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.1 name: groups.user.openshift.io spec: group: user.openshift.io @@ -18,19 +17,25 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "Group represents a referenceable set of Users \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." + description: |- + Group represents a referenceable set of Users + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object diff --git a/config/crd/external/user.openshift.io_identities.yaml b/config/crd/external/user.openshift.io_identities.yaml index 971f99052da..891c81aebec 100644 --- a/config/crd/external/user.openshift.io_identities.yaml +++ b/config/crd/external/user.openshift.io_identities.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.1 name: identities.user.openshift.io spec: group: user.openshift.io @@ -18,19 +17,21 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "Identity records a successful authentication of a user with - an identity provider. The information about the source of authentication - is stored on the identity, and the identity is then associated with a single - user object. Multiple identities can reference a single user. Information - retrieved from the authentication provider is stored in the extra field - using a schema determined by the provider. \n Compatibility level 1: Stable - within a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." + description: |- + Identity records a successful authentication of a user with an identity provider. The + information about the source of authentication is stored on the identity, and the identity + is then associated with a single user object. Multiple identities can reference a single + user. Information retrieved from the authentication provider is stored in the extra field + using a schema determined by the provider. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string extra: additionalProperties: @@ -38,9 +39,12 @@ spec: description: Extra holds extra information about this identity type: object kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -52,39 +56,47 @@ spec: scope of the provider type: string user: - description: User is a reference to the user this identity is associated - with Both Name and UID must be set + description: |- + User is a reference to the user this identity is associated with + Both Name and UID must be set properties: apiVersion: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of an entire - object, this string should contain a valid JSON/Go field access - statement, such as desiredState.manifest.containers[2]. For example, - if the object reference is to a container within a pod, this would - take on a value like: "spec.containers{name}" (where "name" refers - to the name of the container that triggered the event) or if no - container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined - way of referencing a part of an object. TODO: this design is not - final and this field is subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference is - made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic diff --git a/config/crd/external/user.openshift.io_useridentitymappings.yaml b/config/crd/external/user.openshift.io_useridentitymappings.yaml index 41bf7b7837b..bcf5c5ac424 100644 --- a/config/crd/external/user.openshift.io_useridentitymappings.yaml +++ b/config/crd/external/user.openshift.io_useridentitymappings.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.1 name: useridentitymappings.user.openshift.io spec: group: user.openshift.io @@ -18,14 +17,17 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "UserIdentityMapping maps a user to an identity \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." + description: |- + UserIdentityMapping maps a user to an identity + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string identity: description: Identity is a reference to an identity @@ -34,39 +36,49 @@ spec: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of an entire - object, this string should contain a valid JSON/Go field access - statement, such as desiredState.manifest.containers[2]. For example, - if the object reference is to a container within a pod, this would - take on a value like: "spec.containers{name}" (where "name" refers - to the name of the container that triggered the event) or if no - container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined - way of referencing a part of an object. TODO: this design is not - final and this field is subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference is - made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -77,32 +89,39 @@ spec: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of an entire - object, this string should contain a valid JSON/Go field access - statement, such as desiredState.manifest.containers[2]. For example, - if the object reference is to a container within a pod, this would - take on a value like: "spec.containers{name}" (where "name" refers - to the name of the container that triggered the event) or if no - container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined - way of referencing a part of an object. TODO: this design is not - final and this field is subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference is - made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic diff --git a/config/crd/external/user.openshift.io_users.yaml b/config/crd/external/user.openshift.io_users.yaml index c6315360048..2c9e80fa49b 100644 --- a/config/crd/external/user.openshift.io_users.yaml +++ b/config/crd/external/user.openshift.io_users.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.1 name: users.user.openshift.io spec: group: user.openshift.io @@ -18,27 +17,30 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "Upon log in, every user of the system receives a User and Identity - resource. Administrators may directly manipulate the attributes of the users - for their own tracking, or set groups via the API. The user name is unique - and is chosen based on the value provided by the identity provider - if - a user already exists with the incoming name, the user name may have a number - appended to it depending on the configuration of the system. \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." + description: |- + Upon log in, every user of the system receives a User and Identity resource. Administrators + may directly manipulate the attributes of the users for their own tracking, or set groups + via the API. The user name is unique and is chosen based on the value provided by the + identity provider - if a user already exists with the incoming name, the user name may have + a number appended to it depending on the configuration of the system. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string fullName: description: FullName is the full name of user type: string groups: - description: Groups specifies group names this user is a member of. This - field is deprecated and will be removed in a future release. Instead, - create a Group object containing the name of this User. + description: |- + Groups specifies group names this user is a member of. + This field is deprecated and will be removed in a future release. + Instead, create a Group object containing the name of this User. items: type: string type: array @@ -48,9 +50,12 @@ spec: type: string type: array kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index c326775a7df..01fb5d0b462 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - creationTimestamp: null name: controller-manager-role rules: - apiGroups: @@ -17,17 +16,7 @@ rules: - '*' resources: - deployments - verbs: - - '*' -- apiGroups: - - '*' - resources: - replicasets - verbs: - - '*' -- apiGroups: - - '*' - resources: - services verbs: - '*' @@ -53,17 +42,6 @@ rules: - admissionregistration.k8s.io resources: - mutatingwebhookconfigurations - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - admissionregistration.k8s.io - resources: - validatingwebhookconfigurations verbs: - create @@ -100,23 +78,8 @@ rules: - apps resources: - deployments - verbs: - - '*' -- apiGroups: - - apps - resources: - deployments/finalizers - verbs: - - '*' -- apiGroups: - - apps - resources: - replicasets - verbs: - - '*' -- apiGroups: - - apps - resources: - statefulsets verbs: - '*' @@ -148,25 +111,11 @@ rules: - get - apiGroups: - authorization.openshift.io + - rbac.authorization.k8s.io resources: - clusterrolebindings - verbs: - - '*' -- apiGroups: - - authorization.openshift.io - resources: - clusterroles - verbs: - - '*' -- apiGroups: - - authorization.openshift.io - resources: - rolebindings - verbs: - - '*' -- apiGroups: - - authorization.openshift.io - resources: - roles verbs: - '*' @@ -184,16 +133,9 @@ rules: - watch - apiGroups: - autoscaling.openshift.io + - machine.openshift.io resources: - machineautoscalers - verbs: - - delete - - get - - list - - patch -- apiGroups: - - autoscaling.openshift.io - resources: - machinesets verbs: - delete @@ -204,6 +146,7 @@ rules: - batch resources: - cronjobs + - jobs/status verbs: - create - delete @@ -218,43 +161,11 @@ rules: - jobs verbs: - '*' -- apiGroups: - - batch - resources: - - jobs/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - build.openshift.io resources: - buildconfigs - verbs: - - create - - delete - - get - - list - - patch - - watch -- apiGroups: - - build.openshift.io - resources: - buildconfigs/instantiate - verbs: - - create - - delete - - get - - list - - patch - - watch -- apiGroups: - - build.openshift.io - resources: - builds verbs: - create @@ -329,6 +240,7 @@ rules: - "" resources: - clusterversions + - rhmis verbs: - get - list @@ -337,56 +249,12 @@ rules: - "" resources: - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - configmaps/status - verbs: - - delete - - get - - patch - - update -- apiGroups: - - "" - resources: - - deployments - verbs: - - '*' -- apiGroups: - - "" - resources: - - endpoints - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - "" - resources: - events - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - namespaces + - secrets + - secrets/finalizers + - serviceaccounts + - services/finalizers verbs: - create - delete @@ -398,82 +266,39 @@ rules: - apiGroups: - "" resources: - - namespaces/finalizers + - configmaps/status verbs: - delete - get - - list - patch - update - - watch - apiGroups: - "" resources: + - deployments - persistentvolumeclaims - verbs: - - '*' -- apiGroups: - - "" - resources: - persistentvolumes - verbs: - - '*' -- apiGroups: - - "" - resources: - pods - verbs: - - '*' -- apiGroups: - - "" - resources: - pods/exec - verbs: - - '*' -- apiGroups: - - "" - resources: - pods/log verbs: - '*' - apiGroups: - "" resources: - - rhmis - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - secrets/finalizers + - endpoints verbs: - create - delete - get - list - - patch - update - watch - apiGroups: - "" resources: - - serviceaccounts + - namespaces/finalizers verbs: - - create - delete - get - list @@ -493,18 +318,6 @@ rules: - patch - update - watch -- apiGroups: - - "" - resources: - - services/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - custom.tekton.dev resources: @@ -515,25 +328,7 @@ rules: - dashboard.opendatahub.io resources: - acceleratorprofiles - verbs: - - create - - delete - - get - - list - - patch -- apiGroups: - - dashboard.opendatahub.io - resources: - odhapplications - verbs: - - create - - delete - - get - - list - - patch -- apiGroups: - - dashboard.opendatahub.io - resources: - odhdocuments verbs: - create @@ -584,13 +379,6 @@ rules: - datasciencepipelinesapplications.opendatahub.io resources: - datasciencepipelinesapplications/finalizers - verbs: - - get - - patch - - update -- apiGroups: - - datasciencepipelinesapplications.opendatahub.io - resources: - datasciencepipelinesapplications/status verbs: - get @@ -612,14 +400,6 @@ rules: - dscinitialization.opendatahub.io resources: - dscinitializations/finalizers - verbs: - - delete - - get - - patch - - update -- apiGroups: - - dscinitialization.opendatahub.io - resources: - dscinitializations/status verbs: - delete @@ -640,6 +420,7 @@ rules: - extensions resources: - deployments + - replicasets verbs: - '*' - apiGroups: @@ -652,12 +433,6 @@ rules: - list - patch - watch -- apiGroups: - - extensions - resources: - - replicasets - verbs: - - '*' - apiGroups: - features.opendatahub.io resources: @@ -695,11 +470,6 @@ rules: - image.openshift.io resources: - imagestreamtags - verbs: - - get -- apiGroups: - - image.openshift.io - resources: - registry/metrics verbs: - get @@ -713,24 +483,6 @@ rules: - list - patch - watch -- apiGroups: - - machine.openshift.io - resources: - - machineautoscalers - verbs: - - delete - - get - - list - - patch -- apiGroups: - - machine.openshift.io - resources: - - machinesets - verbs: - - delete - - get - - list - - patch - apiGroups: - machinelearning.seldon.io resources: @@ -741,41 +493,8 @@ rules: - maistra.io resources: - servicemeshcontrolplanes - verbs: - - create - - get - - list - - patch - - update - - use - - watch -- apiGroups: - - maistra.io - resources: - servicemeshmemberrolls - verbs: - - create - - get - - list - - patch - - update - - use - - watch -- apiGroups: - - maistra.io - resources: - servicemeshmembers - verbs: - - create - - get - - list - - patch - - update - - use - - watch -- apiGroups: - - maistra.io - resources: - servicemeshmembers/finalizers verbs: - create @@ -816,98 +535,17 @@ rules: - monitoring.coreos.com resources: - alertmanagerconfigs - verbs: - - create - - delete - - deletecollection - - get - - patch -- apiGroups: - - monitoring.coreos.com - resources: - alertmanagers - verbs: - - create - - delete - - deletecollection - - get - - patch -- apiGroups: - - monitoring.coreos.com - resources: - alertmanagers/finalizers - verbs: - - create - - delete - - deletecollection - - get - - patch -- apiGroups: - - monitoring.coreos.com - resources: - alertmanagers/status - verbs: - - create - - delete - - deletecollection - - get - - patch -- apiGroups: - - monitoring.coreos.com - resources: - - podmonitors - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - monitoring.coreos.com - resources: - probes - verbs: - - create - - delete - - deletecollection - - get - - patch -- apiGroups: - - monitoring.coreos.com - resources: - prometheuses - verbs: - - create - - delete - - deletecollection - - get - - patch -- apiGroups: - - monitoring.coreos.com - resources: - prometheuses/finalizers - verbs: - - create - - delete - - deletecollection - - get - - patch -- apiGroups: - - monitoring.coreos.com - resources: - prometheuses/status - verbs: - - create - - delete - - deletecollection - - get - - patch -- apiGroups: - - monitoring.coreos.com - resources: - prometheusrules + - thanosrulers + - thanosrulers/finalizers + - thanosrulers/status verbs: - create - delete @@ -917,11 +555,10 @@ rules: - apiGroups: - monitoring.coreos.com resources: - - servicemonitors + - podmonitors verbs: - create - delete - - deletecollection - get - list - patch @@ -930,48 +567,21 @@ rules: - apiGroups: - monitoring.coreos.com resources: - - thanosrulers - verbs: - - create - - delete - - deletecollection - - get - - patch -- apiGroups: - - monitoring.coreos.com - resources: - - thanosrulers/finalizers - verbs: - - create - - delete - - deletecollection - - get - - patch -- apiGroups: - - monitoring.coreos.com - resources: - - thanosrulers/status + - servicemonitors verbs: - create - delete - deletecollection - get + - list - patch + - update + - watch - apiGroups: - networking.istio.io resources: - envoyfilters - verbs: - - '*' -- apiGroups: - - networking.istio.io - resources: - gateways - verbs: - - '*' -- apiGroups: - - networking.istio.io - resources: - virtualservices verbs: - '*' @@ -1000,17 +610,6 @@ rules: - networking.k8s.io resources: - ingresses - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - networking.k8s.io - resources: - networkpolicies verbs: - create @@ -1060,15 +659,6 @@ rules: - operator.openshift.io resources: - consoles - verbs: - - delete - - get - - list - - patch - - watch -- apiGroups: - - operator.openshift.io - resources: - ingresscontrollers verbs: - delete @@ -1080,6 +670,7 @@ rules: - operators.coreos.com resources: - catalogsources + - operatorconditions verbs: - get - list @@ -1103,14 +694,6 @@ rules: - delete - get - patch -- apiGroups: - - operators.coreos.com - resources: - - operatorconditions - verbs: - - get - - list - - watch - apiGroups: - operators.coreos.com resources: @@ -1134,17 +717,6 @@ rules: - ray.io resources: - rayjobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - ray.io - resources: - rayservices verbs: - create @@ -1154,39 +726,10 @@ rules: - patch - update - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - verbs: - - '*' -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles - verbs: - - '*' -- apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - verbs: - - '*' -- apiGroups: - - rbac.authorization.k8s.io - resources: - - roles - verbs: - - '*' - apiGroups: - route.openshift.io resources: - routers/federate - verbs: - - get -- apiGroups: - - route.openshift.io - resources: - routers/metrics verbs: - get @@ -1234,17 +777,6 @@ rules: - serving.knative.dev resources: - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - serving.knative.dev - resources: - services/finalizers verbs: - create @@ -1267,72 +799,13 @@ rules: - serving.kserve.io resources: - clusterservingruntimes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - serving.kserve.io - resources: - clusterservingruntimes/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - serving.kserve.io - resources: - - clusterservingruntimes/status - verbs: - - delete - - get - - patch - - update -- apiGroups: - - serving.kserve.io - resources: - inferencegraphs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - serving.kserve.io - resources: - - inferencegraphs/status - verbs: - - delete - - get - - patch - - update -- apiGroups: - - serving.kserve.io - resources: - inferenceservices - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - serving.kserve.io - resources: - inferenceservices/finalizers + - predictors + - servingruntimes/finalizers + - trainedmodels verbs: - create - delete @@ -1344,88 +817,31 @@ rules: - apiGroups: - serving.kserve.io resources: + - clusterservingruntimes/status + - inferencegraphs/status - inferenceservices/status + - predictors/status + - trainedmodels/status verbs: - delete - get - patch - update -- apiGroups: - - serving.kserve.io - resources: - - predictors - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - serving.kserve.io resources: - predictors/finalizers + - servingruntimes/status verbs: - get - patch - update -- apiGroups: - - serving.kserve.io - resources: - - predictors/status - verbs: - - delete - - get - - patch - - update - apiGroups: - serving.kserve.io resources: - servingruntimes verbs: - '*' -- apiGroups: - - serving.kserve.io - resources: - - servingruntimes/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - serving.kserve.io - resources: - - servingruntimes/status - verbs: - - get - - patch - - update -- apiGroups: - - serving.kserve.io - resources: - - trainedmodels - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - serving.kserve.io - resources: - - trainedmodels/status - verbs: - - delete - - get - - patch - - update - apiGroups: - snapshot.storage.k8s.io resources: diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml index 592cb70dc65..3dcfb31f3e3 100644 --- a/config/webhook/manifests.yaml +++ b/config/webhook/manifests.yaml @@ -2,7 +2,6 @@ apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: - creationTimestamp: null name: validating-webhook-configuration webhooks: - admissionReviewVersions: diff --git a/pkg/cluster/zz_generated.deepcopy.go b/pkg/cluster/zz_generated.deepcopy.go index 722ec2e25fd..0bc3e0f557d 100644 --- a/pkg/cluster/zz_generated.deepcopy.go +++ b/pkg/cluster/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2023.